Jenny David reports: Companies doing business in Israel will soon face mandatory data security and data breach notification requirements under regulations recently cleared by lawmakers. The data security and breach notice had been governed by voluntary guidelines issued in 2012 by the country’s privacy regulator, the Israeli Law, Information and Technology Authority (ILITA). Companies that didn’t implement…
Category: Breach Laws
NM: Data Breach Notification Passes Senate Committee
Carol A. Clark writes: This afternoon, the Senate Public Affairs Committee unanimously passed House Bill 15, known as the Data Breach Notification Act. The legislation is sponsored by Republican Rep. Bill Rehm of Bernalillo. House Bill 15 would require businesses and other entities to implement reasonable procedures to protect the personal information of consumers. The…
Missouri proposal requires schools to tell you when child’s information stolen
Stephanie Garland reports: Right now the state auditor said hackers can steal your sensitive information and school districts do not have to tell you. That could change this August before some schools start. […] If passed, a new bill would change that and require school districts to report data breaches to parents and the government….
Will a Pending OCR Rule Impact Breach Class-Action Suits?
Marianne Kolbasuk McGee A pending federal regulation – called for under the HITECH Act – that would allow regulators to share with breach victims money collected in HIPAA violation cases eventually could have implications in class-action breach lawsuits, says privacy attorney Adam Greene. The Department of Health and Human Services’ Office for Civil Rights “is working on a new…
First HIPAA enforcement action for lack of timely breach notification settles for $475,000
OCR has announced a settlement involving a breach that I never even reported on this site at the time and that doesn’t appear to have been in the news at the time. A quick look at HHS’s “Wall of Shame” shows two entries for the incident at issue: one entry says it was reported on…
New cyber incident notification guidelines take effect April 1, 2017
Tony Ware reports: The U.S. Computer Emergency Readiness Team (US-CERT) is implementing new reporting requirements beginning April 1, 2017, and just released new guidelines to help federal departments and agencies; state, local, tribal, and territorial government entities; information sharing and analysis organizations; and foreign, commercial and private-sector organizations submit incident notifications. An “incident” is defined…