Kristof Van Quathem of Covington and Burling writes: In December 2023, the Dutch SA fined a credit card company €150,000 for failure to perform a proper data protection impact assessment (“DPIA”) in accordance with Art. 35 GDPR for its “identification and verification process”. First, the Dutch SA decided that the company was required to perform a DPIA…
Category: Legislation
German security researchers at risk of prosecution for “hacking” because of a plain text hardcoded password?
Over on Infosec.Exchange, Will Palant posted: Yellow Flag @[email protected] German law is making security research a risky business. Current news: A court found a developer guilty of “hacking.” His crime: he was tasked with looking into a software that produced way too many log messages. And he discovered that this software was making a MySQL…
NYS announces $8 Million Penalty Against Genesis Global Trading, Inc. After DFS Investigation Finds Significant Failings in Anti-Money Laundering and Cybersecurity Programs
January 12, 2024 New York State Department of Financial Services (DFS) Superintendent Adrienne A. Harris today announced that Genesis Global Trading, Inc. (“Genesis Global Trading”) will pay an $8 million penalty to New York State for compliance failures that violated DFS’s virtual currency and cybersecurity regulations and left the company vulnerable to illicit activity and…
After Barrage of Hacks, Hospitals Will Face New Federal Cybersecurity Rules Tied to Funding
Eric Geller reports: The Biden administration plans to unveil new cybersecurity requirements for hospitals in the coming weeks as government officials scramble to stem a disturbing tide of hacks that have crippled health-care providers, delayed procedures and raised concerns about patient safety. The Centers for Medicare & Medicaid Services, an arm of the Department of…
Resources: Breach notification laws: US and GDPR
The law firm of BakerHostetler has recently released several free resources of note: EU GDPR Data Breach Notification Interactive Map State Data Breach Notification Law Interactive Map PDF Version of State Data Breach Notification Laws They have also released their annual Data Security Incident Response Report for 2023. Thanks, as always, to Joe Cadillic for…
Attorney General James Reaches Agreement with Refuah Health Center to Invest $1.2 Million to Protect Patient Data and Pay $450,000 in Penalties to State
January 5, 2024 NEW YORK – New York Attorney General Letitia James today announced an agreement with a Hudson Valley-area health care provider, Refuah Health Center, Inc. (Refuah), for failing to safeguard the personal and private health information of its patients. The Office of the Attorney General (OAG) found that Refuah failed to maintain appropriate controls to protect and limit access to sensitive data, including by failing to encrypt patient information and using multi-factor authentication. As…