More than 5 months after a ransomware incident, Wolverine Solutions Group is still in the process of notifying more than 700 companies and 1.2 million patients. Should they even have to, or has the government imposed too burdensome a responsibility on entities that experience attacks to individually notify patients when there is no evidence of…
Category: Of Note
Republicans, Democrats Offer Different Views on Preemption During Senate Privacy Hearing
James Strawbridge of Covington & Burling writes: At a February 27, 2019 hearing on “Privacy Principles for a Federal Data Privacy Framework in the United States,” Republican and Democratic members of the Senate Commerce, Science, & Transportation Committee offered different perspectives on whether new federal privacy legislation should preempt state privacy laws. Chairman Roger Wicker…
NJ Measure to Expand Disclosure of Online Breaches Heads to Governor
Suzette Parmley reports that New Jersey is on the verge of expanding its breach notification law as a bill is headed to the Governor’s desk for signature. A-3245/S-52 would amend the law to include among the information triggering a notification requirement: usernames, email addresses, and any passwords or security questions and answers that would permit access…
Pap smears, STIs and flu: What the N.W.T. gov’t didn’t tell you about a stolen laptop (Part 1)
Priscilla Hwang provides a troubling update on a stolen laptop incident disclosed last year. This story is Part 1 of 3 on the stolen laptop files. Part 2 is scheduled for Tuesday and Part 3 will publish next week. The number of people whose personal health information was put at risk after a laptop was stolen last year…
Grassroots List of Cybersecurity Indictments of State-Sponsored Hackers
Seen at Meritalk: Katie Nickels, a threat intelligence expert for MITRE, released a grassroots compiled list of recent cybersecurity indictments of state-sponsored hackers earlier this week. The list, which is compiled in a Google Doc, includes 30 indictments at the current moment, spanning from June 2011 to Feb. 2019. “When I tweeted that I wanted…
Privacy Commissioner Publishes Investigation Report on the 2018 Incident of Intrusion into Hong Kong Broadband Network’s Customer Database Affecting 380,000 Customers
February 21 – The Privacy Commissioner for Personal Data, Hong Kong (Privacy Commissioner) Mr Stephen Kai-yi WONG published an investigation report in accordance with section 48(2) of the Personal Data (Privacy) Ordinance (the Ordinance) on the incident of Hong Kong Broadband Network Limited (HKBN)’s inactive database having been intruded in mid-April 2018 (the incident) that…