David A. Zetoony, Joshua A. James, Jena M. Valdetero, and Christopher M. Achatz of Bryan Cave provide an overview of significant differences between U.S. breach notification laws and the EU’s General Data Protection Regulation (“GDPR”). Here’s a snippet from their analysis: That said, there are several significant differences including: Type of Information Governed. Data breach notification laws in the United States apply…
Category: Of Note
New cyber incident notification guidelines take effect April 1, 2017
Tony Ware reports: The U.S. Computer Emergency Readiness Team (US-CERT) is implementing new reporting requirements beginning April 1, 2017, and just released new guidelines to help federal departments and agencies; state, local, tribal, and territorial government entities; information sharing and analysis organizations; and foreign, commercial and private-sector organizations submit incident notifications. An “incident” is defined…
FINRA Fines Lincoln Financial Subsidiary $650,000 For Cybersecurity Shortcomings
Glen A. Kopp and Laura Preback Hang of Bracewell LLP write: A Lincoln Financial Group subsidiary agreed to pay $650,000 to the Financial Industry Regulatory Authority (FINRA) to resolve allegations that it failed to implement sufficient security policies to protect confidential customer information after its web-based customer account database was hacked in 2012. The 2012…
Madison Square Garden Company Alerts Customers of Payment Card Data Breach
A major breach was just discovered last month, it seems. Here’s MSG’s full notice from their web site, today: The Madison Square Garden Company Notifies Customers of Payment Card Incident November 22, 2016 California residents please click here The Madison Square Garden Company (“MSG”) understands the importance of protecting payment card data. After MSG was notified…
UMass settles potential HIPAA violations following 2013 malware infection
The University of Massachusetts Amherst (UMass) has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules. The settlement includes a corrective action plan and a monetary payment of $650,000, which is reflective of the fact that the University operated at a financial loss in…
Bryan Cave Data Security Breach Handbook – 2016
From Bryan Cave, this free resource on Incident Readiness and Response: Since the first publication of this handbook in 2014, the legal ramifications for mishandling a data security incident have become more severe. In the United States, the number of federal and state laws that claim to regulate data security has mushroomed. The European Union has also…