Category Archives: Data Breach

Two Cyber Laws Go Into Effect Over US Labor Day Weekend

By Liisa Thomas and Pavel Sternberg on September 4, 2018 Posted in Data Breach, Data Security

On September 1, the Colorado breach notification statute update became effective, the first of two developments that occurred over the weekend. As we wrote about when the modification was passed, Colorado’s updated statute expands the definition of “personal information” to include ID numbers, medical information, and biometric information and places a proactive obligation on companies … Continue Reading

Unixiz Settles COPPA Allegations with NJ AG

By Pavel Sternberg on August 27, 2018 Posted in Children's Privacy, COPPA, Data Breach, Data Security, Online Privacy

Unixiz, operator of the i-Dressup site, reached an agreement with the New Jersey Attorney General to settle charges that the company had violated the Children’s Online Privacy Protection Act and the New Jersey’s Consumer Fraud Act. The New Jersey AG claimed that Unixiz violated these statutes by collecting information about children without first getting parental … Continue Reading

Louisiana’s Breach Notification Law Update Now In Effect

By Pavel Sternberg and Liisa Thomas on August 1, 2018 Posted in Data Breach, Data Security

As we wrote when the law passed, Louisiana updated its data breach notification statute earlier this year. The new law becomes effective today (August 1), and comes close on the heels of the July 20th effective date of Arizona’s update to its breach law. As modified, the Louisiana law adds biometric information as well as … Continue Reading

Arizona’s Notice Law Now In Effect

By Liisa Thomas and Amber Thomson on July 23, 2018 Posted in Data Breach

As we wrote when the law passed, Arizona has expanded its data breach notification law. The law’s effective date was July 20, and now includes several new elements. Included is a requirement to notify the state attorney general if more than 1,000 individuals have been impacted, and gives an expanded ability to notify by email. … Continue Reading

Texas Hospital Order to Pay $4.3M for Failure to Implement its HIPAA Security Policies

By Matthew Shatzkes on July 5, 2018 Posted in Data Breach, Data Security, Healthcare Privacy

A Texas hospital was recently ordered by an administrative law judge to pay a $4,300,000 penalty for three data breaches over the course of 2012 and 2013 that exposed the personal health information – including social security numbers, patient names and treatment records – of more than 33,000 individuals in violation of HIPAA. The specific … Continue Reading

South Dakota’s Breach Notice Law Now In Effect

By Liisa Thomas and Pavel Sternberg on July 2, 2018 Posted in Data Breach, Data Security

As we wrote when the law passed, South Dakota now has a data breach notification law, making it the last state to have a data breach notification statute on the books. (The breach notification law of the other hold-out state, Alabama, went into effect on June 1.) The law is now in effect, and as … Continue Reading

Colorado Enacts Stringent Data Breach Notification Law

By Liisa Thomas and Amber Thomson on June 27, 2018 Posted in Data Breach, Data Security

Colorado’s governor recently signed into law an update to the state’s breach notice law. As we reported yesterday the new law takes effect on September 1, 2018. As amended, the definition of “personal information” now also includes student, military or passport identification numbers, medical information, health insurance identification numbers, biometric data, and a resident’s username … Continue Reading

Louisiana Joins the Breach Notice Update Law Fray

By Liisa Thomas and Pavel Sternberg on June 26, 2018 Posted in Data Breach, Data Security

Louisiana has joined the growing list of states updating their data breach notification law in 2018. Others include, as we have reported, Arizona and Oregon. The law has now been amended to include biometric information, state ID number, and passport number in the definition of personal information. It also adds a 60-day notice timeline from … Continue Reading

You Might Be an Inside Trader If: Insider Trading and Data Breaches Part II

By Kari Rollins and Sarah Aberg on June 21, 2018 Posted in Data Breach, Privacy Litigation, SEC

As we wrote yesterday, the CIO of Equifax is currently facing civil and criminal liability following trading he made after his employer suffered a major cybersecurity breach. As we indicated in our prior blog post, the SEC has filed a complaint alleging liability because he independently figured out that his employer was the victim of a … Continue Reading

You Might Be an Inside Trader If…: Insider Trading and Breaches Part I

By Kari Rollins and Sarah Aberg on June 20, 2018 Posted in Data Breach, Privacy Litigation, SEC

Earlier this year, the SEC released cybersecurity guidance addressing, among other things, the risk of insider trading in the event of a data breach. The insider trading risk includes risk that the intruder will trade on stolen information and risk that insiders will trade on the knowledge of the breach itself. In this manner, the … Continue Reading

More Breach Law Changes: Arizona Updates Notice Law

By Liisa Thomas and Amber Thomson on April 26, 2018 Posted in Data Breach, Data Security

Arizona’s Governor recently signed HB2154, which expands Arizona’s data breach notice law. The law will go into effect July 20, and will require companies to notify the state attorney general when more than 1,000 individuals have been impacted. It also allows email notice if the company has the individual’s email address. This removes the need … Continue Reading

NY Issues Data Breach Report

By Snehal Desai and Kari Rollins on April 12, 2018 Posted in Cybersecurity, Data Breach, Data Security

New York Attorney General, Eric. T. Schneiderman, stated in a recent press release that 9.2 million New Yorkers had their personal data compromised in 2017. Such data compromises were mainly due to large scale data hacks, such as the Equifax and Game Stop hacks. According to the NYAG office’s report, 1,583 data breaches were reported … Continue Reading

And Then There Was None: Alabama Becomes 50th State With Breach Notice Law

By Amber Thomson and Liisa Thomas on April 11, 2018 Posted in Data Breach, Data Security, Privacy

Alabama is the final US state to enact data breach notification legislation. The new law takes effect on June 1, 2018 and applies to electronic “sensitive” data. This includes full Social Security and government-issued identification numbers, account and payment card numbers (in combination with security or access codes or PIN numbers), health information, and a … Continue Reading

Oregon Updates Its Data Breach Notification Law

By Amber Thomson, Liisa Thomas and Kari Rollins on March 29, 2018 Posted in Data Breach, Data Security

Oregon’s governor recently passed into law S 1551. The bill amends the state’s existing breach notice law. The revision goes into effect in June. It adds to the definition of personal information that which would permit access to a financial account. It now also places the duty to notify not only on entities that own … Continue Reading

And Then There Was One: South Dakota Passes Breach Notice Law, Alabama May Not Be Far Behind

By Liisa Thomas and Amber Thomson on March 28, 2018 Posted in Data Breach, Data Security

South Dakota recently became the 49th US state to enact data breach notification legislation. The new law takes effect July 1, 2018 and mirrors other states’ breach notice laws. Information that if breached, gives rise to a duty to notify is defined to include Social Security and government-issued identification numbers, account and payment card numbers … Continue Reading

Privacy, Data Security, and Your Board: Day Five

By Kari Rollins and Liisa Thomas on March 2, 2018 Posted in Consumer Privacy, Cybersecurity, Data Breach, Data Security, Employee Privacy, Privacy

In our final installment on privacy, cyber security, and your board, we look at privacy and cyber issues in M&A. So you are thinking about acquiring a new entity? Divesting of current one? Due diligence will need to be conducted to best understand and evaluate privacy and data security issues and risks. Your board will … Continue Reading

Privacy, Data Security, and Your Board: Day Four

By Kari Rollins and Liisa Thomas on March 1, 2018 Posted in Consumer Privacy, Data Breach, Employee Privacy, Privacy

In our fourth installment of privacy, data (cyber) security, and your board, we look at crisis management and data breach issues. As part of providing appropriate duty of care and oversight, board members will want to ensure that the company has an incident response plan in place. They should review and understand the plan. They … Continue Reading

Privacy, Data Security, and Your Board: Day Three

By Kari Rollins and Liisa Thomas on February 28, 2018 Posted in Consumer Privacy, Cybersecurity, Data Breach, Data Security, Employee Privacy, Privacy

In our ongoing conversation about privacy, data security and your board, we turn next to cyber insurance and vendor management. Boards, when executing their duty of care, should keep in mind that while there may be some coverage for data incidents under a company’s CGL and D&O policies, there may be significant gaps in coverage … Continue Reading

There’s a Form for That? Breach Notices and State Reporting Portals

By Amber Thomson and Liisa Thomas on February 21, 2018 Posted in Data Breach, Data Security

The recent launch by Massachusetts Attorney General of an online data breach reporting portal is a reminder that many states have such online reporting mechanisms. In Massachusetts, companies that have suffered a data breach and are required to provide notice to the MA AG can either continue to submit a hard copy notice to MA, … Continue Reading

By scrolling this page, clicking a link or continuing to browse our website, you consent to our use of cookies as described in our Cookie and Advertising Policy. If you do not wish to accept cookies from our website, or would like to stop cookies being stored on your device in the future, you can find out more and adjust your preferences here.

Agree