Steven Erkel and Kaeley Brown of Alston & Bird write: Arkansas In April, Arkansas’ Governor signed H.B. 1943 as Act 1030 expanding the scope of personal information, as used in the Personal Information Protection Act, to include “biometric data.” The Bill defines “biometric data” as “data generated by automatic measurements of an individual’s biological characteristics,…
Category: Commentaries and Analyses
Google disables Baltimore’s Gmail accounts used during ransomware recovery over mistaken security concern
Ian Duncan reports on how your emergency backup might fail for reasons you didn’t anticipate, perhaps. Gmail accounts used by Baltimore officials as a workaround while the city recovers from a ransomware attack were disabled because the creation of a large number of new accounts in one place triggered Google’s automated security system, a spokesman…
District Court Finds no CFAA Violation where Employee Shares Confidential Company Information with Competitor
Jason C. Gavejian and Maya Atrakchi of JacksonLewis write: A district court in Tennessee recently concluded in Wachter Inc. v. Cabling Innovations LLC that two former employees who allegedly shared confidential company information found on the company’s computer system with a competitor did not violate the Computer Fraud and Abuse Act (CFAA). The CFAA expressly…
China Released Core National Standards, Updating Mandatory Cybersecurity Requirements under the Cybersecurity Multi-level Protection Scheme
Yan Luo, Ashden Fein and Zhijing Yu of Covington & Burling write: On May 13, 2019, China’s State Administration for Market Regulation (“SAMR”) released three core national standards related to the country’s Cybersecurity Multi-level Protection Scheme (“MLPS”), describing technical and organizational controls that companies must follow when complying with MLPS-related obligations under the Cybersecurity Law…
Medical Informatics Engineering Agrees to Pay $100,000 and to Implement Corrective Action Plan to Settle 2015 HIPAA Breach
From HHS, an update on the Medical Informatics Engineering breach of 2015 that resulted in a multi-state lawsuit (the first of its kind) in December, 2018: Medical Informatics Engineering, Inc. (MIE) has paid $100,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services, and has agreed take corrective…
Lower fines for firms that admit role in data breach
Hariz Baharudin reports: Organisations that admit their role in a data breach and plead guilty to it may get a lower financial penalty from the privacy watchdog if the cause is a common breach. Common breaches include URL manipulation, poor password management or printing errors resulting in incorrect recipients. The Personal Data Protection Commission (PDPC)…