On September 21, 2020, the U.S. Department of Health and Human Services Office for Civil Rights announced a $1.5 million settlement with Athens Orthopedic Clinic PA for alleged violations of the HIPAA Privacy and Security Rules.
Continue Reading OCR Settles with Orthopedic Clinic for $1.5 Million for Alleged HIPAA Noncompliance
Security Breach
ICO Publishes Its Accountability Framework
Posted on
On September 9, 2020, the UK Information Commissioner’s Office published an Accountability Framework, designed to assist organizations in complying with their accountability obligations under the EU General Data Protection Regulation.…
Continue Reading ICO Publishes Its Accountability Framework
EU Council Imposes First-Ever Sanctions against Cyber Attacks
Posted on
On July 30, 2020, the Council of the European Union imposed for the first time restrictive measures against six individuals and three entities responsible for or involved in various cyber attacks. …
Continue Reading EU Council Imposes First-Ever Sanctions against Cyber Attacks
NYDFS Files First Cybersecurity Enforcement Action
Posted on
On July 22, 2020, the New York Department of Financial Services announced its first enforcement action under the NYDFS Cybersecurity Regulation since the rules went into effect in March 2017.…
Continue Reading NYDFS Files First Cybersecurity Enforcement Action
New Dubai International Financial Centre Data Protection Law Comes into Effect
Posted on
On July 1, 2020, the Dubai International Financial Centre Data Protection Law No. 5 of 2020 came into effect, but due to COVID-19, companies have until October 1, 2020 to comply. …
Continue Reading New Dubai International Financial Centre Data Protection Law Comes into Effect
Forensic Report Deemed Not Privileged: Capital One Ordered to Release Report
Posted on
Posted in Information Security, Security Breach
Last month, in In re: Capital One Customer Data Security Breach Litigation, E.D. Va., No. 1:19-md-02915, U.S. Magistrate Judge John Anderson (the “Judge”) ordered Capital One Financial Corp. (“Capital One”) to disclose a forensic report to the plaintiffs in a lawsuit stemming from Capital One’s 2019 data breach. In doing so, the Judge rejected Capital One’s argument that the report is protected from disclosure to the plaintiffs by the work product doctrine.
…
Continue Reading Forensic Report Deemed Not Privileged: Capital One Ordered to Release Report
Vermont’s Amendments to Data Breach Law and New Student Privacy Law Effective July 1, 2020
Posted on
Posted in Security Breach, U.S. State Law
On July 1, 2020, amendments to Vermont’s data breach notification law, signed into law earlier this year, will take effect along with Vermont’s new student privacy law. …
Continue Reading Vermont’s Amendments to Data Breach Law and New Student Privacy Law Effective July 1, 2020
Belgian DPA Sanctions Company for Non-Compliance with the GDPR’s DPO Requirements
Posted on
On April 28, 2020, the Litigation Chamber of the Belgian Data Protection Authority imposed a €50,000 fine on a company for non-compliance with the requirements under the General Data Protection Regulation related to the appointment of a data protection officer.…
Continue Reading Belgian DPA Sanctions Company for Non-Compliance with the GDPR’s DPO Requirements
BREAKING: Californians for Consumer Privacy Introduces California Privacy Rights Act for November 2020 Ballot
Posted on
On May 4, 2020, Californians for Consumer Privacy (the group behind the ballot initiative that inspired the CCPA) announced that it had collected over 900,000 signatures to qualify the California Privacy Rights Act for the November 2020 ballot. …
Continue Reading BREAKING: Californians for Consumer Privacy Introduces California Privacy Rights Act for November 2020 Ballot
Equifax Agrees to 19.5 Million Dollar Settlement with Indiana Attorney General in Connection with 2017 Data Breach
Posted on
Posted in Information Security, Security Breach
On April 14, 2020, the Indiana Attorney General’s office announced that the state had reached a settlement agreement with Equifax in connection with their 2017 data breach.…
Continue Reading Equifax Agrees to 19.5 Million Dollar Settlement with Indiana Attorney General in Connection with 2017 Data Breach