Oregon Amends Data Breach Notification Law to Apply to Vendors

Share

On May 24, 2019, Oregon Governor Kate Brown signed into law Senate Bill 684, which requires vendors, service providers and other entities that maintain or possess consumers’ personal information to notify consumers of a security breach.

Continue reading

Supreme Court Gives Companies Another Tool To Fend Off Data Breach Class Actions

Share

In the wake of data breaches, companies may find themselves targets of class actions by customers or employees whose personal information was compromised in the breach. The exposure is considerable, with an estimated 765 million people impacted by data breaches between April and June of 2018. As we previously reported, some courts have allowed consumer and employee data breach cases to proceed despite threshold challenges – leading to multi-million-dollar settlements. And in Dittman, Pennsylvania’s Supreme Court recently held that an employer owed an affirmative duty to exercise reasonable care to protect employees’ personal nonpublic data from data breaches.

Continue reading

Coming Soon to Singapore: Mandatory Data Breach Notifications

Share

Singapore’s Personal Data Protection Commission (PDPC) issued a statement on March 1 announcing its plan to introduce mandatory breach notifications as part of a set of proposed amendments to the country’s Personal Data Protection Act (PDPA). The proposed amendments come in response to the PDPC’s recent review of the PDPA in order “to ensure that it keeps pace with the evolving needs of businesses and individuals, and balances safeguarding individuals’ interests and enables the legitimate use of personal data by organisations.” The details of the mandatory breach notification have not yet been made public, but the amendment will likely require organizations to notify the PDPC and affected data subjects when a certain level of breach has occurred.

Continue reading

$3 Million Settlement for Two Separate HIPAA Breaches Affecting Over 62,500 Individuals

Share

Cottage Health and the Office for Civil Rights at the U.S. Department of Health and Human Services (HHS-OCR) recently entered into a $3 million no-fault settlement and three year corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA). This was HHS-OCR’s last HIPAA related settlement of 2018 – a record year in HIPAA enforcement activity, as detailed in this DBR on Data blog post.

Continue reading

N.Y. Attorney General Enforces Mobile App Security Initiative, Announces Settlements with Five Companies

Share

In December 2018, the New York Attorney General’s Office announced settlements with five companies operating mobile apps, including Equifax and Western Union. The N.Y. Attorney General stated that the companies failed to keep sensitive information secure on their mobile apps and have agreed to implement improved security controls. The settlements came following a data privacy initiative by the Attorney General’s Office to proactively identify security vulnerabilities before consumer information is breached. As part of this effort, the Attorney General’s Office tested dozens of mobile apps that collect sensitive information.

Continue reading

Charges Connected to Hack of SEC’s EDGAR System Discussed in SECurities and Law Perspectives

Share

Last week, the Department of Justice (“DOJ”) and the Securities & Exchange Commission (“SEC”) announced charges connected to a large-scale, international conspiracy to hack into the SEC’s Electronic Data Gathering, Analysis and Retrieval (“EDGAR”) system and profit by trading on stolen material, non-public information. The conduct underlying these cases was one of the principal reasons that the SEC created its Division of Enforcement “Cyber Unit” to target cyber-related securities fraud violations.

Continue reading

« Older posts

© 2019 Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

Disclaimer/Privacy Policy