David Stauss of Ballard Spahr writes: In March, we reported that the Oregon legislature was considering amending its data breach notification and information security laws. That legislation has now passed the Oregon legislature and been signed into law by Oregon’s governor. A copy of the new law is available here. The most notable changes are as follows: Amendments to Oregon’s Breach Notification…
South Dakota Enacts Breach Notification Law
Hunton & Williams write: As reported in BNA Privacy Law Watch, on March 21, 2018, South Dakota enacted the state’s first data breach notification law. The law will take effect on July 1, 2018, and includes several key provisions: Definitions of Personal Information and Protected Information. The law defines personal information as a person’s first name or…
Is OCR Moving the Goal Posts on Vendor Management?
Yesterday, I posted an item about a settlement between New Jersey and Virtua Medical Group after a 2016 data leak by their transcription vendor exposed approximately 1,600 patients’ information on the internet. New Jersey took the position that this was a HIPAA violation and that the entity was responsible for what its vendor had done…
Dozens of hospital staff access medical records of suicidal reality soap star
Dozens of people have been able to access the medical files of a television reality show star who tried to commit suicide, according to television current affairs show EenVandaag. Samantha de Jong, better known as Barbie, was admitted to hospital in January after trying to kill herself. She had hardly been off the tv since…
DriveHer, ride-sharing app for women, suspends service after data breach exposes personal information
Jaren Kerr reports: The owner of a ride-sharing app created to increase safety and security for women drivers and riders has suspended its services after learning that its user data was vulnerable to a breach. DriveHer, which launched in Toronto in March and has more than 1,000 downloads, was created to both empower women and…
Companies will now have to tell Canadian consumers when their privacy is breached — and do it quickly
Amanda Connolly reports: After close to three years, the government is finally pushing through regulations that require companies to tell Canadian consumers when their personal information is compromised. The Digital Privacy Actbecame law in August 2015, but several of its provisions were not immediately implemented and have languished on the books pending official authorizations needed…