News & Analysis as of

State Legislatures React To Latest Health Data Breaches By Updating State Data Breach Notification Laws And Encryption...

Recent, large-scale breaches of health information have served to highlight the fact that federal agencies have only rarely assessed penalties against companies as a result of these breaches, while many states do not have...more

Premera Cyber-Attack Announced: Defining Your Obligations as an Employer

On March 17, 2015, Premera announced a data breach involving the personal information of more than 11 million individuals resulting from what it characterized as a sophisticated, targeted cyber-attack. Employers and plan...more

Montana Tweaks Data Breach Statute

The Big Sky Country’s data breach statute is going to see some small changes come October. On Feb. 27, 2015 Montana Governor Steve Bullock signed H.B. 74 into law, amending the state’s data breach notification statute. Among...more

White House Introduces Discussion Draft of Consumer Privacy Bill of Rights

Although most states have enacted some form of data privacy and breach notification laws, and certain federal statutory schemes cover specific industry sectors, there are no privacy protections for all personal data. Given...more

Reps. Burgess, Blackburn and Welch Release Data Breach Bill

On Thursday, March 12, 2015, House Energy & Commerce Subcommittee on Commerce, Manufacturing, and Trade Chairman Michael Burgess (R-TX), along with Reps. Marsha Blackburn (R-TN) and Peter Welch (D-VT), released draft text of...more

State Data Breach Notification Law Updates

State legislatures are not waiting for Congressional action on a national data breach notification standard. Montana — Montana has amended its 10-year old breach notification law (see Mintz Matrix) to expand the...more

Wyoming Amends Data Breach Statute, Increases Scope of PII and Notice

The scope of PII and data breach notice just got a lot bigger in Big Wyoming. Wyoming Governor Matt Mead signed two bills into law on March 2 amending the state’s data breach notification statute. The bills – S.F. 35 and S.F....more

Federal Court Decision Demonstrates Ongoing Challenges Faced by Plaintiffs in Data Breach Litigation

On February 11, 2015, the U.S. District Court for the Southern District of Texas dismissed a class action complaint against the St. Joseph Health System arising out of a data security breach that occurred after hackers...more

More Than Employers Bargained For? Do Union Employees Have a Right to Bargain Over Company Data Breaches?

These days most employers manage a vast amount of electronic information about their employees, including the employees’ personal identifying information. But, what obligations do employers have to unionized employees with...more

Eye on Privacy Newsletter - February 2015

In this issue: - Privacy and Data Security in Transactions: What's the Deal? - Consumer and Financial Institution Class Actions Survive Motions to Dismiss in Target Data Breach Litigation - California Amends...more

Advertising Law - February 2015 #3

FCC Chair Announces New Net Neutrality Regs - The battle over net neutrality took a new turn when Federal Communications Commission Chairman Tom Wheeler announced his intention to reclassify broadband service as a...more

Employers with Group Health Plans: Have You Notified State Regulators of the Breach?

Data security breaches affecting large segments of the U.S. population continue to dominate the news. Over the past few years, there has been considerable confusion among employers with group health plans regarding the...more

Preparing for a Data Breach – What to Know about Breach Notification

Data breaches are at the forefront of the news, and many companies, including those dominant in the health care industry, have found themselves front and center in the headlines. Although recent news stories have focused...more

Financial Industry Backs Cybersecurity, Data Breach Notification Legislation

Why it matters - The financial industry has thrown its support behind data breach notification legislation as well as passage of a law that would encourage businesses to share cyberthreat information. Data security...more

The White House Calls for Action Where Congress Has Failed to Deliver - An In-Depth Analysis of President Obama’s January 2015...

In This Issue: - The President’s Plan for Securing Cyberspace - The President’s Plan for Safeguarding American Consumers and Families - Conclusion - Excerpt from The President’s Plan for Securing...more

FAQs by Employers Regarding the Anthem Breach

Do we have any legal obligations under HIPAA? It depends on your contractual relationship with Anthem and whether the group health plan offered by your company is self-insured. If your company’s group health plan is...more

Responding to the Anthem Cyber Attack

Anthem Inc. (Anthem), the nation's second-largest health insurer, revealed late on Wednesday, February 4 that it was the victim of a significant cyber attack. According to Anthem, the attack exposed personal information of...more

The Anthem Breach: What Affected Group Plans Should Be Thinking About

The massive data breach announced this week by health insurer Anthem, with up to 80 million consumer records exposed (including Social Security numbers, birthdays, e-mail addresses and employment-related data), brings a...more

Energy & Commerce Subcommittee Holds Hearing on Data Security and Breach Notification; FTC Releases “Internet of Things” Report

Tuesday, the House Energy & Commerce Subcommittee on Commerce, Manufacturing, and Trade held its first hearing of the 114th Congress, entitled “What Are the Elements of Sound Data Breach Legislation?”...more

Data Breach Notification Law Even Applies to You, California Employer

Months before the well-publicized Sony catastrophe, California passed Assembly Bill 1710, which was signed into law on September 30, 2014, and became effective on January 1, 2015. The most discussed part of this new law...more

Dear Lawmakers, Your New Breach Notice Laws Should Address These Issues

The days of companies being so afraid of the reputational impact of a breach that they would look for any way possible to avoid disclosure are gone. The pendulum has swung in the opposite direction. Now companies, often in...more

President Obama Proposes Legislation Requiring Businesses to Notify Customers of Data Security Breaches Within 30 Days

In a speech given before the Federal Trade Commission (FTC) on Monday, January 12, President Obama proposed federal legislation that would impose a nationwide standard on companies that experience a data security breach. The...more

State Data Breach Notification Laws

The general definition of “personal information” or “PI” used in the majority of statutes is: An individual’s first name or first initial and last name plus one or more of following data elements: (i) Social Security number,...more

Data Breach Plaintiffs Survive Dismissal Against Target

Target’s 2013 data breach has generated over 100 consumer lawsuits, which were consolidated last year before the U.S. District Court for the District of Minnesota. On December 18, 2014, Judge Paul A. Magnuson issued a...more

California Data Breaches Require Identity Protection Services

California has long set the standard for protection of its residents’ personal information. California’s constitution explicitly recognizes a right to individual privacy and California’s legislature has been on the forefront...more

124 Results
|
View per page
Page: of 5