Suzanne Smalley reports: Over the course of the last week, 118 class action lawsuits were filed against data brokers who allegedly failed to respond to requests from about 20,000 New Jersey law enforcement personnel asking to remove their personal information from the internet. New Jersey law prohibits the disclosure of home addresses and unpublished telephone…
Category: State/Local
Attorney General James Sues Citibank for Failing to Protect and Reimburse Victims of Electronic Fraud
Imagine having a law on your side that actually helps you in the event your bank account is hacked or your funds are stolen by scammers, but the bank never tells you that you are protected by that law, and worse, does not comply with it. According to NYS Attorney General Letitia James, that’s pretty…
NYS announces $8 Million Penalty Against Genesis Global Trading, Inc. After DFS Investigation Finds Significant Failings in Anti-Money Laundering and Cybersecurity Programs
January 12, 2024 New York State Department of Financial Services (DFS) Superintendent Adrienne A. Harris today announced that Genesis Global Trading, Inc. (“Genesis Global Trading”) will pay an $8 million penalty to New York State for compliance failures that violated DFS’s virtual currency and cybersecurity regulations and left the company vulnerable to illicit activity and…
Resources: Breach notification laws: US and GDPR
The law firm of BakerHostetler has recently released several free resources of note: EU GDPR Data Breach Notification Interactive Map State Data Breach Notification Law Interactive Map PDF Version of State Data Breach Notification Laws They have also released their annual Data Security Incident Response Report for 2023. Thanks, as always, to Joe Cadillic for…
Attorney General James Reaches Agreement with Refuah Health Center to Invest $1.2 Million to Protect Patient Data and Pay $450,000 in Penalties to State
January 5, 2024 NEW YORK – New York Attorney General Letitia James today announced an agreement with a Hudson Valley-area health care provider, Refuah Health Center, Inc. (Refuah), for failing to safeguard the personal and private health information of its patients. The Office of the Attorney General (OAG) found that Refuah failed to maintain appropriate controls to protect and limit access to sensitive data, including by failing to encrypt patient information and using multi-factor authentication. As…
Seeking clarification on Maine’s data breach notification statute
If you can’t get an interpretation of a state breach notification statute from the state’s attorney general, where can you get it? DataBreaches recently wrote to the Maine Attorney General’s Office: I am not sure I really understand a provision in Chapter 210-B §1348. Security breach notice requirements, and am seeking clarification. In Paragraph 1,…