Ohio

Stolen Databases Obtained In Transaction Leads to $400K Settlement with PA and OH Attorneys General

By Joseph J. Lazzarotti on February 17, 2023

Posted in California Consumer Privacy Act, Data Breach Notification, Data Security, Incident Response Planning, Information Risk, Transactions

This post deals with another data breach, yes, hackers were able to compromise the organization’s systems and exfiltrate personal information relating to over 45,000 Pennsylvania and Ohio residents. However, there are several important takeaways from this case, including cybersecurity in corporate transactions, data retention and destruction, and incident response planning.

According to the Assurance of…

Ohio Introduces CCPA-like Consumer Privacy Bill

By Delonie A. Plummer on August 30, 2021

Posted in California Consumer Privacy Act, Consumer Privacy, Data Security

Consumer privacy issues are as a hot as ever, and on the radar of the state and federal legislature alike. Following in the footsteps of California, and most recently Virginia and Colorado, Ohio introduced a comprehensive consumer privacy bill, the Ohio Personal Privacy Act (the “Act”). By introducing the Act, Ohio follows the growing nation-wide…

Utah is the 2nd State to Create a Safe Harbor for Companies Facing Data Breach Litigation

By Joseph J. Lazzarotti, Jason C. Gavejian & Maya Atrakchi on April 7, 2021

Posted in Consumer Privacy, Data Breach Notification, Data Security, HIPAA, Identity Theft, Incident Response Planning, Information Risk, Written Information Security Program

Utah Military and Veteran Benefits | The Official Army Benefits Website In mid-March, Utah Governor Spencer Cox signed into law the Cybersecurity Affirmative Defense Act (HB80) (“the Act”), an amendment to Utah’s data breach notification law, creating several affirmative defenses for persons (defined below) facing a cause of action arising out of a breach of system security, and establishing the requirements for asserting such…

Privacy and Cybersecurity Issues to Watch in 2019

By Joseph J. Lazzarotti & Jason C. Gavejian on January 8, 2019

Posted in Big Data, Consumer Privacy, Data Security, e-Communication, GDPR, HIPAA, Identity Theft, Information Management, Information Risk, Online Privacy, Telephone Consumer Protection Act, Uncategorized, Workplace Privacy, Written Information Security Program

Privacy and cybersecurity risks continue to emerge for organizations large and small. While by no means exhaustive, we briefly discuss some key issues that organizations may need to focus on in 2019 and beyond.

Business Email Compromise (BEC)/Email Account Compromise (EAC) – BEC and EAC attacks are widespread and show no sign of slowing in…

Cautionary Tale for Health Care Providers Subject to HIPAA – Don’t Forget State Law

By Joseph J. Lazzarotti & Marlo Johnson Roebuck on April 26, 2011

Posted in HIPAA

This recent Michigan case makes clear that when handling protected health information, HIPAA is not the only game in town. Health care providers also must consider state law protections which, as this and other courts have held, will trump HIPAA when the state laws are more protective.
Continue Reading Cautionary Tale for Health Care Providers Subject to HIPAA – Don’t Forget State Law

Keylogging–Jurisdictions at Odds Over Privacy Concerns

By Jason C. Gavejian on May 13, 2010

Posted in Monitoring, Workplace Privacy

Keystroke logging (or “keylogging”) is the noting (or logging) of the keys struck on a computer keyboard. Typically, this is done secretly, so the keyboard user is unaware his activities are being monitored.

Several cases throughout the country have examined an employer’s use of keylogging. Recently, the Criminal Court of the City of New York held …

Workplace Privacy, Data Management & Security Report