State legislatures are not waiting for Congressional action on a national data breach notification standard.
Montana — Montana has amended its 10-year old breach notification law (see Mintz Matrix) to expand the...more
By now (unless you have been under a snow drift), you have likely heard about the apparent intrusion into a database at the nation’s largest health insurer, Anthem, Inc. Rather than reiterate the facts as currently known...more
Welcome to the first Privacy Tuesday of 2015!
We hope that you enjoyed our 12 Days of Privacy series (and if you missed it, they are all linked in the right column of the blog…).
Three things that you should...more
sing it with me now….
Five Golden Rules…….(well, five new privacy laws/requirements)
There are five significant new privacy laws/amendments that will be effective as of New Year’s Day — January 1, 2015 — and...more
Here are three privacy stories to start your week -
1. Dear “financial institution” : how is your data security?!
Senator Elizabeth Warren (D-Mass) announced (press release) that on November 18 the Senator...more
Welcome to Privacy Tuesday – here are five privacy & security bits and bytes to start your week:
1) California AG’s Data Breach Report: Who Is Handling Your Patients’ Confidential Health Information? -
Welcome to the first Tuesday in November — don’t forget to vote tomorrow!
Chip-and-Pin Not Likely “Cure-All” -
There is good news in the world of retail data breaches: US merchants are finally moving away from...more
Happy autumnal equinox
Home Depot Breach – By the Numbers:
- 56 million cards at risk (compare to Target = 40 million)
- $62 million in estimated costs (compare to Target =$146 million and...more
Back to school, back to traffic jams … back to Privacy Mondays! Our look at bits and bytes and goofs and gaffes in data privacy and security....more
It appears that the data breach victim of the week (perhaps of the year) is The Home Depot. Brian Krebs has reported that it appears that two large dumps of purloined credit card numbers have made an appearance on the black...more
There is another retail data breach to talk about in this Privacy Tuesday post – privacy & security bits and bytes to start your week....more
We are just two Mondays away from Labor Day, the traditional end of summer in the United States. Here are some privacy tidbits to get your week started. See especially Jake Romero’s piece on the new Delaware data...more
A breach of this nature is reportable under the breach notification laws in both California and Florida, as recently amended: “Personal Information” includes user name or email address, in combination with a password or...more
There are quite a few privacy-related things taking effect July 1. Some reminders:
Florida Amendments to Data Breach Notification Law -
The Florida Information Protection Act of 2014 (“FIPA”) takes effect...more
DC Update from Politico Morning Tech -
“DATA BREACH DRAFT DELAYED – The thorny issue of FTC enforcement has slowed efforts to release a draft of Rep. Lee Terry’s data breach bill, according to sources close to the...more
Another busy week in the privacy/security world. We have some bits and bytes to start your week:
Verizon 2014 Data Breach Investigation Report – Something Old, Something New -
Verizon is out with its 2014...more
Last week, the U.S. Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) released a Risk Alert announcing its Cybersecurity Initiative....more
Happy Cinco de Mayo!
Breaking news this Privacy Monday: The fallout from the massive Target Corporation data breach continues. This morning, the Target board announced that Chief Executive Officer Gregg Steinhafel...more
What's the one thing every company's data security program must include? That's the question we put recently to experts in the field, knowing that, especially after Heartbleed, the diversity of responses would create an...more
The general definition of “personal information” or “PI” used in the majority of statutes is: An individual’s first name or first initial and last name plus one or more of following data elements: (i) Social Security number,...more
As our readers know, we maintain a summary of the US state data breach notification laws, which we refer to as the “Mintz Matrix.” We update the Mintz Matrix on a quarterly basis, or more frequently if developments dictate....more
There has been so much news swirling in the data privacy and security world in the last few days, that it has been difficult to keep up. We’ll give you a roundup here....more
Last week was certainly the “week of the Heartbleed.” Unless you have been on vacation on a remote island (and if so, good for you!), you have heard and read much about the latest mass bug to infect the Internet....more
The FTC’s Claim -
A New Jersey federal judge has confirmed the Federal Trade Commission’s (“FTC”) authority to regulate data security and bring claims against companies suffering data breaches due to inadequate...more
The vulnerability caused by the Heartbleed bug circumvents the purpose of OpenSSL: encryption. Therefore, the conclusion would appear to be that any data breach during the time of OpenSSL vulnerability would be reportable...more