Amanda Connolly reports: After close to three years, the government is finally pushing through regulations that require companies to tell Canadian consumers when their personal information is compromised. The Digital Privacy Actbecame law in August 2015, but several of its provisions were not immediately implemented and have languished on the books pending official authorizations needed…
Category: Of Note
Virtua Medical Group Agrees to Pay Nearly $418,000, Tighten Data Security to Settle Allegations of Privacy Lapses Concerning Medical Treatment Files of Patients
There’s a follow-up to a breach previously reported on this site in 2016 in which a transcription vendor’s error resulted in the exposure of some Virtua Medical Group’s patients’ protected health information on the internet. It appears that New Jersey has settled charges against VMG over the incident. Of note, the charges are that the VMG…
Facebook hackers could have collected personal data of 2 billion users
Craig Timberg, Tony Romm and Elizabeth Dwoskin of The Washington Post report: Facebook said Wednesday that “malicious actors” took advantage of search tools on its platform, making it possible for them to discover the identities and collect information on most of its 2 billion users worldwide. The revelation came amid rising acknowledgment by Facebook about…
UK: Warning to police staff as force fined £130,000 for losing rape victim interview
From the Information Commissioner’s Office, an enforcement action in a troubling breach incident: Humberside Police has been fined £130,000 by the Information Commissioner’s Office (ICO) after disks containing a video interview of an alleged rape victim went missing. The three unencrypted disks and accompanying paperwork were left in an envelope on an officer’s desk. The…
Alabama Becomes 50th State to Enact Data Breach Notification Law
Edward McAndrew of Ballard Spahr LLP writes: Alabama has officially joined the data breach notification party. Alabama Governor Kay Ivey signed Act No. 2018-396 into law on March 28, 2018. The law will take effect on May 1, 2018. Although it was last in the country to enact such a data security law, Alabama’s new…
Fourth Annual Data Security Incident Response Report Released – Building Cyber Resilience
Theodore J. Kobus III writes: On Monday we published our fourth annual Data Security Incident Response Report, which provides an analysis of the more than 560 cyber incidents handled by the team in 2017. Reflecting on the increasingly sophisticated nature of attacks, the aggressiveness by regulators in researching breaches and the expectations of highly developed responses,…