Simon Sharwood reports: India’s rules requiring local organizations to report infosec incidents within six hours of detection have been observed by a mere 15 entities. India’s Computer Emergency Response team (CERT-In) revealed that low, low, level of compliance in response to a Right to Information (RTI) request filed by Indian tech news outlet MediaNama, which reported the news…
Category: Federal
Romanian entities issued monetary penalties for infosecurity and data protection failures
Regulators in Romania have issued monetary penalties to six Romanian entities for insufficient technical and organizational measures to ensure information security. Two other entities were issued fines for other GDPR violations. The fines for insufficient technical and organizational measures ranged from 1,000 to 10,000 euros. Two of the entities were in the medical center. A…
Jelly Bean Communications Design and its Manager Settle False Claims Act Liability for Cybersecurity Failures on Florida Medicaid Enrollment Website
There’s an update to the Florida Healthy Kids breach that was due to their vendor, Jelly Bean Communications, not patching vulnerabilities for seven years. The incident was reported to HHS in January 2021 as impacting 3.5 million patients. Today, the U.S. Department of Justice announced: Jelly Bean Communications Design LLC (Jelly Bean) and Jeremy Spinks…
Monetary Authority of Singapore Sets Out Revised Expectations for Notification of Data Breaches by Licensed Insurers
Rajesh Sreenivasan, Steve Tan, Benjamin Cheong, Lionel Tan, Tanya Tang, Wong Onn Chee, Simon Goh, and Wang Ying Shuang of Rajah & Tann Asia write: On 22 February 2023, the Monetary Authority of Singapore (“MAS“) issued Circular No. ID 03/23 – Notification of Data Breaches to the Monetary Authority of Singapore (“Circular 03/23“). Circular 03/23…
After newest data leak, lawyers say time for Putrajaya to give up PDPA immunity
R. Loheswar reports: Continued breaches exposing Malaysians’ private information at government agencies meant the Personal Data Protection Act (PDPA) should be amended to finally make these accountable, said legal experts. In its current form, the PDPA only covers commercial entities and transactions, exempting both the federal and state governments from its rules and principles, including…
FTC Publishes Blog Post on Data Security Practices for Complex Systems
Caleb Skeath, Shayan Karbassi, and Ashden Fein of Covington & Burling write: In February, the Federal Trade Commission (“FTC”) published a blog post that elucidated key security principles from recent FTC data security and privacy orders. Specifically, the FTC highlighted three practices that the Commission regards as “effectively protect[ing] user data.” These practices include: (1) offering multi-factor…