Notice to Connecticut Attorney General now required following data breaches affecting state residents.
Continue Reading Connecticut Amends Data Breach Notification Statute; Notice to Attorney General Now Required
Connecticut Attorney General Establishes Privacy Task Force
Newly created Privacy Task Force in Connecticut may lead to increased enforcement.
Continue Reading Connecticut Attorney General Establishes Privacy Task Force
Connecticut Becomes Sixth State to Prohibit Use of Credit Report Information in Making Employment Decisions
Connecticut joins five other states (Hawaii, Illinois, Oregon, Washington, and Maryland) in limiting what credit report information employers may use in making hiring or employment decisions.
Continue Reading Connecticut Becomes Sixth State to Prohibit Use of Credit Report Information in Making Employment Decisions
Wondering What To Do With Your “Electronic Waste”?
A new law in New York (eff. April 1, 2011) and a flurry of bills across the country (New Jersey, Nevada, Florida, Connecticut and Oregon) are aimed at requiring businesses to deal with their electronic waste in one form or another. Before discarding that old laptop, businesses should make sure they do so securely and in accordance with applicable state law.
Continue Reading Wondering What To Do With Your “Electronic Waste”?
Connecticut Insurance Department Settles Health Net Data Breach
What had been the first use of the enforcement authority under the HIPAA privacy regulations granted to a State Attorney General, has ended in a settlement agreement between Connecticut’s Insurance Department and Health Net of Connecticut. Under the agreement, Health Net will pay $375,000 in penalties, and it agreed to provide credit monitoring protection for 2 years to all affected persons in Connecticut
Connecticut Insurance Commissioner Announces Data Breach Notification Mandate
On August 18, 2010, the Connecticut Insurance Commissioner issued Bulletin IC-25 which mandates that entities within its jurisdiction notify the Department of Insurance of any "information security incident." This post provides a brief summary of this new requirement.
Who must provide the notice?
The Bulletin applies to all licensees and registrants of the Department. This generally means all entities
WISPs Beyond Massachusetts
Over the past few months, many businesses, particularly in the Northeast Region, have been focusing on creating a written information security program (WISP) to comply with Massachusetts identity theft regulations that went into effect March 1, 2010. For many, this has been a significant effort, reaching most, if not all, parts of their organizations. However
Dealing with Data Breaches: Health Net Suit Highlights Need for Effective Security Incident Procedures and Training
As we have discussed before, data breach notification is one of the most rapidly emerging areas of law. Good security incident procedures as well as effective training can help avoid the risk of data breach. (Sample data breach training).
A case in point: Connecticut’s Attorney General has filed a civil action against Health Net
Health Net’s Data Breach Highlights Need for Privacy Officer with Clear Job Description
Health Net Inc., one of the nation’s largest publicly traded managed health care companies, recently notified authorities and informed affected persons, with a statement on its website, that the unencrypted personal information of 1.5 million current and former members, stored on a portable disk drive, is missing from the company’s Connecticut office. The company
Electronic Health Records: The Work to Build a Health Information Technology Infrastructure Begins
In a key step toward developing a proposed U.S. health information technology (HIT) infrastructure, the Centers for Medicare & Medicaid Services has announced that Iowa’s Medicaid program is the first to receive federal matching funds for planning activities necessary to implement the electronic health record (EHR) incentive program established by the American Recovery and Reinvestment