Tag Archives: data breaches

Texas Passes Bill Allowing Public Listing of Data Breaches, Effective Sept. 1, 2021

By Lynn Sessions and Jessica Lowery on June 10, 2021 Posted in Data Breaches

On May 31, 2021, the Texas Legislature approved House Bill 3746, which amends the Texas Business and Commerce Code § 521.053 relating to certain notifications required following a data breach involving Texas residents. The bill includes the existing requirement that any business or entity notify the attorney general of a data breach within 60 days … Continue Reading

Key Changes to New York Breach Notification and Data Security Protection Requirements from the New York SHIELD Act

By David Kitchen and Damon C. Barhorst on June 9, 2020 Posted in Data Breach Notification Laws

The New York SHIELD Act,[1] officially titled the Stop Hacks and Improve Electronic Data Security Act, amends New York’s existing data breach notification law in several significant ways and adds a number of data security protection requirements. The amended data breach notification obligations went into effect on Oct. 23, 2019, with the data security requirements … Continue Reading

AB-1130 Expands the Definition of Personal Information for Data Breaches

By Kamran Salour on September 24, 2019 Posted in Data Breaches

In what appears to be yearly tradition, the California State Senate has again amended its Data Breach Notification Law. [Civ. Code § 1798.29.] On Sept. 11, 2019, the California State Senate voted in favor of AB-1130 Personal information: data breaches, which expands the existing definition of “personal information” under California’s Data Breach Notification Law. Assuming … Continue Reading

The Weekly Privacy Rewind

By Aaron Lancaster on September 5, 2018 Posted in Weekly Privacy Rewind

Class Actions San Francisco Transit Agency Seeks Approval of Class Action Settlement • Bay Area Rapid Transit (BART) sought preliminary approval of a class action settlement to resolve claims that the transit agency’s mobile app secretly collected various information about its users, including mobile device ID number and location, even when users are not reporting … Continue Reading

Australia’s New Breach Notification Law Set to Take Effect February 2018

By Melinda L. McLellan and Emily R. Fedeles on March 7, 2017 Posted in Breach Notification, Data Breach Notification Laws, Data Breaches, International Privacy Law

On February 13, 2017, the Australian Senate passed a bill establishing a mandatory requirement to notify the Privacy Commissioner and affected individuals of “eligible” data breaches. The Privacy Amendment (Notifiable Data Breaches) Act 2016, which was passed by the House of Representatives the previous week, amends Australia’s Privacy Act 1988 and is slated to take … Continue Reading

OCR to Increase Efforts to Investigate Breaches Affecting Fewer Than 500 Individuals

By M. Scott Koller on August 19, 2016 Posted in HIPAA/HITECH, Medical Privacy

The Department of Health and Human Services Office for Civil Rights (OCR) is the federal agency tasked with investigating data breaches involving protected health information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA). The mere mention of an OCR investigation can strike fear into the hearts of HIPAA privacy officers and health care … Continue Reading

Deeper Dive: When it Comes to Data Breaches, Size Matters

By M. Scott Koller on June 21, 2016 Posted in Data Breaches, Online Privacy

As part of our ongoing series analyzing the 2016 BakerHostetler Data Security Incident Response Report, this article takes a closer look at the factors that play a role in whether an entity will face a regulatory investigation or litigation as a result of a data breach. As the title suggests, the size of breach is … Continue Reading

Tennessee Revamps Its State Data Breach Notification Statute

By David M. Brown on April 1, 2016 Posted in Data Breach Notification Laws

Tennessee amended its data breach notification statute to potentially require notification of a data breach to affected individuals regardless of whether the personal information involved in the security incident was encrypted. On July 1, Tennessee becomes the first state to remove its encryption safe harbor; there is still an ability to perform a risk analysis … Continue Reading

New Take on Old Phishing Scam Wreaking Havoc on HR Departments

By Kevin Wallace and Melinda L. McLellan on March 8, 2016 Posted in Cybersecurity

From would-be Nigerian princes to foreign lottery officials, cybercriminals have been known to assume all sorts of false identities to carry out email phishing scams that trick unsuspecting consumers into clicking on fraudulent links or divulging personal information to strangers. We often see a spike in this type of activity around tax season, when fraudsters … Continue Reading

New York Attorney General Report Shows the Number of Data Breaches is on the Rise and Recommends Steps to Take for Protecting Against Them

By Carrie Dettmer Slye on July 18, 2014 Posted in Data Breaches, State Legislation

On July 15, 2014, the New York Attorney General issued a report examining the growing number and costs of data breaches in the state of New York. The report titled, “Information Exposed: Historical Examination of Data Security in New York State,” analyzes eight years’ worth of security breach data collected by the Attorney General and … Continue Reading

FBI Issues Cyber Attack Warning to Retailers: Is Chip and PIN the Answer?

By Eric A. Packel on February 1, 2014 Posted in Payment Card Industry

The FBI’s Warning: Point-of-sale (POS) systems are under attack. In the wake of breaches at Neiman Marcus, Target and other stores over the 2013 holiday season, the FBI is now warning retailers to expect similar cyber attacks in the coming months. The warning came in the form of a 3 page report distributed to numerous … Continue Reading

Vermont Grocery Store Agrees to Settlement with Attorney General for Alleged Violation of State Data Breach Response Laws

By Theodore J. Kobus III on October 2, 2013 Posted in Data Breach Notification Laws, Data Breaches

Co-authored by: Charles K. Shih Natural Provisions, Inc., a Vermont health foods grocery chain, agreed to pay $30,000 to settle claims brought by the Vermont attorney general that it failed to notify consumers and the attorney general within the statutory period required by Vermont’s Security Breach Notice Act and Consumer Protection Act. Natural Provisions, Inc. … Continue Reading

SEC To Issue Stronger Cybersecurity Guidance?

By Robert Oestreicher on August 15, 2013 Posted in Cybersecurity, Data Breach Notification Laws

In February we wrote about whether Facebook’s IPO would set the tone under the SEC’s then-relatively new cybersecurity disclosure guidance. In subsequent months, it has become apparent that this guidance is still not yielding the level of disclosure on cybersecurity matters that regulators want. This is especially true with respect to the disclosure of past … Continue Reading

Cyber Criminals’ Menu Features the Food & Beverage Industry; Steps to Protect Your Business

By Judy Selby on May 24, 2013 Posted in Data Breaches, Payment Card Industry

2012 was a challenging year for the Food and Beverage (F&B) industry. In addition to increased government regulation, rising food prices and relatively slow growth trends, the industry once again was a favorite target of cybercriminals. According to the 2013 Trustwave Global Security Report, cyberattacks on F&B enterprises comprised 24% of attacks in 2012, second … Continue Reading