Cory Bennett reports: Retailers on Tuesday doubled down on their opposition to a data breach notification bill favored by financial firms. The Retail Industry Leaders Association (RILA), one of the sector’s largest trade groups, argued in a letter to House leadership that the measure would be unfair to large swaths of the economy. The bill,…
Category: Federal
INAI urges Mexican Senate to pass legislation to help protect personal information
In the wake of the massive voter data leak affecting 87 million Mexican voters, INAI has urged the Senate to pass secondary legislation that would strengthen data protection by expanding the law to apply to political parties and agencies, and not just private businesses. I would think the leak would be enough to garner legislative support…
Australian Mandatory Data Breach Regime Moves Closer to Reality
Michael Park and Jamie Griffin write: As mentioned in our previous legal update, the Australian Attorney-General’s Department released and sought comments on an exposure draft of a mandatory data breach notification bill, the Privacy Amendment (Notification of Serious Data Breaches) Bill 2015 (Cth) (Exposure Bill). The time for submissions has now closed, and the Attorney-General’s Department has published a…
Breach or Ransomware Attack? Can’t Sue Under HIPAA, but Maybe Under CFAA
Lucy Li of Fox Rothschild writes: HIPAA itself does not provide a private right of action. So when a hacker or rogue employee impermissibly accesses or interferes with electronic data or data systems containing protected health information, an employer subject to HIPAA cannot sue the perpetrator under HIPAA. Similarly, when a ransomware attack blocks access…
When do covered entities need to report ransomware incidents to HHS?
At the PHI Protection Network conference last week, we spent a lot of time discussing the increasing rate of ransomware attacks. I asked a number of people whether they thought that ransomware attacks that (merely) locked up the data with no evidence of exfiltration had to be reported to HHS. I got a variety of…
Update on Canadian Data Breach Regulations: Consultation
Timothy M. Banks of Dentons writes: Innovations, Science and Economic Development Canada has issued a consultation paper asking Canadians what should be included in new data breach regulations that will be made under the Personal Information Protection and Electronic Documents Act(PIPEDA). The consultation will close on May 31, 2016. Following this consultation process, the Canadian Government will publish…