Steven Erkel and Kaeley Brown of Alston & Bird write: Arkansas In April, Arkansas’ Governor signed H.B. 1943 as Act 1030 expanding the scope of personal information, as used in the Personal Information Protection Act, to include “biometric data.” The Bill defines “biometric data” as “data generated by automatic measurements of an individual’s biological characteristics,…
Category: Of Note
Google disables Baltimore’s Gmail accounts used during ransomware recovery over mistaken security concern
Ian Duncan reports on how your emergency backup might fail for reasons you didn’t anticipate, perhaps. Gmail accounts used by Baltimore officials as a workaround while the city recovers from a ransomware attack were disabled because the creation of a large number of new accounts in one place triggered Google’s automated security system, a spokesman…
District Court Finds no CFAA Violation where Employee Shares Confidential Company Information with Competitor
Jason C. Gavejian and Maya Atrakchi of JacksonLewis write: A district court in Tennessee recently concluded in Wachter Inc. v. Cabling Innovations LLC that two former employees who allegedly shared confidential company information found on the company’s computer system with a competitor did not violate the Computer Fraud and Abuse Act (CFAA). The CFAA expressly…
Medical Informatics Engineering Agrees to Pay $100,000 and to Implement Corrective Action Plan to Settle 2015 HIPAA Breach
From HHS, an update on the Medical Informatics Engineering breach of 2015 that resulted in a multi-state lawsuit (the first of its kind) in December, 2018: Medical Informatics Engineering, Inc. (MIE) has paid $100,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services, and has agreed take corrective…
Lower fines for firms that admit role in data breach
Hariz Baharudin reports: Organisations that admit their role in a data breach and plead guilty to it may get a lower financial penalty from the privacy watchdog if the cause is a common breach. Common breaches include URL manipulation, poor password management or printing errors resulting in incorrect recipients. The Personal Data Protection Commission (PDPC)…
Georgia Supreme Court Clarifies There Is No Duty to Safeguard Personal Information from a Data Breach
Gavin Reinke of Alston & Bird writes: The Georgia Supreme Court recently issued a decision holding that there is no duty to safeguard personal information from a data breach under Georgia law. Georgia Department of Labor v. McConnell involved the accidental disclosure of a spreadsheet that contained the name, social security number, home telephone number,…