Tag Archives: breach notification

Dutch Parliament Adopts Data Breach Notification Obligation and Increases Fines

On May 26th, 2015, the Dutch Senate passed a new law (“the Law”) (legislative proposal, as adopted, is accessible here), which introduces an obligation to notify the Dutch DPA ‘without delay’ in case of a data breach.  The law also broadens the powers of the Dutch DPA, enabling it to impose significantly higher fines for … Continue Reading

House Focuses on Data Breach Bills

By Ani Gevorkian The issues of data breach notification and data security issued received a fair amount of attention in the House this week:  On Wednesday, the House Energy and Commerce Subcommittee on Trade approved one data breach bill, and on Thursday, Rep.  Jim Langevin (D-RI), co-chairman of the House Cybersecurity Caucus, announced the release … Continue Reading

Data Breach Notification Bills Introduced in House and Senate

By Caleb Skeath Last week, Reps. Joe Barton (R-TX) and Bobby Rush (D-IL) re-introduced the Data Accountability and Trust Act (DATA Act) in the House of Representatives.  The bill (H.R. 580), which has been introduced several times in previous years, would provide a nationwide data security standard, backed by FTC enforcement and civil penalties, as … Continue Reading

House Debates Federal Data Breach Legislation

This morning, the House Subcommittee on Commerce, Manufacturing, and Trade, chaired by Rep. Michael Burgess (R-TX), held a hearing to determine what elements should be included in federal data breach legislation.  Despite the momentum for legislation created by high-profile breaches at retailers like Target and Home Depot, and most recently at Sony, ongoing efforts in … Continue Reading

House Subcommittee to Hold Hearing and Begin Drafting Data Breach Bill

Tomorrow at 10:00 a.m., the House Subcommittee on Commerce, Manufacturing, and Trade will hold a hearing to determine what elements should be included in federal data-breach legislation.  The following witnesses are scheduled to testify: Elizabeth Hyman, Tech America Executive Vice President of Public Policy Jennifer Glasgow, Acxiom Chief Privacy Officer Brian Dodge, Retail Industry Leaders Association … Continue Reading

Internet of Things Poses a Number of Significant Data Protection Challenges, Say EU Watchdogs

The Article 29 Data Protection Working Party (“Working Party”), the independent European advisory body on data protection and privacy, comprised of representatives of the data protection authorities of each of the EU member states, the European Data Protection Supervisor (the “EDPS”) and the European Commission, has identified a number of significant data protection challenges related … Continue Reading

Florida Enacts Stringent Breach Notice Law

Last Friday, Florida’s governor signed into law the Florida Information Protection Act of 2014 (“FIPA”), a bill repealing Florida’s existing data security breach notice law and replacing it with what will be one of the nation’s most stringent breach notice laws.  This post summarizes the key aspects of the new law, which becomes effective July … Continue Reading

Kentucky Enacts Data Breach Notification Law

Last week, Kentucky governor Steve Beshear signed H.B. 232 into law, making Kentucky the 47th state to enact data breach notification legislation.  The law requires companies that suffer a data breach to provide notice of the breach to Kentucky residents “whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person.” … Continue Reading

Iowa Amends Breach Notice Law to Require Notice to State AG

Iowa’s governor recently signed into law S.F. 2259, which amends Iowa’s data breach notification law.  Under the amendment, entities that suffer breaches of personal information that are required to notify more than 500 state residents will also be required to notify the state’s attorney general.  The notice to the attorney general must be provided within … Continue Reading

EU Article 29 Working Party Publishes Guidance on Data Breach Notification

Last week, the Article 29 Data Protection Working Party published a non-binding Opinion on data breach notifications, titled Opinion 03/2014 on Personal Data Breach Notification (the Opinion).  The Opinion provides helpful new guidance to companies seeking to understand whether or not notifications about a breach must be made to European privacy regulators and/or affected individuals … Continue Reading

A Conversation with State and Federal Privacy Regulators Turns to State Data Breach Enforcement

On Monday, the International Association of Privacy Professionals (IAPP) hosted a discussion that featured state and federal privacy regulators.  The panel included Maneesha Mithal, Associate Director for the Division of Privacy and Identity Theft at the Federal Trade Commission; Marty Jackley, Attorney General of South Dakota; and Bill Sorrell, Attorney General of Vermont.  The panel … Continue Reading

Comparison of Five Data-Breach Bills Currently Pending in the Senate

Data security continues to be a hot issue on Capitol Hill, and just yesterday Attorney General Eric Holder urged Congress to create a “strong, national standard” for quickly reporting data breaches to consumers.  Democratic and Republican senators have been busy drafting legislation that would establish national requirements for data security and breach notice.  The following … Continue Reading

WEDI Issues Guidance for Assessment of Potential Breaches under HIPAA

Recently, the Workgroup for Electronic Data Interchange (WEDI) published a Breach Risk Assessment Issue Brief for stakeholders to use in analyzing whether a breach of  protected health information (PHI) has occurred under the Health Insurance Portability and Accountability Act (HIPAA).  Background Under HIPAA’s breach notification rule, covered entities and business associates are required to notify … Continue Reading

Senate Bill Would Create ‘Stringent’ Penalties to Deter Data Breaches

Data collection and security was a big topic on the Hill last week, where five congressional committees examined the issue over several days.  On the topic of data breaches specifically, the Senate Judiciary Committee held a hearing on “Privacy in the Digital Age: Preventing Data Breaches and Combating Cybercrime” and the House Energy and Commerce … Continue Reading

Australian Government Launches Discussion Paper on Privacy Breach Notification

By Fredericka Argent This month, following an inquiry by the Australian Law Reform Commission (“ALRC”) into the effectiveness of the Australian Privacy Act 1988, the Australian government launched a discussion paper which calls for views from the public on whether a mandatory data breach notification scheme should be introduced in Australia. This scheme refers to … Continue Reading

Texas Data Breach Amendment Takes Effect; Connecticut On Deck

This week, the much talked-about amendments to Texas’s breach notice statute took effect.  We previously blogged about these amendments, which are unprecedented in scope.  With the amendments, the Texas statute now requires entities doing business in Texas to notify “any individual” whose “sensitive personal information” is acquired in a breach (unless the information is encrypted).  … Continue Reading

Court Dismisses Minnesota AG’s HIPAA Enforcement Action Against Business Associate Following Settlement

Earlier this month, the federal district court in Minnesota dismissed a lawsuit brought earlier this year by the Minnesota Attorney General (AG) against Accretive Health, Inc., a business associate of hospitals, after the parties reached a settlement.  In the lawsuit, which we previously discussed here, the Minnesota AG alleged that the company violated various provisions … Continue Reading

HHS Publishes HIPAA Audit Protocol

By Anna Kraus The Department of Health and Human Services (HHS) has posted on its website the protocol for the HIPAA audits required under the HITECH Act.  Section 13411 of the HITECH Act requires HHS to provide for periodic audits to ensure that covered entities and business associates are in compliance with the HIPAA standards for … Continue Reading

Sen. Toomey’s Federal Breach Notification Bill Would Preempt More Restrictive State Laws

Sen. Pat Toomey (R-PA) recently introduced a bill in the United States Senate that would establish a federal breach notification requirement for certain companies and preempt state breach notification laws that are currently in effect for 46 states.  The Data Security and Breach Notification Act of 2012, S.3333, would require companies that “collect and maintain … Continue Reading

Draft EU Data Protection Regulation Leaked

By Dan Cooper and Kristof Van Quathem A widely-leaked version of the first legislative proposal for a General Data Protection Regulation is making its way through Brussels and beyond.  The draft Regulation — which, among other things, aims to apply a harmonized and updated set of core data protection rules across the EU — will … Continue Reading

California Amends Breach Notice Law; Requires Notice to State AG

Earlier this week, California Governor Jerry Brown signed into law an amendment to California’s breach notice law (S.B. No. 24).  Former Governor Arnold Schwarzenegger vetoed similar legislation in 2008, 2009, and 2010.  As Inside Privacy noted when the legislation first moved through the California Senate on April 14, the legislation will amend California’s existing security … Continue Reading
LexBlog