Page 3 of 39

Texas Amends State Breach Notification Law and Creates Advisor Council to Study Privacy Laws

Share

Businesses in Texas that own or license computerized data will expect a shortened data breach notification deadline for any breach of sensitive personal information after January 1, 2020. Meanwhile, reporting to state attorney general (“AG”) will become mandatory if more than 250 Texans are involved in a single data breach.

Continue reading

Further Expansion of Data Security Requirements in FTC Order with LightYear Dealer Technologies

Share

The FTC has entered into a settlement with LightYear Dealer Technologies, doing business as DealerBuilt, a technology company that develops and sells dealer management system (DMS) software and data processing services to automotive dealerships nationwide. The settlement resolves allegations that DealerBuilt engaged in a number of unreasonable data security practices. The DealerBuilt’s DMS software tracks, manages, and stores information related to all aspects of a dealership’s business, including sales, finance, inventory, accounting, payroll, and parts and service and collects and maintains personal and competitively sensitive information about consumers and employees.

Continue reading

Nevada’s Privacy Law Granting Opt-Out Rights Is First Out of the Gate

Share

On May 29, 2019, Nevada Governor Steve Sisolak signed into law SB 220, which amends Nevada’s security and privacy law to require an operator of a website or online service for commercial purposes to permit consumers to opt-out of the sale of any covered personally identifiable information that the operator has collected or will collect about the consumer. The law becomes effective October 1, 2019, several months before the California Consumer Privacy Act’s (CCPA) effective date of January 1, 2020, and is therefore set to become the first of its kind to be implemented in the U.S.

Continue reading

Oregon Amends Data Breach Notification Law to Apply to Vendors

Share

On May 24, 2019, Oregon Governor Kate Brown signed into law Senate Bill 684, which requires vendors, service providers and other entities that maintain or possess consumers’ personal information to notify consumers of a security breach.

Continue reading

U.S. Securities and Exchange Commission Issues Risk Alert Regarding Safeguarding Customer Records and Information Stored on Cloud-Based Platforms

Share

On May 23, 2019, the United States Securities and Exchange Commission (“SEC”)’s Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert entitled “Safeguarding Customer Records and Information in Network Storage – Use of Third Party Security Features” (the “Risk Alert”). The Risk Alert highlights the risks associated with the storage of customer records and information by broker-dealers and investment advisors on cloud-based storage platforms.

Continue reading

Business Associate Failed to Safeguard 3.5 Million Patients’ Medical Records

Share

Medical Informatics Engineering, Inc. and its wholly-owned subsidiaries (MIE) and the Office for Civil Rights at the U.S. Department of Health and Human Services (HHS-OCR) entered into a $100,000 settlement and two-year corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA).

Continue reading

« Older posts Newer posts »

© 2019 Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

Cookie Policy | Privacy Policy