In yet another example of its focus on imposing greater data security accountability, the New York Attorney General (“NYAG”) recently announced a significant settlement with Marymount Manhattan College (“the College”). The settlement stems from a data breach to which the College was subject in 2021. Following an investigation, which, according to the NYAG, revealed inadequacies
encryption
North Carolina Prohibits Public Sector Entities from Paying Ransom in a Ransomware Cyberattack
Organizations attacked with ransomware have a bevy of decisions to make, very quickly! One of those decisions is whether to pay the ransom. Earlier this year, I had the honor of contributing to a two-part series, entitled Ransomware: To pay or not to pay? (Part 1 and Part 2). Joined by Danielle Gardiner…
California Amends Its Data Breach Notification Law…Again
Under this most recent change to California’s breach notification laws (California Civil Code sections 1798.29 and 1798.82), which takes effect January 1, 2017, businesses and agencies subject to the laws can no longer assume that notification is not required when the personal information involved in the breach is encrypted.
Under current California law, notification of…
Dwolla Fined $100,000 by CFPB in First Data Security Enforcement Action
The Consumer Financial Protection Bureau (“CFPB”) gave the fintech online payment sector a “wake up call” with an enforcement action against a Des Moines start up digital payment provider, Dwolla, Inc. (“Dwolla”).
The CFPB alleged that Dwolla misrepresented how it was protecting consumers’ data. Dwolla entered into a Consent Order to settle the CFPB charges…
HIPAA Covered Entities Not Responsible For Intercepted Transmission of PHI When Individual Requested Unsecured Transmission, Office for Civil Rights Concludes
Earlier this month, the Office for Civil Rights (OCR) issued guidance on an individual’s right to access the individual’s health information. That an individual has a broad right to access has been recognized in the HIPAA privacy regulations since they became effective in 2003. OCR has found, however, that individuals are facing obstacles to accessing…
Stolen Laptops = HIPAA Settlements Totaling Nearly Two Million Dollars
Unencrypted laptop computers and other mobile devices pose significant risks to the security of patient information, reminds the U.S. Department of Health and Human Services Office for Civil Rights (OCR) in its announcement yesterday that it collected $1,975,220 from two entities collectively to resolve potential violations of the Health Insurance Portability and Accountability Act (HIPAA)…
California AG Report Announces Enforcement Priority for Breaches Involving Unencrypted Data
California Attorney General issues data breach report and announces enforcement priority to investigate breaches involving unencrypted personal information.
Continue Reading California AG Report Announces Enforcement Priority for Breaches Involving Unencrypted Data