Philip N. Yannella, Gregory P. Szewczyk, and Timothy Dickens of Ballard Spahr write: The California Privacy Protection Agency (CPPA) recently published two new sets of draft regulations addressing a range of cutting-edge data protection issues. Although the CPPA has not officially started the formal rulemaking process, the Draft Cybersecurity Audit Regulations and the Draft Risk Assessment Regulations will serve…
Category: Breach Laws
HHS Office for Civil Rights Settles with L.A. Care Health Plan Over Potential HIPAA Security Rule Violations
LA Care, the largest publicly operated health plan in the country paid $1,300,000 to settle Today, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement of potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Rules with LA Care, the nation’s largest publicly operated health plan that…
Schneck Medical Center settles Indiana Attorney General’s lawsuit over 2021 data breach
Jackson County Schneck Memorial Hospital (Schneck Medical Center) was a victim of a cyberattack in 2021. Its 2021 and 2022 disclosures about the breach and its lack of timely breach notification resulted in a potential class action lawsuit filed in 2022. Its lack of appropriate and timely disclosures and information patients needed to protect themselves…
Update: Tucson Unified School District sends out notifications about January cyberattack
There’s another update to the January cyberattack on TUSD by the Royal ransomware group. While the district was still claiming that sensitive data hadn’t been compromised, data from employees was already being leaked on the dark web as early as February. In the last week of August, TUSD sent out notifications to 28,948 people and…
Joint statement on data scraping and data protection
The Information Commissioner’s Office and eleven other data protection and privacy authorities from around the world have today published a joint statement calling for the protection of people’s personal data from unlawful data scraping taking place on social media sites. Data scraping is an automated way to pull large amounts of information from the web. Scraping from…
Cyberattacks And Compromise of Attorney Client Confidences
Scott Greenfield comments on a ruling previously noted on this site: In an underappreciated ruling, District of Columbia Judge Amit Mehta ruled that the multinational law firm Covington & Burling must comply with an SEC subpoena requiring the firm to give up the names of clients, publicly-traded corporations, in order for the SEC to investigate whether…