Craig A. Newman of Patterson Belknap writes: Starting today, Ohio businesses with written cybersecurity programs will be looking for a free pass if they are sued under state law over a data breach. Ohio’s Data Protection Act (Senate Bill 220, Ohio Rev. Code § 1354.01, et seq.) goes into effect today, creating a safe harbor…
Category: Of Note
NJ Settles Charges Against Business Associate Responsible for Virtua Medical Patient Data Breach: Vendor Owner Pays $200,000 and is Barred From Owning or Managing Any Business in NJ Again
One question that occasionally pops up is how often businesses go out of business after or due to a data breach. My answer to that is “not often,” but we do it occasionally. In some cases, the breach may just have been a final straw for an already shaky business. Yesterday, during a webinar with…
Connecticut Requires 24 Months of Credit Monitoring for Certain Security Breaches
Hunton writes: Effective October 1, 2018, Connecticut law requires organizations that experience a security breach affecting Connecticut residents’ Social Security numbers (“SSNs”) to provide 24 months of credit monitoring to affected individuals. Previously, Connecticut law required entities to provide 12 months of credit monitoring for breaches affecting SSNs. The amendment was passed as part of…
Private messages from 81,000 hacked Facebook accounts for sale
Andrei Zakharov reports: Hackers appear to have compromised and published private messages from at least 81,000 Facebook users’ accounts. The perpetrators told the BBC Russian Service that they had details from a total of 120 million accounts, which they were attempting to sell, although there are reasons to be sceptical about that figure. Facebook said…
Virginia Hospital Must Answer for Snooping Employees’ Privacy Breach
From Bloomberg Law: A Virginia health-care system will have to answer claims that it is liable for its employees’ snooping into a patient’s confidential health information. A Virginia trial court shouldn’t have dismissed Lindsey Parker’s complaint alleging Carilion Healthcare Corp. and Carilion Clinic should be held liable for their employees’ wrongdoing, the Virginia Supreme Court…
Litigation Options For Post-Cyberattack ‘Active Defense’
Alexander Berengaut and Tarek Austin of Covington & Burling write: In March 2017, Rep. Tom Graves, R-Ga., introduced a draft bill titled the Active Cyber Defense Certainty Act. The bill would amend the Computer Fraud and Abuse Act to enable victims of cyberattacks to employ “limited defensive measures that exceed the boundaries of one’s network…