Hunton Andrews Kurth writes: On October 11, 2019, California Governor Gavin Newsom signed into law AB 1130, which expands the types of personal information covered by California’s breach notification law to include, when compromised in combination with an individual’s name: (1) additional government identifiers, such as tax identification number, passport number, military identification number, or other…
Category: State/Local
South Korean National and Hundreds of Others Charged Worldwide in the Takedown of the Largest Darknet Child Pornography Website, Which was Funded by Bitcoin
From the Department of Justice: FOR IMMEDIATE RELEASE Wednesday, October 16, 2019 South Korean National and Hundreds of Others Charged Worldwide in the Takedown of the Largest Darknet Child Pornography Website, Which was Funded by Bitcoin Dozens of Minor Victims Who Were Being Actively Abused by the Users of the Site Rescued Jong Woo Son,…
California Passes Several Amendments to the California Consumer Privacy Act
Dorian Simmons of Alston & Bird writes: The California legislature passed several amendments to the California Consumer Privacy Act of 2018 (Cal. Civ. Code §§ 1798.100 to 1798.190) (the “CCPA”) on September 13, 2019. (See our previous blog posts here: Which CCPA Amendments Made the Cut? and Potential Changes to the CCPA; California Senate Considers…
Maryland Adds Insurance Commissioner to Breach Notification Requirements
Liisa Thomas, Kari Rollins and Julia Kadish of Sheppard Mullin write: Effective October 1, 2019, organizations providing health insurance and related services must notify the Maryland Insurance Administration as part of its breach notification requirements. In August 2019, the Maryland Insurance Administration issued Bulletin 19-14 informing insurers, nonprofit health plans, HMOs, managed care organizations, managed general agents and…
Are thedarkoverlord’s victims entitled to damages from Athens Orthopedic Clinic? Georgia Supreme Court to rule.
Bill Rankin reports: In the spring of 2016, a cyber thief calling himself the “Dark Overlord” hacked into the databases of a Clarke County medical clinic and emerged with the personal information of an estimated 200,000 patients. The Athens Orthopedic Clinic refused to pay the hacker’s ransom and advised current and former patients to set…
New Notification Requirements in New York for Healthcare Providers Facing a Cybersecurity Incident
Frank J. Fanshawe, Joseph J. Lazzarotti, Jason C. Gavejian and Maya Atrakchi of JacksonLewis write: On August 12, Mahesh Nattanmai, New York’s Chief Health Information Officer, issued a notice letter (“the notice”) on behalf of the New York State Department of Health (“Department”) requiring healthcare providers to use a new notification protocol for informing the…