On September 20, 2022, Indonesia’s parliament ratified the Personal Data Protection Act.
Continue Reading Indonesia Enacts its First Data Protection Act
Security Breach
OCR Announces $300,000 Settlement Related to Improper Disposal of Physical PHI
Posted on
On August 23, 2022, the U.S. Department of Health & Human Services, Office for Civil Rights announced that it had settled a case involving the disposal of physical protected health information. …
Continue Reading OCR Announces $300,000 Settlement Related to Improper Disposal of Physical PHI
The SEC Charged Several Individuals and Entities in a Fraudulent Hacking Scheme
Posted on
On August 16, 2022, the Securities and Exchange Commission charged 18 individuals and entities in relation to their involvement in a fraudulent hacking scheme. …
Continue Reading The SEC Charged Several Individuals and Entities in a Fraudulent Hacking Scheme
Wawa Inc. Settles Multi-State AG Breach Investigation for $8 Million
Posted on
On July 26, 2022, the attorneys general of New Jersey, Pennsylvania, Delaware, Maryland, Virginia, Florida and Washington D.C. announced an $8 million multistate settlement with Wawa Inc. that resolves the states’ investigation into a 2019 data breach that compromised approximately 34 million payment cards used by consumers at Wawa stores and fueling locations. …
Continue Reading Wawa Inc. Settles Multi-State AG Breach Investigation for $8 Million
Russian Federation Passes Data Protection and Information Governance Reforms
Posted on
In July 2022, Maria Ostashenko from ALRUD Law Firm reports that the Russian Parliament passed, and the President of the Russian Federation signed into law, major reforms in data protection and information governance. The reforms include:
- Significant changes to Federal Law No. 152-FZ on Personal Data, including the scope of its application, new rules for
T-Mobile to Pay $500 Million to Settle Claims Related to 2021 Breach
Posted on
On July 22, 2022, T-Mobile entered into an agreement to settle a class action lawsuit stemming from its 2021 data breach. …
Continue Reading T-Mobile to Pay $500 Million to Settle Claims Related to 2021 Breach
Arizona Adds Breach Notification Obligation
Posted on
On July 22, 2022, companies are required to notify the Arizona Department of Homeland Security when they experience a data breach impacting more than 1,000 Arizona residents. …
Continue Reading Arizona Adds Breach Notification Obligation
NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches
Posted on
On June 24, 2022, the New York State Department of Financial Services announced it had entered into a $5 million settlement with Carnival Corp., the world’s largest cruise-ship operator, for violations of the Cybersecurity Regulation in connection with four cybersecurity events between 2019 and 2021, including two ransomware events. …
Continue Reading NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches
Maryland Amends Its Personal Information Protection Act
Posted on
Posted in Information Security, Security Breach
On May 29, 2022, the Maryland legislature enacted House Bill 962, which amends Maryland’s Personal Information Protection Act. …
Continue Reading Maryland Amends Its Personal Information Protection Act
Thailand’s Personal Data Protection Act Enters into Force
Posted on
On June 1, 2022, Thailand’s Personal Data Protection Act entered into force after three years of delays.
Continue Reading Thailand’s Personal Data Protection Act Enters into Force