Irene Tham reports: It will soon be mandatory for organisations to inform customers of personal data breaches as soon as they are discovered – if a proposed revision to the law gets the green light. Organisations must also report the breach to the privacy commission within 72 hours. The move by the Personal Data Protection…
Category: Breach Laws
“Shoot the messenger:” NYC hospital and vendor threaten DataBreaches.net for reporting on their security failure
Vendor’s mistake potentially exposed “millions” of Bronx-Lebanon Hospital patients’ information; Hospital and vendor try to claim that iHealth Solutions was “hacked” by security researchers who uncovered the security problem; Hospital and vendor issue series of demands, threaten DataBreaches.net for reporting on incident; On May 3, Kromtech Security’s research team, conducting routine research, found that confidential and sensitive patient…
States Take Action! New Mexico, Tennessee and Virginia Pass New Data Breach Legislation
Michael B. Katz and Cynthia J. Larose of Mintz Levin write: After a quiet winter there has been significant activity in state legislatures to enact, strengthen or clarify their data breach notification statutes. The latest happenings are summarized below and we have updated our “Mintz Matrix” to reflect these new and pending laws. Read more…
New Tenn. Law: No Breach Notice Needed if Data Encrypted
Andrew M. Ballard reports: Companies don’t need to notify Tennessee citizens of personal data breaches if the information was encrypted, under a new law that took effect April 4 and clarifies confusion created by a 2016 amendment. The measure reinstates language in the state’s data breach notice law to remove any doubt that companies do…
Dramatic Overhaul of Israeli Data Security Regulations Passed by Knesset
From Hunton & Williams: Haim Ravia and Dotan Hammer of Pearl Cohen Zedek Latzer Baratz recently published an article outlining Israel’s new Protection of Privacy Regulations (“Regulations”), passed by the Knesset on March 21, 2017. The Regulations will impose mandatory comprehensive data security and breach notification requirements on anyone who owns, manages or maintains a…
Virginia Adds Notification Requirements for Payroll Incidents to Breach Law
Liisa M. Thomas, Robert H. Newman, and Eric J. Shinabarger of Winston Strawn LLP write: With little fanfare, Virginia recently amended its data breach notification law, requiring employers and payroll service providers to notify the Virginia Attorney General if they are subject to a W2 phishing scam. More specifically, the law requires that they notify…