Rick Earle reports: An exclusive Target 11 investigation into a massive data breach last year has led to a new state law meant to protect every citizen of the Commonwealth. Target 11 Investigator Rick Earle broke the story of that data breach last April and now because of his reporting, state lawmakers passed legislation requiring timely notification of…
Category: State/Local
New South Wales gets first state-based data breach notice scheme
Justin Hendry reports: New South Wales will have Australia’s first mandatory data breach notification scheme for public sector entities in place within a year after state government legislation passed Parliament. The Privacy and Personal Information Protection Amendment Bill underpinning the long-promised regime sailed through the Legislative Council last night without amendment, having passed the Legislative Assembly…
NY: DFS Superintendent Adrienne A. Harris Announces Updated Cybersecurity Regulation
Amends First-In-The-Nation Cybersecurity Regulation Created in 2017 in Response to Increasingly Sophisticated Technologies and Threats The Department Seeks Comments on the Proposed Regulation During the Next 60 Days Superintendent of Financial Services Adrienne A. Harris announced today that the New York State Department of Financial Services (DFS) proposed an updated cybersecurity regulation. DFS’s original regulation, which…
Bug Bounties and Ransomware Demands: Storm Clouds Ahead for In-House Counsel
Michael Ward, Matthew Baker, and Jessica Wu of Baker Botts write about the conviction of Uber’s former security chief for felony violations of obstructing a Federal Trade Commission investigation and “misprision of felony” for failing to disclose a 2016 data breach. They then discuss issues for in-house counsel that the case raises, beginning with: Action…
PA: Data breach notification legislation heads to Gov. Wolf
Brett Balicki reports: A bill to help notify victims of a data breach is heading to Gov. Tom Wolf’s desk for consideration. The General Assembly has approved Sen. Dan Laughlin’s legislation, Senate Bill 696, that would require state agencies and their contractors, as well as local governments, to notify victims of a data breach involving personally…
New York Department of Financial Services settles charges against EyeMed with a $4.5 million penalty and remedial cybersecurity plan
In January 2022, DataBreaches reported that New York announced a $600,000 agreement with EyeMed that resolved a 2020 phishing incident that compromised the personal information of approximately 2.1 million consumers nationwide, including 98,632 in New York. But that was not the end of enforcement action and monetary penalties for EyeMed. Now the state’s Department of…