Social Security Number

On July 11, 2019, Washington Attorney General Bob Ferguson announced that his office had entered into a consent decree and $10 million settlement with Premera Blue Cross (“Premera”) that stems from a 2014-2015 breach that affected more than 11 million individuals. The settlement, which includes a payment of roughly $5.4 million to Washington state and $4.6 million to a coalition of 29 other state Attorneys General (the “Multistate AGs”), is one of the largest ever for a breach involving protected health information (“PHI”) and comes just one month after another notable HIPAA settlement involving a similar coalition of state AGs.

Continue Reading Washington AG Settles with Premera on Behalf of Multistate Coalition

Arizona Attorney General Mark Brnovich recently announced a settlement with healthcare software provider Medical Informatics Engineering Inc. and its wholly owned subsidiary NoMoreClipboard, LLC. This blog entry provides an overview of the case.
Continue Reading First-of-its-Kind Multistate Litigation Involving HIPAA-Related Data Breach Reaches 900,000 Dollar Settlement

On November 21, 2018, the Supreme Court of Pennsylvania found that a putative class action against UPMC by current and former employees should not have been dismissed. Employers have common law duty to use reasonable care to safeguard its employees’ sensitive personal information that it stores on Internet-accessible computer systems, and Pennsylvania’s economic loss doctrine did not bar the plaintiffs’ negligence claim.
Continue Reading Supreme Court of Pennsylvania Ruling on Common Law Duty to Protect Electronic Employee Data

Effective October 1, 2018, Connecticut law requires organizations that experience a security breach affecting Connecticut residents’ Social Security numbers to provide 24 months of credit monitoring to affected individuals. Previously, Connecticut law required entities to provide 12 months of credit monitoring for breaches affecting SSNs.
Continue Reading Connecticut Requires 24 Months of Credit Monitoring for Certain Security Breaches

On June 28, 2018, the Governor of California signed the California Consumer Privacy Act of 2018. The Act introduces key privacy requirements for businesses, and was passed quickly by California lawmakers in an effort to remove a ballot initiative of the same name from the November 6, 2018, statewide ballot. The Act will take effect January 1, 2020.
Continue Reading California Consumer Privacy Act Signed, Introduces Key Privacy Requirements for Businesses