For healthcare providers and health systems covered by the privacy and security regulations under the Health Insurance Portability and Accountability Act (HIPAA), a breach of unsecured protected health information (PHI) likely triggers obligations to notify affected individuals, the federal Office of Civil Rights (OCR), potentially the media and other entities. The breach also may require

Though enforcement of the California Privacy Rights Act (CPRA) which amended the California Consumer Privacy Act (CCPA) has been paused for now, the State of California is not resting when it comes to compliance with the CCPA.

On July 14, 2023, California’s Attorney General announced an “investigative sweep” regarding compliance with the CCPA.

A proposal by Indiana’s Attorney General Curtis Hill on Wednesday would add a significant step in the incident response process for responding to breaches of security affecting Indiana residents. On Wednesday, during a U.S. Chamber of Commerce virtual event, he announced his proposed rule designed to better protect Hoosiers from cyberattacks. It is expected that

Possibly adding to the list of states that have updated their privacy and breach notification laws this year, the Illinois legislature passed Senate Bill 1624 which would update the state’s current breach notification law to require most “data collectors,” which includes entities that, for any purpose, handle, collect, disseminate, or otherwise deal with nonpublic personal

UPDATE: The changes to the Massachusetts data breach notification law described below are now in effect. Thus, if you have discovered a data incident involving the personal information of Massachusetts residents you will want to review these changes carefully – they are significant and the Commonwealth is intent on educating the public about them. Because

Add Washington D.C. Attorney General Karl A. Racine’s recent data security legislative proposal – the Security Breach Protection Amendment Act of 2019 – to the growing list of states and jurisdictions across the country seeking to strengthen privacy and security protections around personal information.

Proposed in response to major data breaches, a frequent catalyst to

The Garden State has been updating its data privacy and security laws and you may be wondering why. On October 28, 2018, Attorney General Gurbir S. Grewal and the New Jersey State Police the New Jersey announced statistics on the effects of data breaches in 2017 on New Jersey residents. Based on that report, here

Happy Data Privacy Day from the Jackson Lewis Privacy, Data and Cybersecurity Team!

In Honor of National Privacy Day, we are focused on what is sure to be one of the hottest issues of 2019 and present our FAQs for employers on the California Consumer Privacy Act (CCPA).

As you know, data privacy and security