Data Protection Personally Identifiable Information

News & Analysis as of

Report Lists Health Care Data Breaches by State

A new report issued by Safetica USA has organized data breaches affecting over 500 individuals that were self-reported to the Office for Civil Rights (OCR) in 2016 into a list by state and records exposed....more

Eighth Circuit Undoes Target Data Breach Settlement Class

The $10 million settlement class in the Target data breach case was unraveled by the Eighth Circuit Court of Appeals in a recent decision that will force the district court to address the impact of the Supreme Court’s...more

Notable New State Privacy and Data Security Laws – Part One

States aren’t static when it comes to data privacy and security laws. This is Part One of a two-part series about several new state privacy and data security laws that took effect within the last year. In this article,...more

Data Breach Notification Archive Made Publicly Available Online By Massachusetts Office Of Consumer Affairs

On January 3, 2017, the Massachusetts Office of Consumer Affairs and Business Regulation announced the online public availability of data breach notification records that it receives and maintains pursuant to the...more

WhatsApp security flaw, lawsuit in Germany

Tobias Boelter, a University of California Berkeley cryptography researcher claims that last year he found a security flaw in WhatsApp’s encrypted smart phone messaging application. The flaw, which relates to the unique...more

Business Cybersecurity: Two Recent Court Decisions Highlight the Need to Take Preemptive Action Against Data Breaches

Nowadays, the prudent business owner should be cognizant of cybersecurity and the public relations and legal costs that can arise from a data breach. By holding personal information of customers, employees, or anyone else,...more

Eighth Circuit Remands Proposed Settlement in Target Data Breach Class Action

The Eighth Circuit Court of Appeals has remanded a $10 million settlement in the Target data breach class action on the grounds that the district court had not rigorously analyzed the propriety of the class...more

Changes in Japan Privacy Law to Take Effect in Mid -2017; Key Regulator Provides Compliance Insights

Recent changes to Japan’s Act on the Protection of Personal Information and the establishment of a new Personal Information Protection Commission have raised questions about how the world’s third-largest economy plans to...more

Privacy Implications of President Trump’s Immigration Order

On Wednesday, January 25, President Donald J. Trump directed federal agencies, “to the extent consistent with applicable law,” to ensure that “their privacy policies exclude persons who are not U.S. citizens or lawful...more

Key HIPAA Settlement Agreements by HHS’s Office for Civil Rights in 2015 & 2016

The last time this blog presented an overview of key HIPAA settlement agreements at the Office for Civil Rights in the U.S. Department of Health and Human Services was a review of 2014. The number of complaints that year had...more

Happy Data Privacy Day! A Few Tips from the MVA Privacy and Data Security Group

Saturday January 28, 2017 is Data Privacy Day. The Moore & Van Allen Privacy and Data Security group took a break from the pre-holiday revelries to put together some thoughts and tips for DataPoints. So hoist a glass and...more

7th Circuit Rules No Class Action unless the Data is at Risk

A Time Warner customer filed a putative class action suit against it alleging that it violated the Cable Communications Privacy Act because it stored personal information of customers improperly. In particular, he alleged...more

Data Privacy Day? Yep, it’s a Thing.

For a number of years now, January 28 has been marked as “Data Privacy Day” (or, for our European friends, “Data Protection Day”), and it is often overlooked observed in the United States, Canada, India and many European...more

Mark Your Calendars: NY Cybersecurity Regulations to Go into Effect

A covered entity will need to arrange for someone to perform the CISO function, dedicate resources to conduct periodic risk assessments, develop and implement policies and procedures, and retain appropriate personnel and...more

Data Breaches: An Employer’s Duty to Protect Employees’ Personal Information

Recently, there has been much discussion about the Superior Court of Pennsylvania’s ruling in Dittman v. UPMC, which affirmed a lower court’s order dismissing an employee class action against their employer over a data...more

Employer Has No Legal Duty To Protect Employee Electronic Information

A court in Pennsylvania recently held that an employer does not have a legal duty to act reasonably in managing its computer systems to safeguard sensitive personal information collected from its employees, when the employer...more

Superior Court of Pennsylvania Affirms Rejection of Proposed Data Breach Class of UPMC Workers, Finding Hospital Owed No Duty to...

Affirming a lower court decision this blog discussed here, the Superior Court of Pennsylvania held January 12 that dismissal of a proposed data breach class action was proper, because the University of Pittsburgh Medical...more

Employer Did Not Owe Legal Duty to Protect Employees' Hacked Personal and Financial Records

University of Pittsburgh Medical Center (UPMC) maintained a human resource database containing current and former employees' names, dates of birth, social security numbers, tax information, addresses, salaries, and bank...more

PII Training Required for Government Contractors, Effective Jan. 19

Beginning January 19, federal government contracts will contain additional training requirements for contractors who deal with personally identifiable information (PII) or with a system of records....more

The Anthem Breach – A Retrospective

Many people and news outlets have opined, weighed in, and informed the public about the 2015 Anthem breach. It is still a hot topic in January 2017, because it currently lines up with other hot stories about hacking ordered...more

Alert: New Privacy Training Requirements for Companies with Federal Government Contracts

Effective January 19, 2017, companies awarded federal government contracts will be required to ensure that their employees receive annual privacy training if those employees (1) handle personally identifiable information...more

NY DFS Proposed Cybersecurity Regulations Revised and Implementation Delayed

We previously reported on the New York Department of Financial Services’ proposed cybersecurity regulations. During the public comment period, the DFS received over 150 comments. In response, the DFS announced on December 28,...more

U.S. Military Special Operations Command Workers’ Data Exposed by Vendor

Military personnel continue to be victimized by data breaches. This time, the personal information of healthcare workers employed by Potomac Healthcare Solutions (Potomac), who work for a U.S. Special Operations Command were...more

New York Department of Financial Services Revises Cybersecurity Proposal: Greater Flexibility and Delayed Compliance Deadlines

As we previously reported, in December 2016 the New York Department of Financial Services (the “DFS”) announced that it was revising its proposed regulation that would require banks, insurance companies and other financial...more

Three States Join Others to Expand Personal Information Definition to Include Usernames or Email Addresses

Businesses should take steps to protect usernames, email addresses, passwords, and security questions and answers. A key issue in determining whether notification is required following a data breach is whether...more

543 Results
|
View per page
Page: of 22
Popular Topics

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×