Almost all U.S. states and territories have enacted breach notification laws requiring private and/or government entities to notify individuals when their personal information is compromised. These laws vary, and much has been written about the challenges caused by the differences, including who must comply with the law (e.g., persons, businesses, information brokers, government entities, covered … Continue Reading
As the number of highly publicized data breaches continues to skyrocket and proposals for a federal data breach notification law stagnate, state legislatures around the country have been busy amending their own breach notification statutes. So far, 2015 has been a banner year for state breach law makers, with nine states formalizing amendments to their … Continue Reading
Connecticut has been in the forefront in protecting the personal information of its residents. In July 2010, in the first action by a state attorney general for violations of HIPAA since HITECH authorized state attorneys general to enforce HIPAA, a settlement was reached between HealthNet and the state of Connecticut – stemming from a May … Continue Reading
