Archives: Security Breach

Subscribe to Security Breach RSS Feed

Unsecured PHI Leads to OCR Settlement with Closed Business

On February 13, 2018, the U.S. Department of Health and Human Services’ Office for Civil Rights announced that it had entered into a resolution agreement with the receiver appointed to liquidate the assets of Filefax, Inc. in order to settle potential violations of HIPAA. … Continue Reading

CFTC Brings Cybersecurity Enforcement Action

On February 12, 2018, in a settled enforcement action, the U.S. Commodity Futures Trading Commission charged a registered futures commission merchant with violations of CFTC regulations relating to an ongoing data breach.… Continue Reading

GSA to Upgrade Cybersecurity Requirements

Recently, the General Services Administration announced its plan to upgrade its cybersecurity requirements in an effort to build upon the Department of Defense’s new cybersecurity requirements that became effective on December 31, 2017.… Continue Reading

Eighth Circuit Finds Article III Standing Yet Affirms Dismissal of Scottrade Breach Case

On August 21, 2017, the United States Court of Appeals for the Eighth Circuit affirmed the dismissal of a putative class action arising from the Scottrade data breach. Notably, however, the Eighth Circuit did not agree with the trial court’s ruling that the plaintiff lacked Article III standing, instead dismissing the case with prejudice for failure to state a claim. … Continue Reading

Delaware Amends Data Breach Notification Law

On August 17, 2017, as reported in BNA Privacy Law Watch, Delaware amended its data breach notification law, effective April 14, 2018. The amendments include expansion of the definition of personal information, timing of notification, changes to the harm threshold and credit monitoring service changes. … Continue Reading

Uber Settles FTC Data Privacy and Security Allegations

On August 15, 2017, the FTC announced that it had reached a settlement with Uber, Inc., over allegations that the ride-sharing company had made deceptive data privacy and security representations to its consumers. Under the terms of the settlement, Uber has agreed to implement a comprehensive privacy program and to undergo regular, independent privacy audits for the next 20 years.… Continue Reading
LexBlog