Personally Identifiable Information

News & Analysis as of

California Amends Its Breach Notification Statute

For the third time in as many years, California has once again amended its breach notification statute. This time it expanded the definition of “personal information,” clarified the term “encryption,” and mandated additional...more

California Passes Four Bills Amending Breach Notification Law and Requiring Warrant to Access Digital Data

Last week was a big one for California’s privacy regime. In a landmark move, Governor Jerry Brown signed into law four bills further protecting Californians’ privacy rights: three strengthen the state’s data breach...more

“My, what beautiful eyes you have . . .” – Biometric Data and Privacy

Biometric data – obviously not in just the movies anymore. It is alive, well, and increasingly being used in our everyday society. But, on September 23, 2015, when the Office of Personnel Management revealed that fingerprint...more

School Districts to Undergo Cybersecurity Audit

Missouri Auditor Nicole Galloway recently announced plans to conduct cybersecurity audits of five school districts. Coinciding with National Cybersecurity Awareness Month, the audits are intended to reveal how school...more

Proactive Approach To Cybersecurity: Recent SEC guidance and enforcement actions suggest that reactive firms may be in the SEC’s...

In an environment where even the largest and most powerful corporations have fallen victim to data breaches, it can be challenging to fathom how to protect against the sophisticated and ever-evolving threat of cyber attacks....more

Data Breaches Are Not Academic: Colleges and Universities Should Take Appropriate Steps To Avoid or at Least Minimize Their...

Data breaches at colleges and universities are on the rise. These institutions are targets because their networks have access to a large amount of private information, including educational and medical records, as well as...more

Is Your HIPAA Compliance Program Ready for the FTC?

Everyone in healthcare knows that the next round of HIPAA audits is coming. Covered entities and business associates have long been advised to review and update their HIPAA security risk analyses, have business associate...more

California Amends Definition of Personal Identifiable Information and Breach Notification Content Requirements

On October 6, 2015, California Governor Jerry Brown signed into law several changes to California’s Data Breach Notification Statute. The law, as amended, adds additional categories of information into the definition of...more

VA OIG reports patient data at risk with vendor

The Department of Veterans Affairs’ Office of Inspector General recently issued a report, following a complaint that the VA Palo Alto Health Care System put veterans’ health information at risk when it allowed personnel of a...more

Privacy Tip #4—What do I do when I get a letter informing me of a data breach?

We’ve all gotten them–the dreaded letter that informs us that our data has been compromised, including our Social Security number. Some have received so many of these “notifications” that they are de-sensitized, throw their...more

6,400 American Bankers Association members’ usernames and passwords compromised

Late last week, the American Bankers Association disclosed that its computer systems had been compromised exposing thousands of members’ personal information. The hacking occurred through its website’s shopping cart tool,...more

Scottrade announces data breach affecting 4.6M customers

Scottrade, a retail brokerage firm, announced late last week that it suffered an intrusion by cyber hackers who stole client contact information of 4.6 million customers. The intrusion occurred between late 2013 and early...more

Investment Adviser Settles SEC Cybersecurity Enforcement Action; SEC Issues Investor Alert

On September 22, the U.S. Securities and Exchange Commission (“SEC”) and R.T. Jones Capital Equities Management, Inc. (“R.T. Jones”), a St. Louis-based investment adviser, settled charges that R.T. Jones failed to adopt...more

Court Grants Standing Against Coca-Cola Employer for Breach of Employee Information

The decision does not change the law on what is necessary to prove standing, although it does reinforce the notion that a plaintiff will have standing if he or she can allege a concrete injury. In the latest in a slew of...more

SEC Brings First Cybersecurity Enforcement Proceeding in Wake of Risk Alert

Highlights Areas of High Risk and Examination Priorities for Financial Industry Firms - On September 15, the U.S. Securities and Exchange Commission’s (SEC’s) Office of Compliance, Inspections and Examinations (OCIE),...more

The SEC Opens Up a New Front in the Cybersecurity Wars

For the last few years, the SEC has been issuing guidance as to appropriate cybersecurity policies and procedures for financial firms. In a move that signal’s the regulator’s willingness to put muscle into its cybersecurity...more

SEC Fines Investment Firm $75,000 for Failing to Adopt Written Cybersecurity Policies and Procedures

Investment firm R.T. Jones Capital Equities Management (R.T. Jones) has agreed to settle with the Securities and Exchange Commission (SEC) and pay a $75,000 penalty over charges that it failed to adopt written policies and...more

Effects of Schrems Ruling on International Internal Investigations

In a recent landmark decision, Maximillian Schrems v. Data Protection Commissioner, Europe’s highest court struck down a US-EU agreement that allowed companies to move personal electronic data between the European Union and...more

OIG Report Finds CMS’s MIDAS System Needs Improvement in Information Security Controls

On September 14, 2015, the OIG released a Public Summary Report finding that although CMS had implemented controls to secure the Multidimensional Insurance Data Analytics System (MIDAS) and consumer personally identifiable...more

New Delaware Act Requires Online Privacy Policy for Websites

A new privacy law requires companies to make specific statements about what information is collected on its website. Like California, it also requires that companies state in writing whether they respect “Do Not Track”...more

Trump Hotel Collection Confirms Year-Long Data Breach

Trump Hotel Collection, the high-end hotel chain owned by the billionaire Republican presidential hopeful and real estate developer Donald Trump, has confirmed a data security breach involving malware that the company says...more

Investment Adviser and SEC Agree to Settle Charges Arising out of Failure to Adopt Written Cybersecurity Policies Required by the...

The SEC charged investment adviser R.T. Jones with willfully violating the Safeguards Rule by failing to adopt written policies and procedures designed to protect customer records and information. The Safeguards Rule requires...more

CFPB Information Security Remains a Challenge

The Office of the Inspector General (OIG) has released the “2015 list of major management challenges” faced by the CFPB that the OIG believes will hamper the CFPB’s ability to accomplish the CFPB’s strategic objectives. Like...more

Defense Contractors – Under the DOD’s Interim Rule, It Is Time Once Again To Update Your Data Breach Response Plans

In an interim final rule published on October 2, another layer has been added to the compliance landscape for defense contractors. In addition to complying with breach notification requirements in as many as 47 different...more

SEC Ramps up Cybersecurity Scrutiny With Examination Priorities and an Enforcement Action

Why it matters - Signaling that it will continue to increase its scrutiny of firms' cybersecurity readiness, the Office of Compliance, Inspections and Examinations of the Securities and Exchange Commission (SEC) issued a...more

1,058 Results
View per page
Page: of 43

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.