On November 2nd, New York Attorney General Eric T. Schneiderman announced his proposal of the SHIELD Act – Stop Hacks and Improve Electronic Data Security Act – a bill that would heighten data security requirements for companies and better protect New York residents from data breaches of
And Now, in Recent New York Cybersecurity Action…
New York State Governor Andrew Cuomo and the New York State Department of Financial Services (“DFS”) have been busy on the cybersecurity front. In a press release on September 18, 2017, building upon the state’s pride in its “first-in-the-nation” cybersecurity regulations that were passed earlier this year, (which we previously discussed on our blog and
Enhanced HHS HIPAA Breach Reporting Tool May Aid Health Care Industry Data Security Efforts
Secretary Tom Price of the U.S. Department of Health and Human Services (HHS) announced his agency needs “to focus more on the most recent breaches and clarify when entities have taken action to resolve the issues that might have led to their breaches.” Accordingly, HHS’ Office of Civil Rights has launched a revised web tool
Delaware: The Latest State to Amend its Data Breach Notification Law
Delaware joins the growing number of states that recently amended their data breach notification law. On August 17th, Delaware amended its data breach notification law with House Bill 180, the first significant change since 2005, effective 240 days after enactment (on or about April 14, 2018). 
Delaware maintains the state law trend
2-Year Statute of Limitations Applies to HIV Patient’s Privacy Suit
A New Jersey appeals court recently ruled that a two-year statute of limitations applies to a claim by an HIV-positive patient asserting one of his doctors improperly disclosed his medical status to a third party without consent. The three-judge Appellate Division panel rejected arguments by the doctor that the suit should be dismissed as time-barred
An Ounce of Data Breach Prevention…Address Attorney-Client Privilege in Your Breach Planning
Data breach “horror” stories have become a new staple in today’s business environment. The frequency of attacks which threaten (or compromise) the security of business networks and information systems continually increases — in the health care space alone (which holds the dubious honor of Most Likely To Be Attacked), a FBI and HHS’ Office for
Strengthening Data Security Through Human Resources and Information Technology Teamwork
Human Resources (“HR”) and information technology (“IT”) departments play unique and important roles within an organization. With instances of data breaches on the rise, however, companies should be mindful of the importance of regular communication and collaboration between employees in these departments with respect to issues of data security. Addressing such issues should not be
Six Tips to Consider in Hiring Privacy and Data Security Experts
Facing increasingly pervasive issues relating to privacy and data security companies are faced with what qualifications they should think about when looking to hire experts in these areas, and their role within the company is becoming increasingly vital. Moreover, unlike hiring for other positions it is common that a CEO lacks the knowledge and background
New Mexico Enacts Data Breach Notification Act
On April 6, 2017, New Mexico Governor Susana Martinez signed HB 15, making New Mexico the 48th state to enact a data breach notification law. The law has an effective date of June 16, 2017 and follows the same general structure of many of the breach notification laws in other states.
Importantly, the definition of
Virginia Responds to W-2 Phishing Scams with First of Its Kind Notification Requirement
As previously highlighted, in early February, the IRS issued a warning to all employers regarding the resurgence of a W-2 based cyber scam. Since the IRS warning, this type of scam has taken numerous victims. On February 15, 2017, Virginia Wesleyan College released a notice stating that the 2016 W-2 tax form information of