On July 1, 2009, new laws will take effect in Alaska and South Carolina that will require entities that have experienced data security breaches involving personal information to notify affected individuals of the breaches. With these additions, a total of 44 states, plus the District of Columbia, Puerto Rico and the U.S. Virgin Islands, will…
Category: Of Note
NYS Worker Pleads to ID theft
As a follow-up to an insider breach reported in April, Walter Healey, a former employee of New York State’s Department of Taxation and Finance pleaded guilty to stealing the identities of taxpayers and will now have to pay restitution and serve 1 ½ to 4 years in prison upon sentencing in October. AP also provides…
FTC Approves Consent Order in CVS Case
Following a public comment period, the Commission has approved a final consent order in the CVS Caremark case involving failure to adequately secure customers’ medical and financial data. Prior coverage of the case can be found here. Additional documents on the case can be found here. According to the complaint, CVS Caremark did not implement…
TJX Settles with 41 States
TJX announced that it has settled with 41 Attorneys General over its massive data breach that they disclosed two years ago. In its statement, TJX denied that it broke any laws, saying, “TJX firmly believes that it did not violate any consumer protection or data security laws.” Under the terms of the settlement, as described…
EPIC Urges Comprehensive Strategy for ID Theft
From EPIC.org: With ID theft rapidly increasing in the United States, EPIC Executive Director Marc Rotenberg urged a Congressional Committee to address the root causes of the problem. In a testimony before the House Oversight Committee, Mr. Rotenberg said that the government typically acts only after the crime has occurred and warned that the problem…