Breach Laws – Page 37 – DataBreaches.Net

First HIPAA enforcement action for lack of timely breach notification settles for $475,000

Posted on January 9, 2017 by Dissent

OCR has announced a settlement involving a breach that I never even reported on this site at the time and that doesn’t appear to have been in the news at the time. A quick look at HHS’s “Wall of Shame” shows two entries for the incident at issue: one entry says it was reported on…

New cyber incident notification guidelines take effect April 1, 2017

Posted on November 25, 2016 by Dissent

Tony Ware reports: The U.S. Computer Emergency Readiness Team (US-CERT) is implementing new reporting requirements beginning April 1, 2017, and just released new guidelines to help federal departments and agencies; state, local, tribal, and territorial government entities; information sharing and analysis organizations; and foreign, commercial and private-sector organizations submit incident notifications. An “incident” is defined…

New York State Proposes Cybersecurity Regulation for Financial Services Institutions

Posted on September 16, 2016 by Dissent

Micaela McMurrough, Ashden Fein and Catlin Meade write: On September 13, 2016, New York Governor Andrew Cuomo announced a proposed regulation that would require financial service institutions to develop and implement cybersecurity programs to prevent and mitigate cyber-attacks. The proposed regulation will be subject to a 45-day comment period once it is published in the New York State…

HK: Computer with 3,600 patients’ information stolen

Posted on September 3, 2016 by Dissent

RTHK reports: A laptop computer, containing information of more than 3,600 patients, has allegedly been stolen at Queen Mary Hospital. The computer belongs to the Department of Medicine of the University of Hong Kong. The case has been reported to police and the privacy commissioner. The university has apologised to the affected patients. And that’s…

130 days, 1,500 notifications: Does Dutch breach rule foreshadow GDPR?

Posted on May 16, 2016 by Dissent

Lokke Moerel and Alex van der Wolk write: As we write this, it is now four months since the new data breach notification law in the Netherlands went into effect. Since 1 January 2016, data controllers are obliged to notify the Dutch data protection authority (DPA) and individuals if the security of personal data has been…

Ontario health privacy breach notification bill passes third reading

Posted on May 10, 2016 by Dissent

Canadian Underwriter notes: An Ontario government bill proposing to increase fines, to $500,000, for health privacy violations recently passed third reading at Queen’s Park in Toronto. Bill 119 proposes some changes to Ontario’s Personal Health Information Protection Act (PHIPA). Read more on Canadian Underwriters.