On February 8, 2021, Pinellas County, Florida officials announced that a hacker had remotely gained access to the City of Oldsmar’s water treatment system on two separate occasions and was able to change the setting for sodium hydroxide in the water supply. The incident highlights the danger to local government information systems and the dangers of remote access vulnerabilities.
Continue Reading Florida Water Hack Shows Danger of Remote Access Vulnerabilities
Security Breach
EDPB Publishes Guidelines on Examples regarding Data Breach Notification
On January 18, 2021, the European Data Protection Board released draft Guidelines 01/2021 on Examples regarding Data Breach Notification. The Guidelines aim to assist data controllers in deciding how to handle data breaches, including by identifying the factors that they must take into account when conducting risk assessments to determine whether a breach must be reported to relevant supervisory authorities and/or the affected data subjects. …
Continue Reading EDPB Publishes Guidelines on Examples regarding Data Breach Notification
D.C. Court Rejects Attorney-Client Privilege and Work Product Protections in Data Breach Case
On January 12, 2021, in Wengui v. Clark Hill, PLC, et al., the United States District Court for the District of Columbia rejected a law firm defendant’s assertions of the attorney-client privilege and work product doctrine for forensic reporting and other related information associated with its outside counsel’s data breach investigation. …
Continue Reading D.C. Court Rejects Attorney-Client Privilege and Work Product Protections in Data Breach Case
Home Depot Agrees to Pay $17.5 Million in Multistate Settlement Following 2014 Data Breach
On November 24, 2020, a multistate coalition of Attorneys General announced that The Home Depot, Inc. agreed to pay $17.5 million and implement a series of data security practices in response to a data breach the company experienced in 2014.…
Continue Reading Home Depot Agrees to Pay $17.5 Million in Multistate Settlement Following 2014 Data Breach
ICO Fines Ticketmaster 1.25 Million Pounds for Security Failures
On November 13, 2020, the UK Information Commissioner’s Office fined Ticketmaster UK Limited £1.25 million for failing to keep its customers’ personal data secure.…
Continue Reading ICO Fines Ticketmaster 1.25 Million Pounds for Security Failures
ICO Fines Marriott International £18.4 Million for Security Breach
On October 30, 2020, the UK Information Commissioner’s Office announced its fine of £18.4 for Marriott International, Inc., for violations of the GDPR, a significant decrease from the proposed fine of £99,200,396 announced in July 2019.…
Continue Reading ICO Fines Marriott International £18.4 Million for Security Breach
China Issues Draft of Personal Information Protection Law
On October 21, 2020, China issued its draft of Personal Information Protection Law for public comments. This blog entry provides highlights on the draft law.…
Continue Reading China Issues Draft of Personal Information Protection Law
ICO Fines British Airways 20 Million Pounds for Security Breach
On October 16, 2020, the UK Information Commissioner’s Office announced its fine of £20,000,000 for British Airways for violations of the GDPR, which is a significant decrease from the proposed fine of £183,390,000 from July 2019. …
Continue Reading ICO Fines British Airways 20 Million Pounds for Security Breach
42 States and District of Columbia Enter into $39.5 Million Agreement with Anthem to Settle Breach-Related Claims
On September 30, 2020, Anthem, Inc., entered into an assurance of voluntary compliance with the attorneys general of 42 states and the District of Columbia to resolve claims under state and federal law relating to Anthem’s 2015 data breach of personal information and protected health information, the largest breach of PHI in history.…
Continue Reading 42 States and District of Columbia Enter into $39.5 Million Agreement with Anthem to Settle Breach-Related Claims
OCR Settles with Orthopedic Clinic for $1.5 Million for Alleged HIPAA Noncompliance
On September 21, 2020, the U.S. Department of Health and Human Services Office for Civil Rights announced a $1.5 million settlement with Athens Orthopedic Clinic PA for alleged violations of the HIPAA Privacy and Security Rules.…
Continue Reading OCR Settles with Orthopedic Clinic for $1.5 Million for Alleged HIPAA Noncompliance