Suzette Parmley reports that New Jersey is on the verge of expanding its breach notification law as a bill is headed to the Governor’s desk for signature. A-3245/S-52 would amend the law to include among the information triggering a notification requirement: usernames, email addresses, and any passwords or security questions and answers that would permit access…
Category: Of Note
Pap smears, STIs and flu: What the N.W.T. gov’t didn’t tell you about a stolen laptop (Part 1)
Priscilla Hwang provides a troubling update on a stolen laptop incident disclosed last year. This story is Part 1 of 3 on the stolen laptop files. Part 2 is scheduled for Tuesday and Part 3 will publish next week. The number of people whose personal health information was put at risk after a laptop was stolen last year…
Grassroots List of Cybersecurity Indictments of State-Sponsored Hackers
Seen at Meritalk: Katie Nickels, a threat intelligence expert for MITRE, released a grassroots compiled list of recent cybersecurity indictments of state-sponsored hackers earlier this week. The list, which is compiled in a Google Doc, includes 30 indictments at the current moment, spanning from June 2011 to Feb. 2019. “When I tweeted that I wanted…
Privacy Commissioner Publishes Investigation Report on the 2018 Incident of Intrusion into Hong Kong Broadband Network’s Customer Database Affecting 380,000 Customers
February 21 – The Privacy Commissioner for Personal Data, Hong Kong (Privacy Commissioner) Mr Stephen Kai-yi WONG published an investigation report in accordance with section 48(2) of the Personal Data (Privacy) Ordinance (the Ordinance) on the incident of Hong Kong Broadband Network Limited (HKBN)’s inactive database having been intruded in mid-April 2018 (the incident) that…
No Damages Required to Sue Under Illinois Biometric Information Privacy Act
Anjali C. Das, Brian Dollar, Stefanie L. Ferrari, and David H. Potter of Wilson Elser Moskowitz Edelman & Dicker LLP write: …. Following the rise of the use of biometric information, the Illinois Legislature passed the Biometric Information Privacy Act (BIPA) in 2008 to provide standards of conduct to help regulate how biometric information is collected,…
Turkish Data Protection Authority Announces The Procedure To Be Taken By Companies In Cases Of Data Breaches
Ertuğrul Can Canbolat LL.M., Baran Can Yildirim, LL.M. and S. İrem Akin of Actecon write: Article 12 of the Turkish Data Protection Law No. 6698 (“TurkishData Protection Law“) entitled “Obligations Regarding Data Security” deals with the obligations of the data controller. Article 12/1 of the Turkish Data Protection Law states the data controller shall take…