The Maryland General Assembly has recently amended its Maryland Personal Information Protection Act, House Bill 974, effective January 1, 2018. Notable amendments expand the definition of personal information, modify the definition of breach of the security of the system, provide a 45-day timeframe for notification, allow alternative notice for breaches that enable an individual’s
An Ounce of Data Breach Prevention…Address Attorney-Client Privilege in Your Breach Planning
Data breach “horror” stories have become a new staple in today’s business environment. The frequency of attacks which threaten (or compromise) the security of business networks and information systems continually increases — in the health care space alone (which holds the dubious honor of Most Likely To Be Attacked), a FBI and HHS’ Office for
Strengthening Data Security Through Human Resources and Information Technology Teamwork
Human Resources (“HR”) and information technology (“IT”) departments play unique and important roles within an organization. With instances of data breaches on the rise, however, companies should be mindful of the importance of regular communication and collaboration between employees in these departments with respect to issues of data security. Addressing such issues should not be
Company Awarded Damages After Former Employee Hacks Its Systems and Hijacks Its Website
A company can recover damages from its former employee in connection with his hacking into its payroll system to inflate his pay, accessing its proprietary files without authorization and hijacking its website, a federal court ruled. Tyan, Inc. v. Yovan Garcia, Case No. CV 15-05443- MWF (JPRx) (C.D. Cali. May 2, 2017).
The Defendant
BTI Names Jackson Lewis one of the Top Cybersecurity Firms
The BTI Law Firms Best at Cybersecurity 2017, a report issued by the BTI Consulting Group (pdf), lists Jackson Lewis as one of the country’s top law firms for cybersecurity and data privacy. The report was compiled “based solely on in-depth telephone interviews with leading legal decision makers,” representing more than 15 different industry segments
New Mexico Enacts Data Breach Notification Act
On April 6, 2017, New Mexico Governor Susana Martinez signed HB 15, making New Mexico the 48th state to enact a data breach notification law. The law has an effective date of June 16, 2017 and follows the same general structure of many of the breach notification laws in other states.
Importantly, the definition of
Virginia Responds to W-2 Phishing Scams with First of Its Kind Notification Requirement
As previously highlighted, in early February, the IRS issued a warning to all employers regarding the resurgence of a W-2 based cyber scam. Since the IRS warning, this type of scam has taken numerous victims. On February 15, 2017, Virginia Wesleyan College released a notice stating that the 2016 W-2 tax form information of
NY Attorney General Schneiderman Settles Data Breach Investigation
New York State Attorney General Eric T. Schneiderman announced a settlement with Acer Service Corporation (a Taiwanese computer manufacturer) relating to the NYSAG’s investigation of a breach of Acer’s data. The data breach, first reported in June, 2016, involved data for over 35,000 customers throughout the United States, Canada and Puerto Rico, including 2,250 customers
The White House’s Revisions to its Breach Response Policy For Federal Agencies and Departments Also Affect Contractors
On January 3, 2017, the Obama Administration issued a memorandum to all executive departments and agencies setting for a comprehensive policy for handling breaches of personally identifiable information (the “Memorandum”), replacing earlier guidance. Importantly, the Memorandum also affects federal agency contractors as well as grant recipients.
The Memorandum is not the first set of guidance
Study Finds Companies May Do Too Much For Data Breach Victims
A recent study at the University of Arkansas suggests that organizations should avoid doing too much for individuals affected by a data breach. That is, when organizations provide compensation to breach victims that exceeds the victims’ expectations it could backfire. Those victims may become suspicious, thinking the organization has something to hide, which could have