The New Normal: Taking Responsibility for Your Vendors
Safeguards against Data Security Breaches (Part One)
Christopher Garcia on Cyber Security
Well, the headlines don’t exactly work with the traditional tune, but blame the editor for that...
2013 was a busy year for California. We passed a budget with a surplus, let Kim and Kanye get engaged in one of our...more
Over the last several months, California has passed several new privacy and data protection laws that impact operators of websites, online services and mobile applications around the country, including a law establishing an...more
The California Legislature was unusually active this year. Significantly, California increased the state minimum wage, created new “unfair immigration-related practices,” and expanded protections for whistleblowers. All laws...more
The California Court of Appeal recently limited plaintiffs’ ability to state a claim under the California Medical Information Act (CMIA), Cal. Civ. Code §§ 56 et seq., and their ability to get statutory damages under the act....more
The U.S. District Court for the Central District of California recently upheld coverage under a commercial general liability policy for a hospital data breach that compromised the confidential medical records of nearly 20,000...more
In this issue:
- California Amends CalOPPA to Require Do-Not-Track Disclosures
- California’s Social Media “Eraser” Bill Becomes Law
- California Extends Security Breach Notification Requirements to...more
In a series of new bills amending existing California privacy laws, the State of California increases the protections presently provided to its residents by broadening the requirements for reporting breach of personal data;...more
Cities, counties, water agencies and school districts have some of our most personal information, including our date of birth, Social Security number, driver’s license number and medical information. This is the type of...more
Compliance, like many other aspects of the business world, is a balance of risks. Unfortunately, it often takes an organization being rebuked in some fashion before it realizes the importance of failure to be in compliance. ...more
In less than two months, when S.B. 46 becomes effective on January 1, 2014, California will extend its data breach notification requirements to a new area: individual online user accounts. Clients should take note of this...more
On October 21, Florida-based health insurer AvMed, Inc. (AvMed) settled a data breach class action lawsuit for $3 million, even though no plaintiffs in the class demonstrated that they had suffered identity theft or any other...more
First and foremost, this is Veterans’ Day in the US. Let’s take a moment to thank all of those who served and who still serve, and honor the memory of those who gave their all. Businesses are offering special deals to...more
Over the past two years, the U.S. Securities and Exchange Commission’s Division of Corporation Finance (Corp Fin) has highlighted the importance of cybersecurity disclosures in filings with the SEC. Corp Fin’s initiative...more
Already this year, hackers have perpetrated seven "mega breaches" (breaches involving over 1 million records each), compromising and exposing over 112 million total records. The average size of a data breach in the U.S. this...more
The European Parliament has finalized its version of the proposed Data Protection Regulation, which would substantially change personal data protection rules in the 31-country European Economic Area. The Parliament’s LIBE...more
Or….why are health care institutions still leaving laptops containing PHI unencrypted????
The Los Angeles Times (the “Times”) reported this week the theft of two laptops from an administrative office of hospital group...more
Perkins Coie's Privacy & Security practice maintains this comprehensive chart of state laws regarding security breach notification. The chart is for informational purposes only and is intended as an aid in understanding each...more
As part of a flurry of new privacy legislation, California Governor Jerry Brown signed two new data privacy bills into law on September 27, 2013: S.B. 46 amending California’s data security breach notification law and A.B....more
A computer hard drive containing private medical information for 16,000 patients at UCLA was stolen. One of the patients filed a class action lawsuit seeking $1,000 per patient ($16 million total) in statutory damages against...more
In an October 7th decision, the United States District Court for the Central District of California upheld coverage under a commercial general liability policy for a hospital data breach that compromised the records of nearly...more
Effective January 1, 2014, California residents must be notified when the information used to access their email or other online accounts is compromised in a data security breach incident.
On September 13, 2013, Manitoba joined Quebec, British Columbia and Alberta by enacting provincial private sector privacy legislation.
Once it comes into force, Manitoba’s Personal Information Protection and Identity...more
New security standards are scheduled to be released by the PCI Security Standards Council on November 7th. The updated standards are expected to require companies to protect credit-card terminals from physical tampering and...more
For the first time ever, a fine issued by the UK Information Commissioner’s Office (“ICO”) has been overturned on appeal. On 21 August 2013, the UK Information Rights Tribunal (“Tribunal”) handed down its preliminary decision...more
As of January 1, security breach notifications must be provided to consumers when certain account information is compromised.
On September 27, California Governor Jerry Brown signed into law Senate Bill No. 46 (S.B....more