Christos Makridis writes: Surprisingly, data breaches can be good for some corporate brands, a new study shows. When hackers pirate their way past corporate firewalls and publicize the private lives of consumers, the betrayal of consumer trust and the aura of corporate incompetence should sink a company’s reputation. But the real world is more complicated….
Category: Commentaries and Analyses
Scripps Breach Too California Heavy for Federal Courtroom
Samantha Hawkins reports: A proposed class action against Scripps Health over a 2021 data breach was thrown out of federal court Wednesday, when a Southern District of California judge said too many Californians meant it lacked jurisdiction. Surprised? I was. But Hawkins explains: But because most—96.3%—of the 144,011 individuals notified about the ransomware attack had…
New York State Comptroller DiNapoli Releases School District Audits
The state comptroller has released two more school district audits of information technology. Putnam Valley Central School District – Information Technology (2021M-154) Audit Period July 1, 2019 – May 31, 2021. We extended the audit period forward through July 28, 2021 to complete IT testing. Quick District Facts Local User Accounts 2,626 Employees 502 Student…
The high cost of mishandling data breaches, security reporting for financial services
Karen Hoffman reminds readers of the costs of poor security, reporting, in part: Last month, the U.S. Securities and Exchange Commission (SEC) fined Chase $125 million due to employees’ insecure practices, namely using WhatsApp and personal email accounts to transact official business, thus not adhering to SEC record-keeping requirements. Additionally, under a separate enforcement action,…
Proposed settlement reached in lawsuit against Excellus
One year after Excellus settled with OCR over a 2015 data breach, there is now a proposed settlement in a class action lawsuit that was filed in response to the breach. The terms of the settlement, which have not yet been approved by the court, do not involve paying even one dime to class members….
Revised Health Breach Notification Rule resources spell out companies’ legal obligations
Lesley Fair writes: Shoppers can find a plethora of apps, trackers, and sensors that hold or capture almost every conceivable form of personal health information. If your business or nonprofit offers products like that or provides certain services to entities that do – and you aren’t subject to HIPAA – you may be covered by…