Data Breach

News & Analysis as of

Iowa Adds AG Data Breach Notice Requirement

On April 3, Iowa Governor Terry Branstad signed SF 2259, which amends the state’s data breach notice law to add a requirement that businesses that experience a data breach notify the state attorney general’s office within...more

Heartbleed Won’t Bring Cardiac Arrest for Ediscovery

How do you stop a security professional’s heart from beating? Two words: security breach. In today’s “Internet of Everything” environment, the impact of a security breach can be felt around the world and back again…in...more

Iowa Breach Notification Law Now Requires AG Notification, Applies to Paper Records

Iowa recently joined an increasing number of states that require notification of state regulatory authorities following a breach, as well as a handful of states in which paper records can trigger notification obligations....more

Kentucky Becomes 47th State with a Data Breach Notification Law

On April 10, 2014, Kentucky became the 47th state to enact breach notification legislation. Under the new law, companies that conduct business in Kentucky and hold consumer data of Kentucky residents will now be required to...more

Kentucky Becomes The 47th State To Enact A Data Breach Notification Law

Kentucky is now the 47th state with a data breach notification law, a development that should be of interest not only to Kentucky-based entities, but also to entities that do business in Kentucky and have personal information...more

Heartbleed: What to do now

Hardly a day passes now without some new report of a security vulnerability with inevitable breaches that follow, but Monday’s news about the two-year old vulnerability in OpenSSL is (or should be) catching everyone’s...more

Privacy Tuesday – April 14, 2014: Heartbleed Headaches

Last week was certainly the “week of the Heartbleed.” Unless you have been on vacation on a remote island (and if so, good for you!), you have heard and read much about the latest mass bug to infect the Internet....more

With OpenSSL Compromised by Heartbleed, an Opportunity for Companies to Diversify Cyber Security Efforts

The recent discovery of the “Heartbleed” online bug has sent shockwaves through the internet, causing companies and individuals alike to question very basic assumptions about cyber security. The bug has allegedly existed for...more

Take Action to Stop the Bleeding: Follow These Steps

“Heartbleed” has been all over the news, and companies have been scrambling to respond. What sounds like a nasty medical condition is actually a recently discovered flaw in popular encryption software called OpenSSL. It has...more

FTC Data Security Authority Confirmed, For Now: Wyndham’s Motion to Dismiss Denied

The FTC’s Claim - A New Jersey federal judge has confirmed the Federal Trade Commission’s (“FTC”) authority to regulate data security and bring claims against companies suffering data breaches due to inadequate...more

Will Heartbleed Affect Data Breach Insurance Coverage?

Although it is a widespread exploit that has been undetected for two years, whether or not a CGL policy covers data breaches allowed by Heartbleed should turn, simply, on whether the policy covers data breach at all...more

Heartbleed Bug Creates Risk for Businesses and Consumers

On April 8, 2014, several news agencies, including the New York Times and CNN, reported the discovery of a vulnerability in a core security protocol used by an estimated two-thirds of the world’s servers. The vulnerability...more

Kentucky Enacts Data Breach Notification Statute

On April 10, 2014, Kentucky Governor Steve Beshear signed H.B. 232 into law, making Kentucky the 47th state to enact data breach notification legislation. Prior to H.B. 232, Kentucky was one of only four states—including...more

Aggressive Liability Theory Does Not Eliminate Obstacles To Banks’ Claims In Target Data Breach Class Action

The latest salvo in the Target data breach litigation is a class action brought by credit card issuing banks advancing a creative and somewhat misleading construction of the Minnesota’s Plastic Card Security Act. The banks...more

“Heartbleed” Bug – Antibiotics Won’t Help, Changing Passwords Might

After recovering from high-profile data breaches at Target and Neiman Marcus, signing up for free credit monitoring and analyzing our credit reports, a new Internet villain recently emerged: the “Heartbleed Bug.” The...more

Bitter C-Suite: Privacy, Security and Data Protection Issues Facing Corporations, Directors and Officers [Video]

With data breaches, cyberterrorism and governmental enforcement of the protection of privacy on the rise, corporations are facing an increased likelihood of claims, legal proceedings and costs. Without a proper understanding...more

Heartbleed - A Picture Is Worth A Thousand Words

We mentioned in our prior post the potential legal issues that The Heartbleed Bug will create from the standpoint of data breach and safe harbor, especially given the prospect of compromised keys. A number of people, however,...more

Heartbleed SSL/TLS Vulnerability

"SSL" and "TLS" refer to the transport protocols that are used widely across the web to secure communications between end users and servers. Websites, web applications, online services, portals, and even some virtual private...more

Many Lessons for Companies to Learn After the Target Data Breach

The red bull’s-eye. Even shoppers that don’t frequent Target know the retailer’s ubiquitous logo. But what many holiday shoppers — both loyal Target customers and casual visitors to the trendy discount store — didn’t...more

The Heartbleed Lesson for All Companies? Manage the Risk...

Threats to data privacy are not going away, but establishing appropriate security measures up-front, performing regular stress-tests on a security system, putting in place procedures to address a data breach and implementing...more

Agencies Issue Denial of Service Guidance and Guidance on ATMs

On April 3, the members of the Federal Financial Institutions Examination Council (FFIEC), including the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union...more

First Glance: Legal Implications of the Heartbleed OpenSSL Bug?

The vulnerability caused by the Heartbleed bug circumvents the purpose of OpenSSL: encryption. Therefore, the conclusion would appear to be that any data breach during the time of OpenSSL vulnerability would be reportable...more

Canada’s Digital Privacy Rethink: Fines, Enforceable Compliance Agreements And More!

On April 8, 2014, Canada’s government introduced Bill S-4, the Digital Privacy Act, in the Senate. Bill S-4 is the federal government’s latest attempt to reform the federal Personal Information Protection and Electronic...more

Banks Withdraw Lawsuits Against Target and Trustwave

UPDATE to our story yesterday: In what apparently is a big “oops,” two banks that took legal action against Target over its recent data breach have withdrawn their claims. The suits were withdrawn due to an erroneous...more

BYOD for 501(c)s: Pros and Perils of "Bring Your Own Device"

In this presentation: - Current Issues - Overview of BYOD Policies - Integrating BYOD in Your Workforce - Lessons from the Front Lines - Putting It All Together - Takeaways and...more

517 Results
|
View per page
Page: of 21