Archives: Security Breach

Subscribe to Security Breach RSS Feed

New Jersey Moves Forward With Shopper Privacy Bill

On September 15, 2016, the New Jersey Senate unanimously approved a bill that would limit retailers’ ability to collect and use personal data contained on consumers’ driver and non-driver identification cards. The bill, known as the Personal Information and Privacy Protection Act, must now be approved by the New Jersey Assembly.… Continue Reading

Final Rules for the Data Privacy Act Published in the Philippines

Recently, the National Privacy Commission of the Philippines published the final text of its Implementing Rules and Regulations of Republic Act No. 10173, known as the Data Privacy Act of 2012. The IRR has a promulgation date of August 24, 2016, and went into effect 15 days after the publication in the official Gazette. … Continue Reading

AIG Launches Cyber-BI and PD Policy

Insurance-giant American International Group announced that it will be the first insurer to offer standalone primary coverage for property damage, bodily injury, business interruption and product liability that results from cyber attacks and other cyber-related risks.… Continue Reading

OCR Settles Largest HIPAA Violation Against a Single Covered Entity

On August 4, 2016, the U.S. Department of Health and Human Services' Office for Civil Rights entered into a resolution agreement with Advocate Health Care Network over alleged HIPAA violations. The multimillion dollar settlement with Advocate is the largest settlement to date against a single covered entity.… Continue Reading

White House Releases New Policy on Federal Cyber Incident Response

On July 26, 2016, the White House unveiled Presidential Policy Directive PPD-41, which sets forth principles for federal responses to cyber incidents approved by the National Security Council. PPD-41 first focuses on incident response to cyber attacks on government assets, but also outlines federal incident responses to cyber attacks on certain critical infrastructure within the private sector.… Continue Reading

Lisa Sotto Interviewed on Privacy Piracy Radio Show

On July 25, 2016, Lisa Sotto, partner and head of the Global Privacy and Cybersecurity practice at Hunton, discussed cybersecurity and the changing regulatory landscape on KUCI’s Privacy Piracy radio show. This blog post contains a link to the full interview. … Continue Reading

OCR Enters into First Enforcement Action Against Business Associate

On June 30, 2016, the U.S. Department of Health and Human Services’ Office for Civil Rights announced that it had settled potential HIPAA Security Rule violations with Catholic Health Care Services of the Archdiocese of Philadelphia. This is the first enforcement action OCR has taken against a business associate since the HIPAA Omnibus Rule was enacted in 2013.… Continue Reading

Simulated Attack on Power Grid Highlights Need for Improved Communications

In its third simulated test of the security of the power grid, the North American Reliability Corporation (“NERC”) reported general progress across the electric utility industry in defending against physical and cyber threats, while also identifying several areas for further improvement. The NERC exercise, dubbed GridEx III, took place over two days in November 2015 … Continue Reading

Nuclear Industry Pursues Aggressive Defense Against Cyber Threats

On March 30 through April 1, 2016, the 2016 Nuclear Industry Summit meetings took place in Washington D.C. In the nuclear industry, the issue of cybersecurity has grown steadily in importance over the past decade. This has been most apparent in the increasing attention and effort paid to cyber-based threats under the biennial Nuclear Industry Summit and its international meetings.… Continue Reading
LexBlog