Earlier this month, the New York Attorney General Eric T. Schneiderman announced a legislative proposal that would strengthen protections for private information by expanding the state’s breach notification law to cover e-mails, passwords and health data, require companies to implement data security measures, and notify consumers and employees in the event of a breach. If
Attorney General
Strengthened Florida Data Breach Notification Law Signed by Governor Scott
As we reported earlier, Florida lawmakers passed extensive revisions to its existing data breach notification law, SB 1524. On June 20, 2014, Florida’s Governor Rick Scott signed the bill into law, which becomes effective on July 1, 2014.
Our earlier post provides more of a discussion about key provisions of the law. But…
Florida Legislature Seeks to Overhaul Existing Data Security Law
On the heels of recent nationwide data breaches of consumer personal information, the Florida State Senate has proposed SB 1524, which if adopted will become effective on July 1, 2014, to revamp and replace existing state data security law and, in particular, impose a statutory requirement to safeguard personal information, reporting a breach to…
Iowa Amends Its Breach Notification Law, Attorney General Notification Required For Breaches Affecting More Than 500 Iowans
Iowa made changes to its breach notification law (Iowa Code § 715C.1 et seq.) when the state’s Governor, Terry Branstad, signed S.F. 2259 into law. The amendment makes the following key changes which become effective July 1, 2014:
- The existing law applies to “computerized” personal information. The amendment clarifies that this includes personal
…
California AG Report Announces Enforcement Priority for Breaches Involving Unencrypted Data
California Attorney General issues data breach report and announces enforcement priority to investigate breaches involving unencrypted personal information.
Continue Reading California AG Report Announces Enforcement Priority for Breaches Involving Unencrypted Data
OCR Issues Protocol For HIPAA Privacy, Security and Breach Notification Audit Program
As we previously discussed, the Office of Civil Rights (“OCR”) continues to push forward with the HIPAA audits required by the HITECH Act. To this end, the OCR recently posted the protocol which is used to conduct the HIPAA audits on its website.
The HITECH Act requires HHS to provide for periodic audits to…
Connecticut Amends Data Breach Notification Statute; Notice to Attorney General Now Required
Notice to Connecticut Attorney General now required following data breaches affecting state residents.
Continue Reading Connecticut Amends Data Breach Notification Statute; Notice to Attorney General Now Required
Vermont Strengthens Data Breach Notification Requirements
14-day Attorney General notice and other amendments to Vermont’s Security Breach Notice Act further complicate data breach response.
Continue Reading Vermont Strengthens Data Breach Notification Requirements
HHS Makes HIPAA Training Materials Available to State Attorneys General
Federal HIPAA enforcement agency adds new online tool to train State Attorneys General to enforce HIPAA.
Continue Reading HHS Makes HIPAA Training Materials Available to State Attorneys General
Massachusetts Company Fined $15,000 Under State’s Data Security Law
The Massachusetts AG’s enforcement of its data security law demonstrates that it does not take lightly the loss of Massachusetts residents’ personal information, even if that loss has not caused any known harm to the affected residents, and that it may remain watchful over the subject of an investigation for years to come.
Continue Reading Massachusetts Company Fined $15,000 Under State’s Data Security Law