Joseph Lazzarotti and Phillip A. Baggett of Jackson Lewis write: On May 27, 2023, Texas’ Governor signed Senate Bill 768 amending Texas’ data breach notification law. The law in question, Section 521.053 of the Texas Business and Commerce Code, sets out the specific requirements any person conducting business in the state who owns or licenses sensitive personal…
Category: Legislation
Pennsylvania Senate committee approves Phillips-Hill’s measure to protect student data, privacy
The Senate Education Committee approved the Student Data Privacy and Protection Act, according to the measure’s sponsor Sen. Kristin Phillips-Hill (R-York). Senate Bill 565 modernizes Pennsylvania law to accommodate student information being stored online, as well as students learning and attending school online. As is currently stands, student-related data is being generated, collected, and stored within…
HHS OCR settles charges against Manasa Health Center for disclosing PHI in response to a negative online review
New Jersey psychiatry practice pays $30,000 to settle complaint about impermissible disclosure of protected health information by disclosing this information in online review Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announces a settlement with Manasa Health Center, LLC, a health care provider in New Jersey that provides…
Update on GLBA Safeguards Rule in Higher Education
Benjamin Wanger and Pierce T. Cox of BakerHostetler write: On February 9, 2023, the Department of Education Office of Federal Student Aid (“FSA”) issued an electronic notice regarding the Federal Trade Commission’s Final Rule amending the Standards for Safeguarding Customer Information (“Safeguards Rule”) under the Gramm-Leach-Bliley Act (“GLBA”). The amendments to the Safeguards Rule, which go into…
NYSDFS Fines Lender and Mortgage Servicer $4.25M for Cybersecurity Failures Including Vendor Management
Joseph Lazzarotti of JacksonLewis writes: Yesterday, New York’s Department of Financial Services (“DFS”) announced another enforcement action under the state’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R. Part 500 (“Reg 500”). According to the press release, OneMain Financial Group LLC (“OneMain”) will pay a $4.25 million penalty to New York State for alleged violations of Reg 500. In…
Pennsylvania Breach of Personal Information Notification Act (BPINA)
John F. Lushis, Jr. of Norris McLaughlin P.A. writes: In December 2005, Pennsylvania enacted the Breach of Personal Information Notification Act (the “2005 BPINA”). Known as the 2005 BPINA Act, its purpose is to provide “for security of computerized data and for the notification of residents whose personal information data was or may have been disclosed…