On May 4, 2020, Californians for Consumer Privacy (the group behind the ballot initiative that inspired the CCPA) announced that it had collected over 900,000 signatures to qualify the California Privacy Rights Act for the November 2020 ballot.
Continue Reading BREAKING: Californians for Consumer Privacy Introduces California Privacy Rights Act for November 2020 Ballot
Social Security Number
New Hampshire Governor Signs Insurance Data Security Law
On August 2, 2019, New Hampshire Governor Chris Sununu signed into law SB 194, which requires insurers licensed in the state to put in place data security programs and report cybersecurity events. This blog entry provides highlights.
Continue Reading New Hampshire Governor Signs Insurance Data Security Law
New York Amends Breach Notification Law
On July 25, 2019, New York Governor Andrew Cuomo signed into law Senate Bill S5575B, an amendment to New York’s breach notification law. This blog entry provides an overview of the changes.
Continue Reading New York Amends Breach Notification Law
Washington AG Settles with Premera on Behalf of Multistate Coalition
On July 11, 2019, Washington Attorney General Bob Ferguson announced that his office had entered into a consent decree and $10 million settlement with Premera Blue Cross (“Premera”) that stems from a 2014-2015 breach that affected more than 11 million individuals. The settlement, which includes a payment of roughly $5.4 million to Washington state and $4.6 million to a coalition of 29 other state Attorneys General (the “Multistate AGs”), is one of the largest ever for a breach involving protected health information (“PHI”) and comes just one month after another notable HIPAA settlement involving a similar coalition of state AGs.
Continue Reading Washington AG Settles with Premera on Behalf of Multistate Coalition
FTC Finalizes Settlement with ClixSense for Failure to Secure Consumers’ Personal Data
On July 2, 2019, the Federal Trade Commission announced a case involving the operator of an online rewards website who allegedly failed to take reasonable steps to secure consumers’ personal data.
Continue Reading FTC Finalizes Settlement with ClixSense for Failure to Secure Consumers’ Personal Data
First-of-its-Kind Multistate Litigation Involving HIPAA-Related Data Breach Reaches 900,000 Dollar Settlement
Arizona Attorney General Mark Brnovich recently announced a settlement with healthcare software provider Medical Informatics Engineering Inc. and its wholly owned subsidiary NoMoreClipboard, LLC. This blog entry provides an overview of the case. …
Continue Reading First-of-its-Kind Multistate Litigation Involving HIPAA-Related Data Breach Reaches 900,000 Dollar Settlement
Washington Amends Data Breach Notification Law
On May 7, 2019, Washington State Governor Jay Inslee signed HB 1071, which will amend the state’s laws on data breach notification. This blog entry provides an overview of the legislation.
Continue Reading Washington Amends Data Breach Notification Law
Washington State Legislators Approve Amendments to Data Breach Law
On April 22, 2019, Washington state legislators passed HB 1071, a bill that seeks to strengthen the state’s data breach law. The bill is now before Governor Jay Inslee. This blog entry provides an overview of the bill’s key amendments. …
Continue Reading Washington State Legislators Approve Amendments to Data Breach Law
Massachusetts Amends Data Breach Law; Imposes Additional Requirements
On January 10, 2019, Massachusetts Governor Charlie Baker signed legislation amending the state’s data breach law, and the amendments take effect on April 11, 2019. This blog entry provides highlights on the Act. …
Continue Reading Massachusetts Amends Data Breach Law; Imposes Additional Requirements
Supreme Court of Pennsylvania Ruling on Common Law Duty to Protect Electronic Employee Data
On November 21, 2018, the Supreme Court of Pennsylvania found that a putative class action against UPMC by current and former employees should not have been dismissed. Employers have common law duty to use reasonable care to safeguard its employees’ sensitive personal information that it stores on Internet-accessible computer systems, and Pennsylvania’s economic loss doctrine did not bar the plaintiffs’ negligence claim.
Continue Reading Supreme Court of Pennsylvania Ruling on Common Law Duty to Protect Electronic Employee Data