Our experienced team views data breach response as a joint effort in partnership with the client where the client’s philosophy, brand and customer base are considered integral in reconciling compliance with the numerous, and often competing, laws and regulations. [...]
NEW CONNECTICUT DATA BREACH IS A PERFECT EXAMPLE OF DATA SECURITY FAILURES
The Connecticut Attorney General just announced that personal health information and protected health information for over 9,000 Hartford Hospital patients was lost in June. http://www.ct.gov/ag/cwp/view.asp?Q=508726&A=2341. A laptop carried by an EMC subsidiary employee was reportedly stolen. The State AG announced that the unencrypted information on the laptop contained names, addresses, dates of birth, social security … Continue reading
Vermont Adds New Wrinkles to Data Breach Notification Law
Vermont has made some interesting amendments [.pdf at Sec. 4, p. 9] to its Security Breach Notice Act. The changes, trumpeted in a recent press release as part of various consumer protection measures, were signed into law on May 8, 2012 to be effective immediately. The most significant aspects of the revisions are: Consumer notification of a breach must be … Continue reading
On January 1, 2012 California’s Expanded Data Breach Notification Becomes Effective
California’s recently expanded Identity Theft Law takes effect January 1, 2012. Earlier this year, Governor Jerry Brown signed into law SD 24 which expands on the state’s data breach and identity theft notification requirements. The law establishes specific content for data breach notifications that must be sent to consumers. The notification must now include the … Continue reading
Texas Expands the Privacy Rights of Patients Beyond HIPAA and HITECH
The State Sets Mandatory Deadlines for Training, and Requires Breach Notification for all Healthcare Providers Doing Business in Texas. Texas, already known for its strict privacy laws, recently enacted legislation which surprisingly expands privacy rights beyond those proscribed in HIPAA and HITECH. This new law, HB300, will become effective on September 1, 2012. It will … Continue reading
CT AG Jepsen Carries Blumenthal’s Enforcement Torch
Connecticut Attorney General George Jepsen is continuing his predecessor’s aggressive efforts to safeguard the personal information of the state’s citizens. Former Connecticut Attorney General Richard Blumenthal, during his tenure, investigated numerous organizations regarding possible data breaches, and in one case, fined insurance provider Health Net $250,000 for losing the data of 500,000 Connecticut residents. Jepsen recently requested specific … Continue reading
Senator Leahy Introduces His Personal Data Privacy and Security Act—Again!
Last month, we discussed Senator Patrick Leahy’s (D-Vt.) introduction of the Electronic Communications Privacy Act Amendments of 2011 related to disclosures of certain location-based tracking information. Yesterday, and on the heels of President Obama’s proposed data breach notification legislation, Senator Leahy introduced the Personal Data Privacy and Security Act [pdf]. This legislation has been previously introduced … Continue reading
Call the Feds – Blumenthal Requests DOJ Investigation of Epsilon Breach
Connecticut senator, Richard Blumenthal, is calling for a federal investigation of the Epsilon data breach. On April 1st, Epsilon disclosed a security breach which compromised names and email addresses belonging to customers of numerous major U.S. companies that outsource their marketing to Epsilon. In an April 6th letter to U.S. Attorney General Eric Holder (AG … Continue reading