Ranjan Agarwal, Keely Cameron, J. Sébastien A. Gittens, and Justin Lambert of Bennett Jones write: Court of Queen’s Bench of Alberta, in Setoguchi v Uber B.V., 2021 ABQB 18, recently dismissed an application for certification of a proposed class action resulting from a data breach because there was no evidence of harm or loss. This class…
Category: Breach Laws
At House SolarWinds hearing, bipartisan lawmakers announce breach disclosure bill
Joe Uchill reports: At a joint hearing of the House Oversight and Homeland Security Committee about the SolarWinds-related espionage campaign, Rep. Michael McCaul, R-Texas, said that he and Rep. Jim Langevin, D-R.I., are working on legislation to require companies to notify the federal government after similar breaches. The Friday House hearing was the second hearing of…
HITECH Amendment Provides Some Protection For Covered Entities and Business Associates that Adopt Recognized Security Standards
Anna D. Kraus, Libbie Canter, Tara Carrier, and Olivia Vega of Covington & Burling write: On January 5, 2021, an amendment to the Health Information Technology for Economic and Clinical Health (“HITECH”) Act was signed into law. The amendment requires the U.S. Department of Health and Human Services (“HHS”) to “consider certain recognized security practices of covered…
HIPAA Enforcement by State Attorneys General
HIPAA Journal has a nice recap of of HIPAA enforcement actions by states attorney general. You can read it here.
An Overview of Cybersecurity Law in Taiwan
John Eastwood, Nathan Snyder, Wendy Chu, David Rosenthal and Lloyd G. Roberts III of Eiger write: 1. GOVERNING TEXTS In Taiwan, there are two main branches of legislation pertaining to information security: legislation on cybersecurity and legislation protecting personal data. While the information security aspects of personal data protection legislation (mainly the PDPA) only apply…
EDPB Publishes Guidelines on Examples regarding Data Breach Notification
Hunton Andrews Kurth writes: On January 18, 2021, the European Data Protection Board (“EDPB”) released draft Guidelines 01/2021 on Examples regarding Data Breach Notification (the “Guidelines”). The Guidelines complement the initial Guidelines on personal data breach notification under the EU General Data Protection Regulation (“GDPR”) adopted by the Article 29 Working Party in February 2018. The new draft…