Cynthia Larose and Amy Malone describe recent changes to Vermont’s law that strengthens some consumer protections: Effective as of May 8, 2012, Vermont’s updated data breach law (Act 109) brings along several changes. The biggest change is in the notification requirements. Notification to consumers must now occur no later than 45 days after discovery of the incident and must…
Month: June 2012
States crack down on prescription-drug "doctor shopping"
Mary Wisniewski of Reuters has an informative report on the state of prescription databases across states. She writes, in part: Forty-three states now have databases to keep track of who is getting prescriptions for powerful pain relievers such as oxycodone, Vicodin and Opana. Pharmacists enter prescriptions for controlled substances into the database, so prescribers can…
A Six-Figure Credit Breach at Five Guys (updated)
I hate it when we only find out about data breaches from lawsuits, but at least we find out. Marlene Kennedy of Courthouse News reports: Five Guys burger joints failed to safeguard their data, giving hackers access to the accounts of debit-card-paying customers, a bank claims in court. Trustco Bank says the hackers racked up…
OH: Legislation proposal would require online security breaches to be reported
Jim Siegel reports that Rep. John Patrick Carney is planning to introduce a law requiring state agencies, businesses, and institutions to report any database security breach to the Ohio attorney general’s office if any Ohio resident’s personal information was accessed. Notification would have to be made within 40 days of discovery of a breach. Ohio…
NHS Trust fined £325,000 following data breach; Trust “frankly surprised” at fine and intends to appeal
Back in January, I noted that the ICO was preparing to levy a huge fine on Brighton and Sussex University Hospitals NHS Trust after hard drives with patient data were stolen and put up for sale on eBay. We later learned that the thief was an employee of a contractor. The possibility of the fine was revealed by the…
NHS Trust fined £325,000 following data breach; Trust "frankly surprised" at fine and intends to appeal
Back in January, I noted that the ICO was preparing to levy a huge fine on Brighton and Sussex University Hospitals NHS Trust after hard drives with patient data were stolen and put up for sale on eBay. We later learned that the thief was an employee of a contractor. The possibility of the fine…