The first massive data breach of 2015 hit one of the country’s largest insurance issuers, Anthem, Inc., including Anthem Blue Cross and Blue Shield and other related entities (Anthem). The incident reportedly affected over 80 million persons who are or were covered under a policy or program insured or serviced by Anthem. The personal note
New York Attorney General Seeks Stonger Data Breach Notification Law and Data Security Safeguards
Earlier this month, the New York Attorney General Eric T. Schneiderman announced a legislative proposal that would strengthen protections for private information by expanding the state’s breach notification law to cover e-mails, passwords and health data, require companies to implement data security measures, and notify consumers and employees in the event of a breach. If
FTC Announces “Concrete Steps” for IoT Privacy and Security
As the vast array of internet-connected devices mushrooms, and technologies permit those devices to communicate with one another, calls for privacy and security can be heard. On the heels of a recent victory in the ongoing LabMD case, the Federal Trade Commission (FTC) announced yesterday “concrete steps” businesses can take to enhance the privacy
Healthcare Providers and Business Associates: Don’t Ignore the Insider Threats
News reports of security risks, hackings and breaches caused by individuals, terror groups or even countries around the world certainly are important and can be unsettling. But, for many organizations, including healthcare providers and business associates, a significant and perhaps more immediate area of data risk rests with an organization’s workforce members. An organization’s information
President Obama to Call For National Data Breach Notification Law and Other Cybersecurity Measures
About two years ago, President Obama signed an executive order on the date that he delivered his State of the Union address which directed certain federal agencies to develop voluntary standards for achieving cybersecurity. Preparing for his 2015 State of the Union address, Bloomberg and other news outlets are reporting this morning that President Obama
Indiana Attorney General Enforces HIPAA For First Time – Another Lesson for Small Business
As we reported, state Attorneys General have authority to enforce the privacy and security regulations under the Health Insurance Portability and Accountability Act (HIPAA), pursuant to the authority granted under the Health Information Technology for Clinical and Economic Health (HITECH) Act. Shortly after announcing plans to seek legislation requiring stronger protections for personal and
Indiana Joins a Growing List of States Seeking to Tighten Data Security and Data Breach Notification Requirements in 2015
As we reported, there are a number of signs pointing to a significant tightening of regulation and increased enforcement of data security mandates. Following efforts in New Jersey, New York and Oregon, Indiana Attorney General Greg Zoeller announced his office is seeking legislation that would better protect the online personal and financial information
Data Security in 2015 for Banks, HIPAA Covered Entities, and Small Businesses Too
Some have called 2014 the “Year of the Data Breach.” That may be true given the steady stream of large-scale data breaches affecting tens of millions of individuals. We do not know if this time next year commentators will be saying the same thing about 2015, but there are signs pointing to a
“Employees Must Be Permitted To Use Company Email for Statutorily Protected Communications” -NLRB
We reported earlier that the National Labor Relations Board had been considering changing its previous position that “employees have no statutory right to use the[ir] Employer’s e-mail system for Section 7 purposes.” The NLRB’s position in this regard was established in 2007, under the NLRB’s ruling in Register Guard. Today, in Purple Communications Inc.
Postal Workers Union Complains to NLRB About Post Office Data Breach
After being hit with a data breach, the last thing a company might want is the scrutiny of the union representing its employees affected by the incident. When the data breach potentially affecting hundreds of thousands of United States Postal Service employees was reported, it was not long after that the American Postal Workers