Data Breach

News & Analysis as of

Corporate Law & Governance Update - December 2016

EMPHASIS ON DIRECTOR EDUCATION - The board development committee may wish to reconsider its director education program for 2017 following two recent and unrelated developments. The first is a greater articulation of...more

U.S. Navy Announces Breach of 134,386 Sailors’ Information from Laptop of Vendor

The U.S. Navy has revealed that it has been notified by one of its vendors that a laptop of the contractor was the source of a data breach that compromised the names and Social Security numbers of 134,386 current and former...more

UMass Amherst Settles HIPAA Violations with OCR for $650,000

The Office for Civil Rights (OCR) has announced that the University of Massachusetts Amherst (UMass) has agreed to settle an investigation against it as a result of a malware infection for $650,000, along with implementing a...more

HHS Issues Warning About Phishing Campaign Disguised As Official Communication

As part of its efforts to assess compliance with the HIPAA Privacy, Security and Breach Notification Rules, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) engages in audits of covered...more

Study Finds Companies May Do Too Much For Data Breach Victims

A recent study at the University of Arkansas suggests that organizations should avoid doing too much for individuals affected by a data breach. That is, when organizations provide compensation to breach victims that exceeds...more

"Privacy & Cybersecurity Update - November 2016"

In this month's Privacy & Cybersecurity Update, we review an 11th Circuit case involving the longstanding battle between the FTC and medical company LabMD, recent NIST guidelines for securing devices connected to the...more

Data Breach Notification Laws: What to consider

Although Congress has attempted to agree on federal data breach notification legislation, there is no national data breach notification law that applies to most companies. Instead, 47 states, plus the District of Columbia,...more

A Failed Strategy: Another Derivative Action In A Data Breach Case Goes Down To Defeat

Dismissal Of Home Depot Derivative Action Extends Shareholder Losing Streak An attempt to impose liability on corporate officers and directors for data breach-related losses has once again failed. On November 30,...more

Privacy Tip #63 – NYC Concertgoers—You May Need to Check Your Bank Records

Madison Square Garden has announced that it has suffered a year-long data breach of debit and credit cards used at concession stands at Madison Square Garden, the Theater at Madison Square Garden, Radio City Music Hall, ...more

Data Security for Employers: An Update

Employers store, manage, and share sensitive data about employees. The Navigator and other commentators have written a lot about issues related to personally identifiable information, health-related data, and employee...more

New FTC Data Breach Response Guidelines

Cybersecurity should always be at the top of any retailer’s priority list—and even more so as the holiday shopping season gets underway. To that end, the Federal Trade Commission’s newly-released Data Breach Response...more

New California AG Appointed with Possibilities for Privacy Enforcement

With the election of current California Attorney General Kamala Harris to the U.S. Senate, Governor Jerry Brown was tasked with appointing her replacement. On December 1, he announced that his pick is U.S. Representative...more

OCR Alerts Listservs About Fake Phishing Email to Covered Entities and Business Associates

On November 28, 2016, the Office for Civil Rights (OCR) issued an Alert to its listservs that a phishing email is being circulated on “mock HHS Departmental letterhead under the signature of OCR”s Director, Jocelyn Samuels”...more

Lessons from Adobe’s State AG Data Breach Settlement

Last month, several state Attorneys General announced a $1M settlement with Adobe Systems, Inc. in connection with a 2013 data incident involving the personal information of roughly 534,000 consumers. The 15 Attorneys General...more

House Energy & Commerce Committee Holds Hearing on Security of the Internet of Things

The growing scale of cybersecurity concerns is prompting action from government leadership on the federal level. Before the Thanksgiving recess, the House’s Committee on Energy and Commerce got in on the act when two of its...more

FTC Publishes Data Breach Response Guidelines

Whether resulting from a planned cyberattack or mere carelessness, data breaches are on the rise. In 2015, 781 data breaches were reported across the United States, with the average breach costing $3.8 million. In 2016, the...more

Cybersecurity 2017 – The Year in Preview: Emerging Security Threats

Editor’s note: This is the fourth in a continuing end-of-year series. See our previous posts on trade secrets, state regulation and law enforcement, and HIPAA compliance. Our last two posts will focus on the energy...more

Privacy Perils: Choose Your "Friends" Wisely - Thought Leadership - Bass Berry

By press release on Monday, November 14, 2016, adult website operator Friend Finder Network, Inc. (FFN) confirmed it was addressing "a security incident involving certain customer usernames, passwords and email addresses."...more

Keep Reading: Standing Affirmed, but Barnes & Noble Data Breach Class Action Halted

It was about time for data breach defendants to get a win. The District Court for the Northern District of Illinois delivered one to Barnes & Noble in its long-running class action that stems from a breach suffered in 2012....more

Retirement Plans Incur Data Breaches; ERISA Council Addresses Cyber Risks

Until relatively recently, retirement plans have not made the news as targets of data breaches. This is somewhat surprising, given the wealth of participants’ personal data stored online by these plans. This past summer,...more

The FTC Faces an Embarrassing Set-Back in its Data Security Enforcement Authority as the LabMD Saga Continues

On November 10th, the Eleventh Circuit Court of Appeals handed an embarrassing defeat to the Federal Trade Commission and an early Christmas present to LabMD, Inc. in the ongoing David and Goliath battle between the...more

NIST Releases Comprehensive Cyber Security Guidelines for the Internet of Things

As the Internet of Things continues to grow and expand, the fact that guidance on security measures and protections is a necessity has become increasingly evident. Recently, the National Institute of Standards and Technology...more

FTC Announces New Guidance on Ransomware

On November 10, 2016, the U.S. Federal Trade Commission (FTC) released new guidance for businesses and consumers on the impact of, and how to respond to ransomware. Ransomware is a form of malicious software that infiltrates...more

More on HIPAA Audits for 2016 and 2017–Desk Audits and On-Site Audits

As part of the ongoing HHS OCR HIPAA audit initiative, it is conducting “HIPAA desk audits.” These audits don’t involve auditors coming in your facility. Instead, covered entities are being asked to submit documents on...more

Implementing the GDPR: What You Need to Know

Data protection procedures will require an overhaul for any company that offers goods and services, or tracks individuals, in the EU under the European General Data Protection Regulation (GDPR) to take effect from 25 May...more

2,678 Results
|
View per page
Page: of 108
JD Supra Readers' Choice 2016 Awards

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×