Those who want to see HHS/OCR come down like a ton of bricks on more entities and impose heavier civil monetary penalties for HIPAA breaches will likely not be happy to learn that HHS has decided to reduce the maximum civil penalties it will impose for the four tiers of violations of HIPAA. Under the…
Category: Legislation
B.C. privacy czar urges fast reporting of security breaches
Louise Dickson and Lindsay Kines report: In the wake of a privacy breach at the B.C. Pension Corporation, B.C.’s privacy commissioner is once again calling on the provincial government to compel public and private bodies to report privacy breaches to his office within days of discovery. Michael McEvoy said the case clearly demonstrates why B.C….
PA: Bill Targets Data Security of State Agencies, Municipalities and School Districts
Thomas S. Markey writes: On Feb. 19, a bill was introduced in the Pennsylvania Senate proposing to amend the Pennsylvania Breach of Personal Information Notification Act to add new breach notification requirements for state agencies and political subdivisions of the commonwealth. Enacted in 2005, the act (73 P.S. Section 2301 et seq.) applies to commonwealth…
NZ: Privacy Bill avoids notification fatigue
Tim Murphy reports: MPs have revised privacy legislation to avoid a risk of ‘notification fatigue’ in which holders of data would be forced to advise the public of even minor data breaches. Parliament’s justice select committee has raised the threshold in the Privacy Bill for when mandatory notifications to the Privacy Commissioner and affected individuals would…
Happy First Day of Spring! Ohio Insurance Law Effective Today
Amber Thomson, Liisa Thomas, Elfin Noce, and Kari Rollins of SheppardMullin write: Ohio recently followed South Carolina as the second state to adopt cybersecurity legislation modeled after the NAIC’s Insurance Data Security Model Law. The Ohio law, Senate Bill 273,applies to insurers authorized to do business in Ohio and goes into effect today, March 20,…
Data Breach Reporting Obligations in Saskatchewan
David Krebs and Jacey Safnuk of Miller Thomson LLP write: … Data breach reporting obligations in Saskatchewan are influenced by a total of four relevant pieces of legislation, covering both public and private sectors. These laws will not all apply to every potential breach, of course, but it is crucial for organizations to understand that more…