On November 2nd, New York Attorney General Eric T. Schneiderman announced his proposal of the SHIELD Act – Stop Hacks and Improve Electronic Data Security Act – a bill that would heighten data security requirements for companies and better protect New York residents from data breaches of
breach
Delaware: The Latest State to Amend its Data Breach Notification Law
Delaware joins the growing number of states that recently amended their data breach notification law. On August 17th, Delaware amended its data breach notification law with House Bill 180, the first significant change since 2005, effective 240 days after enactment (on or about April 14, 2018).
Delaware maintains the state law trend…
2-Year Statute of Limitations Applies to HIV Patient’s Privacy Suit
A New Jersey appeals court recently ruled that a two-year statute of limitations applies to a claim by an HIV-positive patient asserting one of his doctors improperly disclosed his medical status to a third party without consent. The three-judge Appellate Division panel rejected arguments by the doctor that the suit should be dismissed as time-barred…
Maryland Amends Personal Information Protection Act
The Maryland General Assembly has recently amended its Maryland Personal Information Protection Act, House Bill 974, effective January 1, 2018. Notable amendments expand the definition of personal information, modify the definition of breach of the security of the system, provide a 45-day timeframe for notification, allow alternative notice for breaches that enable an individual’s…
New Mexico Enacts Data Breach Notification Act
On April 6, 2017, New Mexico Governor Susana Martinez signed HB 15, making New Mexico the 48th state to enact a data breach notification law. The law has an effective date of June 16, 2017 and follows the same general structure of many of the breach notification laws in other states.
Importantly, the definition of…
Virginia Responds to W-2 Phishing Scams with First of Its Kind Notification Requirement
As previously highlighted, in early February, the IRS issued a warning to all employers regarding the resurgence of a W-2 based cyber scam. Since the IRS warning, this type of scam has taken numerous victims. On February 15, 2017, Virginia Wesleyan College released a notice stating that the 2016 W-2 tax form information of…
Top 10 for 2017 – Happy Data Privacy Day
In honor of Data Privacy Day, we provide the following “Top 10 for 2017.” While the list is by no means exhaustive, it does provide some hot topics for organizations to consider in 2017.
1. Phishing Attacks and Ransomware – Phishing, as the name implies, is the attempt, usually via email, to obtain sensitive or…
DoD Updates Cyber Incident Reporting Rule
…
Smaller HIPAA Breaches To Get More Attention by Office for Civil Rights
The HIPAA breach notification rule has two buckets for classifying data breaches – those that involve “protected health information” (PHI) of 500 or more individuals and those that involve fewer than 500 individuals. Since the breach notification rule became effective, the Office of Civil Rights’ (OCR) focus has been on the 500 and over bucket.…
Pokémon GO – Next Stop: Regulation & Litigation
As everyone is aware, the Pokémon GO craze has taken the world by storm in the past month. Reports estimate there have been over 75 million downloads of the digital game since the program became available on July 6. Apple has not issued any concrete numbers, but has confirmed that it was the most downloaded…