Encryption

News & Analysis as of

PCI SSC Releases Version 3.1 of Data Security Standard

On April 15, 2015, the Payment Card Industry Security Standards Council (the “PCI SSC” or “Council”) released a new version of its Data Security Standard (“PCI DSS”), version 3.1, which contains numerous updates including,...more

2015 BakerHostetler Incident Response Report Deeper Dive—Retailer Liability Arising from Stolen Payment Cards

We released the inaugural BakerHostetler Data Security Incident Response Report, which provides insights generated from the review of more than 200 incidents that our attorneys advised on in 2014. Over the next four weeks, we...more

How Difficult is it to Break Encryption?

Whether it’s in discussions of public policy or discussions of best practices, encryption is all the rage right now. ...more

Congress Talks Encryption

The Information Technology Subcommittee of the Committee on Government Oversight and Reform of the US of House of Representatives last Wednesday held a hearing on encryption technology and potential US policy responses....more

The Nevada Data Breach Law

Nevada, like most states, has a data security statute that addresses what to do when there’s a data breach. Here’s a quick summary of the Nevada law, which is found at N.R.S. § 603A.010 et seq, “Security of Personal...more

The Arizona Data Breach Law

Almost all U.S states have laws about data security and what to do when there’s a data breach. Here is what’s in the Arizona law. Who The Law Applies To. The law applies to anyone who conducts business in Arizona and...more

Legal Departments: New PCI DSS Requirements Mandatory in June

PCI Council publishes new PCI Data Security Standard Version 3.1 and provides very short time to implement new encryption standards. The PCI Council just published a new version of the PCI Data Security Standard (PCI...more

Data Encryption and Its Potential Effect on Litigation and Discovery

In September 2014, Apple introduced a new mobile-operating system called iOS8. iOS8 offers enhanced data-encryption protection to Apple users and the content stored on their mobile devices. Apple's advancements in...more

Data breach class action suit against Horizon Blue Cross dismissed

Late last week, a federal court judge in New Jersey dismissed a putative class action lawsuit against Horizon Blue Cross for a data breach involving two unencrypted laptops that were lost in 2013. The case alleged that close...more

Is Your Company Ready to Comply with Encryption of Individually Identifiable Health Information?

New Jersey’s new data privacy standard, signed into law as S. 562 by Gov. Chris Christie on January 9, requires health insurance carriers that are authorized to issue health benefit plans in New Jersey to protect individually...more

From the Sublime to the Ridiculous

Is your security encryption obsolete? Have you even considered its age? Do you have the deadline for its expiration? Will a deadline reminder pop up to prompt you to update the encryption software?...more

State Legislatures React To Latest Health Data Breaches By Updating State Data Breach Notification Laws And Encryption...

Recent, large-scale breaches of health information have served to highlight the fact that federal agencies have only rarely assessed penalties against companies as a result of these breaches, while many states do not have...more

Washington State Poised to Set the Bar for Data Encryption Standards and Breach Notification

On March 4, 2015, Washington State’s House of Representatives passed HB 1078, which would significantly tighten Washington’s current data breach notification requirements, currently codified at RCW 19.255.010. The bill has...more

The Madness of Big Data

To take a break from pure e-discovery, we wanted to focus on something fun. Now that Selection Sunday is behind us, it is time to get down to the important business of filling out brackets for the NCAA Division 1 Men’s...more

State Data Breach Notification Law Updates

State legislatures are not waiting for Congressional action on a national data breach notification standard. Montana — Montana has amended its 10-year old breach notification law (see Mintz Matrix) to expand the...more

New Jersey Imposes Unique Encryption Requirements

Effective August 1, 2015, New Jersey will require health insurance carriers authorized to issue health benefit plans in New Jersey to encrypt personal information that they store electronically....more

States Respond to Recent Breaches with Encryption Legislation

In the wake of recent breaches of personally identifiable information (PII) suffered by health insurance companies located in their states, the New Jersey Legislature passed, and the Connecticut General Assembly will consider...more

HIPAA Compliant Technology and the Importance of Encryption

We welcome this guest blog by Gene Fry, Compliance Officer, Scrypt, Inc. The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for protecting sensitive patient data. This means that any...more

Cyber Risk as a Regulatory Issue: Tales of Encryption

Spurred by the prescient reporting found in this space (and, just maybe, by the Anthem data breach, which occurred a week later), insurance regulators have recently engaged in a flurry of regulatory activity relating to cyber...more

Secure Sockets Layer (SSL) 3.0 Encryption Declared “No Longer Acceptable” to Protect Data

On Friday, February 13, 2015, the Payment Cards Industry (PCI) Security Standards Council (Council) posted a bulletin to its website, becoming the first regulatory body to publicly pronounce that Secure Socket Layers (SSL)...more

Locke Lord QuickStudy: Attention, Health Insurers: Unique Encryption Requirements in NJ

Setting a new standard for encryption, New Jersey has enacted a new law (P.L. 2014, c. 88, codified at N.J. Stat. Ann. §§ 56:8-196 - 56:8-198) effective August 1, 2015, requiring health insurance carriers authorized to issue...more

PCI Council: SSL Will No Longer Be Sufficient for E-Commerce

In the latest edition of the PCI Council’s Assessor Newsletter, the Council previewed a proposed change related to the use of Secure Socket Layer (SSL) protocol for encrypting communications between your website’s e-commerce...more

Beyond HIPAA: New Jersey Law Requires Encryption of Personal Data by Health Insurance Carriers

In response to data breaches that have occurred across the United States, several of which involved the theft of laptop computers, beginning August 1, 2015, health insurance carriers in New Jersey will be obligated to do more...more

Privacy Tuesday - January 2015

Good Tuesday – The East Coast prepares for Apocalypse (Sn)ow. In the meantime, here are three privacy-related tidbits for your day. Privacy Concerns Cause Scale Back of Release of HealthCare.gov Data - We...more

Alert: Five Ways to Reduce Your HIPAA Liability

As of early December 2014, 1,170 security breaches under the Health Insurance Portability and Accountability Act (HIPAA) involving 31 million records had been reported to the U.S. Department of Health and Human Services (HHS)...more

80 Results
|
View per page
Page: of 4

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.
×