Tag Archives: Social Security Number

Kentucky Enacts Data Breach Notification Law

On April 10, 2014, the Governor of Kentucky signed into law a data breach notification statute requiring persons and entities conducting business in Kentucky to notify individuals whose personally identifiable information was compromised in certain circumstances. The law will take effect on July 14, 2014. … Continue Reading

North Dakota Amends Breach Notification Law to Cover Health Information

On April 19, 2013, the North Dakota legislature amended the state’s breach notification law (Section 51-30-01 of the North Dakota Century Code) to expand the definition of “personal information” to include “health insurance information” and “medical information.” Pursuant to the amended breach law, “health insurance information” is defined to mean an “individual’s health insurance policy … Continue Reading

Amended COPPA Rule Comes into Effect

The Federal Trade Commission’s changes to the Children’s Online Privacy Protection Rule come into effect today. This post summarizes key changes affecting businesses subject to the amended Rule.… Continue Reading

FTC Issues Updated FAQs Addressing COPPA Compliance Requirements

On April 25, 2013, the Federal Trade Commission released an updated version of its frequently asked questions regarding the Children’s Online Privacy Protection Act of 1998 that provide general information on COPPA’s requirements and also include new guidance on the recent amendments to the Children’s Online Privacy Protection Rule. … Continue Reading

Insurance Coverage for Security Breach Lawsuits

In a recent article published by the American Bar Association’s Insurance Coverage Litigation Committee, Hunton & Williams counsel William T. Um explores insurance recovery options related to the defense of class action lawsuits following data security breaches and other privacy incidents.… Continue Reading

FTC Settles Alleged Breach of Consumers’ Personal Information

On January 28, 2013, the Federal Trade Commission announced a proposed settlement agreement with CBR Systems, Inc., an operator of a cord blood bank, for its failure to implement reasonable and appropriate measures to protect its consumers’ personal information from unauthorized access, which contributed to a December 2010 security incident.… Continue Reading

FTC Finalizes Settlements Relating to P2P Privacy Violations

On October 26, 2012, the Federal Trade Commission finalized its settlement agreements with two businesses that allegedly exposed thousands of customers’ sensitive personal information by allowing peer-to-peer file-sharing software to be installed on their company computer systems.… Continue Reading

FTC Settles Spying Case

On September 25, 2012, the Federal Trade Commission announced that it had settled a case involving allegations of spying by software company DesignerWare, LLC, and several rent-to-own companies that rented computers to consumers.… Continue Reading

FTC Announces Settlements Relating to P2P Data Breaches

On June 7, 2012, the Federal Trade Commission announced settlement agreements with two businesses for allegedly compromising the security of consumer personal information by allowing peer-to-peer file-sharing software to be installed on company computers. One of the companies also was charged with violations of the GLB Safeguards Rule and Privacy Rule.… Continue Reading

Minnesota AG Sues Debt Collection Agency for Health Privacy Violations

On January 19, 2012, Minnesota Attorney General Lori Swanson announced a lawsuit against Accretive Health, Inc., alleging that the debt collection company failed to adequately safeguard patients’ protected health information and violated HIPAA, the Minnesota Health Records Act, Minnesota’s debt collection statutes and Minnesota’s consumer protection laws.… Continue Reading

California Bulks Up Security Breach Notification Requirements

On August 31, 2011, California Governor Jerry Brown signed into law amendments to the state's security breach notification law; similar bills had been vetoed twice in the past by former Governor Schwarzenegger. As of January 1, 2012, entities will be required to notify the California Attorney General when a breach affects more than 500 California residents, and there will be specific content requirements for the notification provided to individuals. … Continue Reading