Today the White House issued a Cybersecurity Legislative Proposal. The proposed legislation focuses on protecting the American people, the nation’s critical infrastructure, and the federal government’s computers and networks. While legislation of this nature would simplify the breach reporting process for businesses, and overall streamline cybersecurity laws, a number of legislative attempts to do this have previously
California and Massachusetts Legislatures Push Data Breach and Security Bills
In distinct efforts to strengthen data security requirements, the California and Massachusetts legislatures recently passed bills affecting data breach notification requirements and data security notification, respectively.
On April 14, 2011, the California senate approved S.B. 24, requiring California businesses and agencies to notify the state attorney general if more than 500 California residents
HHS Settlement Follows Enforcement Fine
In a uniquely timed second showing of enforcement authority, the Department of Health and Human Services (HHS) announced on February 24, 2011 a one million dollar settlement with a Massachusetts hospital that allegedly breached patient data. This settlement announcement comes only days after HHS announced a 4.3 million dollar HIPAA Privacy Rule fine. The
U.S. Bank Hit with Class Action Suit Alleging Data Breach Cover-Up
Paintball Punks filed a class action suit against U.S. Bank in Hennepin County, Minnesota. The case was subsequently removed on December 6, 2010, to the Minneapolis District Court. In the complaint, Paintball Punks alleges that between August and December 2009 it received 9 orders totaling approximately $11,000, which were fraudulently billed to U.S. Bank-issued cards. The amount
No Claim For Data Breach Damages Absent Financial Loss or Tangible Injury
In another favorable decision for companies, the Maine Supreme Court ruled on September 21, 2010 that consumers affected by a data breach could not claim damages from the company unless they suffered uncompensated financial losses or some other tangible injury.
The Maine Supreme Court addressed the following:
In the absence of physical harm or economic loss
Peer-To-Peer (P2P) File Sharing Data Breaches Lead to FTC Action
Nearly 100 organizations have been notified by the Federal Trade Commission (“FTC”) that personal information, including sensitive employee and customer data, shared from the organizations’ computer networks is available on peer-to-peer (P2P) file-sharing networks. This, the FTC warned, could be used to commit identity theft or fraud. The notices went to both private and public entities, including
Dealing with Data Breaches: Health Net Suit Highlights Need for Effective Security Incident Procedures and Training
As we have discussed before, data breach notification is one of the most rapidly emerging areas of law. Good security incident procedures as well as effective training can help avoid the risk of data breach. (Sample data breach training).
A case in point: Connecticut’s Attorney General has filed a civil action against Health Net
Public Employers Wrestle With Data Breaches
The State of Minnesota has been smacked with a number of privacy-related district court lawsuits recently.
The most recent dispute arose after the state of Minnesota hired a Texas-based company, Lookout Services to perform E-Verify services for state employees as part of a U.S. Department of Homeland Security program to ensure that all employees of the state and its