At its December meeting, the Federal Communications Commission approved a Report and Order modifying its data protection rules. The order expands the scope of protected data to include personally identifiable information....more
The 2021 edition of BakerHostetler’s annual Data Security Incident Response Report – a report based on the firm’s experience with data security incident response and litigation over the past year – features a number of...more
The French data protection authority CNIL has received 3,767 data protection complaints since EU’s General Data Protection Regulation (GDPR) came into effect on May 25, 2018. According to CNIL this is a 64 percent increase...more
On April 10, 2014, Kentucky Governor Steve Beshear signed H.B. 232 into law, making Kentucky the 47th state to enact data breach notification legislation. Prior to H.B. 232, Kentucky was one of only four states—including...more
Last week a small New England bakery announced that its point-of-sale (POS) devices were infected with malware that may have put card data at risk....more
A federal Magistrate has recommended dismissal with prejudice of all of the cardholder plaintiffs’ claims against payment processor Global Payments, Inc. in a widely-reported data breach case....more
"Sweeping changes" is how Leon Rodriquez, of the Department of Health and Human Services Office of Civil Rights (OCR), characterized the effect of the final omnibus Health Insurance Portability and Accountability Act (HIPAA)...more
Modifications to the rules require action by group health plan sponsors and their vendors, including revisions to policies and procedures and new privacy notices. On January 17, the Office for Civil Rights of the U.S....more
The final regulations from Department of Health and Human Services Office of Civil Rights (OCR) containing modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules (Omnibus Rule) have finally...more