Joseph J. Lazzarotti writes: Most breach notification mandates require a notice be provided without unreasonable delay. In some cases, such as under HIPAA, the same standard applies but also with an outside date to provide the notice – 60 days. Proposed regulations under the Affordable Care Act would require notification to the Department of Health…
Month: June 2013
Former UNL student federally indicted in security breach
Lori Pilger reports a former student arrested in connection with the hack at University of Nebraska-Lincoln in 2012 that also affected the state college system faces additional charges: Daniel Stratman, 23, already faced a criminal charge — reckless damage to a protected computer during unauthorized access — filed by the U.S. Attorney’s Office in December. Now he faces a dozen counts….
Senator Toomey reintroduces bill to preempt state data breach notification laws
John Eggerton reports that Senator Pat Toomey (R-PA) has introduced the “Data Security and Breach Notification Act of 2013” (S. 1193). Although the bill’s text is not yet available online, it’s reportedly the same bill he introduced last year: In the event of data breaches, “the bill would direct companies possessing personal data to notify…
Facebook Security Breach Exposes Six Million Email Addresses and Telephone Numbers
Kara Swisher reports: Facebook reported on Friday a bug in its system “that may have allowed some of a person’s contact information (email or phone number) to be accessed by people who either had some contact information about that person or some connection to them.” The bug, which was reported via Facebook’s crowdsourced, White Hat security researcher program,…
Banana Republic Accidentally Sends Customer a Package Of Confidential Employee Information
Oops. Kim Bhasin reports: Emily Dreyfuss and her fiancé were stunned when they opened their package from Banana Republic. Instead of the tie and pocket square they’d ordered, the parcel was stuffed full of confidential employee documents: Social Security numbers, tax forms, resignation letters, legal notices, doctors’ notes and performance reviews. “Someone literally just put…
OR: Break-in at North Lincoln County Community Health Center Clinic
Here’s one I missed last week, from The NEWSGuard: “It feels really not good and it is a violating feeling to have someone break into your clinic,” said Gretchen Gantz, HIPAA Privacy and Security Officer for Lincoln County Health and Human Services. Her statement follows the break-in of the North Lincoln County Community Health Center…