At the end of March, Washington, D.C. signed the Security Breach Protection Amendment Act of 2019, which adds some significant changes to D.C.’s existing data breach law, first enacted in 2007. The law is projected to take...more
Report on Patient Privacy 20, no 5. (May 2020) - Ambry Genetics, based in Aliso Viejo, California, has reported a data breach involving nearly 233,000 people. In its statement, the company said it identified “unauthorized...more
Arizona-based Banner Health has agreed to settle for up to $6 million a class action case filed against it following a 2016 incident that compromised the personal information of 3 million individuals....more
We know we told you yesterday about the Equifax settlement and how you could make a claim in connection with the breach. Well, consumers whose personal information was compromised in Equifax’s massive 2017 data breach are in...more
Many readers have reached out to learn about the Capital One data breach and how it affects us. If you haven’t been watching the story unfold as closely as I have, here is a summary of what happened, what information was...more
Equifax has agreed to pay $575 million to settle consumer as well as state and federal regulatory claims for its 2017 data breach. This is the largest data breach settlement to date. ...more
Part of the 2018 Economic Growth, Regulatory Relief, and Consumer Protection Act (which amended the Fair Credit Reporting Act) included a provision requiring credit reporting agencies (CRAs) to provide free electronic credit...more
Massachusetts’ breach notice law has been amended, requiring companies who suffer a data breach to provide more information to the Attorney General about the incident. The law will go into effect in a month, on April 11,...more
As of April 11, 2019, Massachusetts will require organizations suffering a data breach that involves a resident’s social security number to provide credit monitoring services (CM Services) at no cost to the resident. If the...more
The Governor of Massachusetts has just signed into law amendments to the state’s data breach notification law. The amendments will go into effect April 11, 2019. Under the amended law, companies whose breaches involve Social...more
There is a little-known provision from a new federal law that will most likely impact your hiring practices and your standard hiring documents—and it kicked in last Friday. As of September 21, all employers must update their...more
The Federal Trade Commission has announced that, beginning today, consumers concerned about identity theft or data breaches can place credit freezes and one year fraud alerts with the three nationwide credit bureaus for free....more
Organizations are not generally required to offer services to consumers whose information was involved in a breach. Nonetheless, many organizations choose to offer credit reports (i.e., a list of the open credit accounts...more
In an age where data is widely available and almost everything is stored online, data breaches are becoming more common, and the outcomes of cases involving data breaches are unpredictable. Data involved in a breach can range...more
Phishing. Spoofing. - These words may sound silly, but for employers, they are anything but. Phishing is the attempt to obtain sensitive electronic information—such as usernames, passwords, or financial...more
A bi-partisan privacy and data security bill, which will significantly impact companies with North Carolina employees, is in the works. North Carolina State Representative Jason Saine (R), Appropriations Chairman of...more
A North Carolina bill designed to strengthen the state’s data breach notification statute could radically change incident response. Through the Act to Strengthen Identity Theft Protections, North Carolina could quickly become...more
Citing to estimates in 2017 “more than 5.3 million North Carolinians were … affected by a data breach,” Attorney General Josh Stein and Rep. Jason Saine announced on January 8 proposed legislation aimed at protecting state...more
On December 1, PayPal disclosed that an ongoing investigation into identify security vulnerabilities identified a data breach that may have compromised personally identifiable information for roughly 1.6 million customers at...more
Blue Cross Blue Shield of Florida (Florida Blue) has announced that 475 applications for insurance were backed up to the cloud, on an unsecured cloud server, by an unaffiliated agent of Real Time Health Quotes, and exposed...more
As we all know, over the past few years there have been a host of data breaches by entities that most of us expected would safeguard that information. The latest loss of roughly 150 million Americans' personal information is...more
The Equifax breach is not the biggest in terms of the number of people affected (the 2016 Yahoo breach compromised data associated with over 500 million user accounts compared to the 143 million people affected by the Equifax...more
In light of recent high-profile breaches of highly sensitive data, this is a good time to remind individuals of how to protect their identity and credit information....more
On August 17, 2017, Delaware amended its personal information protection law, Delaware Code Title 6, Chapter 12B. The amendment becomes effective 240 days after enactment or March 14, 2018. The amended law significantly...more
The best way for a company to handle a data breach is to be prepared. As we discuss in our data breach readiness handbook, preparation includes, among other things, drafting an incident response plan, reviewing...more