Despite all that made 2020 an unusual year, data security incidents did not slow down. For organizations that are covered by the Health Insurance Portability and Accountability Act (HIPAA), the deadline to report small incidents is fast approaching. Organizations that experienced a data security incident in 2020, which affected the protected health information (PHI) of less than 500 individuals, have until March 1, 2021 to submit their notification to the U.S. Dept. of Health & Human Services.
Read more »Tag: breach notification
-
Don’t Forget the HIPAA Small Breach Notification Deadline of March 1, 2021. It’s Right Around the Corner! Posted on: February 10, 2021 In: Data Privacy & Cybersecurity
-
Legislative Alert: Washington Expands Definition of Personal Information for Public Agencies Posted on: April 22, 2020 In: Data Privacy & Cybersecurity
On March 18, 2020, Washington State Governor Jay Inslee signed into law Senate Bill 6187, which amends the state’s security breach notification statute as applicable to state and local agencies by expanding the definition of “personal information” to include the last four digits of an individual’s Social Security number.
Read more »
-
Legislative Alert: D.C. Passes Security Breach Protection Amendment Act, Creating New Notice Requirements and Cybersecurity Safeguards Posted on: April 17, 2020 In: Data Privacy & Cybersecurity
On March 26, 2020, District of Columbia Mayor Muriel Bowser signed into law Act 23-268, known as the “Security Breach Protection Amendment Act of 2020.” The Act, which amends section 28 of Chapter 38 of the District of Columbia Code, broadens the existing definition of “personal information,” increases the breach notice contents requirements, provides attorney general notice requirements, and mandates cybersecurity safeguards.
Read more »
-
Legislative Alert: Virginia Expands Insurance Data Security Requirements Posted on: March 31, 2020 In: Data Privacy & Cybersecurity
On February 25, 2020, the Virginia State Legislature passed House Bill 1334, the Insurance Data Security Act, which establishes data security requirements applicable to persons licensed by the insurance laws of the Commonwealth. Following on other state laws that have created data security regimes applicable to the insurance industry, the Virginia law requires licensees to maintain the security of information systems and nonpublic information.
Read more »
-
Legislative Alert: Vermont Expands Definition of Personal Information and Enacts Protections for Student Privacy and Automatic Subscription Renewals Posted on: March 19, 2020 In: Data Privacy & Cybersecurity
On March 5, 2020, Vermont Governor Phil Scott signed into law Senate Bill 110, which amends sections of Chapter 62 of the Vermont Statutes Annotated - “Protection of Personal Information” - including Sections 2430, 2435, and 2454. The bill also adds Section 2443 to the chapter, which governs the privacy of student information belonging to preschool, kindergarten, elementary, and secondary school students.
Read more »
-
Washington State Data Breach Notification Statute Updates Go Into Effect, Imposing New Requirements on Businesses Posted on: March 17, 2020 In: Data Privacy & Cybersecurity
Effective March 1, 2020, amendments to the Washington State data breach notification statute made the law significantly more onerous for companies dealing with data security incidents. The amendments, which we first covered in May 2019, expanded the definition of personal information, shortened the deadlines for notification, and imposed additional requirements for notice contents.
Read more »
-
HIPAA Small Breach Notification Deadline is March 1, 2020 – The Clock’s Ticking to Submit to HHS/OCR! Posted on: February 27, 2020 In: Data Privacy & Cybersecurity
Organizations that experienced a data incident in 2019 affecting the protected health information (PHI) of less than 500 individuals have just a few more days to submit their notification to the U.S. Department of Health & Human Services’ Office for Civil Rights (HHS/OCR).
Read more »
-
Legislative Alert: California Expands Definition of Personal Information Posted on: November 01, 2019 In: Data Privacy & Cybersecurity
On October 11, 2019, California Governor Gavin Newsom signed into law Assembly Bill 1130, which amends The Information Practices Act of 1977, as well as California Civil Code §§ 1798.29, 1798.81.5 and 1798.82. The bill expands the definition of “personal information” under the California data breach notification statutes applicable to businesses and to government agencies.
Read more »
-
Illinois Amends Student Online Personal Protection Act, Adding Data Breach Notification Provisions Posted on: September 17, 2019 In: Data Privacy & Cybersecurity
On August 23, 2019, Illinois Governor J.B. Pritzker signed into law the Student Online Personal Protection Act of 2019 (SOPPA). Amending the previous version of SOPPA, this ambitious legislation gives parents greater control over student data, imposes new breach notification requirements, and regulates the collection and use of student data.
Read more »
-
Legislative Alert: New York Expands Data Breach Obligations for Credit Reporting Agencies Posted on: August 15, 2019 In: Data Privacy & Cybersecurity
New York Governor Andrew Cuomo has signed into law Senate Bill S3582, which further expands obligations owed to consumers when a data security breach affects a credit reporting agency.
Read more »
-
Legislative Alert: New York Amends Its Data Breach Notification Law Posted on: August 12, 2019 In: Data Privacy & Cybersecurity
New York Governor Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security (SHIELD) Act, Senate Bill 5575B/Assembly Bill 5635B. The SHIELD Act updates the state’s existing data breach notification law, N.Y. Gen. Bus. Law § 899-aa, and creates a new section, § 899-bb, requiring reasonable data security for “private information” and granting enforcement powers to the attorney general against non-compliant entities.
Read more »
-
Ransomware Reminders: Implementing Best Practices & Avoiding the Biggest Mistakes Posted on: June 27, 2019 In: Data Privacy & Cybersecurity
Ransomware continues to ravage systems across the globe in part because, unlike more typical malware, its lifespan on a computer is incredibly short. Recent strains like Ryuk and BitPaymer encrypt files and deliver their ransomware messages within seconds of appearance on a victim’s computer, leaving little time for detection and defense. The FBI recently alerted data security professionals worldwide to be aware of yet another new variant – this one called RobbinHood – that follows similar attack vectors.
Read more »