Aultman Health Foundation Notifying Patients of Insider-Wrongdoing The Ohio foundation is notifying approximately 7,000 patients that a former employee accessed their records without business need. HOYA Optical Labs of America Notifying Patients of Ransomware Incident As first reported by HealthITSecurity, the Japanese-headquartered firm notified 3,259 U.S. patients of a ransomware incident. The incident occurred in…
Category: Breach Laws
SmartSearch issues warning over risk of GDPR breach
admin posted: Anti-money laundering specialist SmartSearch said regulated businesses in the housing chain which are relying on manual customer records risk non-compliance more than three years after the GDPR laws came into force in the UK. John Dobson, CEO at SmartSearch explained even after this time had lapsed a lot of firms did not have…
Maine and North Dakota Are Latest States to Adopt the NAIC Data Security Model Law
Deborah George of Robinon + Cole writes: Two more state governors, those of Maine and North Dakota, have signed bills into law that adopt the National Association of Insurance Commissioners (NAIC) data security model law (Model Law). Maine and North Dakota join several other states that have already passed similar laws. Hawaii, Idaho, Illinois, Iowa,…
SG: Revised Guides on Managing Data Breach and Active Enforcement Now Available
An announcement from the Personal Data Protection Commission of Singapore: The PDPC has updated Guide to Managing Data Breaches 2.0 (now known as the Guide on Managing and Notifying Data Breaches under the PDPA) with details of the mandatory data breach notification requirement under the PDPA. Access the Guide here. The Guide on Active Enforcement has…
CIPL Submits Response to the EDPB Guidelines on Examples Regarding Data Breach Notification
Hunton Andrews Kurth writes: On March 2, 2021, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth submitted its response to the European Data Protection Board (“EDPB”) consultation on draft guidelines on examples regarding data breach notification (the “Guidelines”). The Guidelines were adopted on January 14, 2021 for public consultation. The EDPB’s Guidelines are intended to provide concrete personal…
Et tu, Canada? Evidence of Harm Required To Advance Class Action Following Data Breach
Ranjan Agarwal, Keely Cameron, J. Sébastien A. Gittens, and Justin Lambert of Bennett Jones write: Court of Queen’s Bench of Alberta, in Setoguchi v Uber B.V., 2021 ABQB 18, recently dismissed an application for certification of a proposed class action resulting from a data breach because there was no evidence of harm or loss. This class…