Issued Date: September 26, 2024 Agency/Authority: State Education Department Full Report (.pdf) Objective To determine the extent of implementation of the three recommendations included in our initial audit report, Privacy and Security of Student Data (Report 2021-S-29). About the Program The State Education Department (SED) is part of the University of the State of New York, one of…
Attorney General Tong Co-Leads $52 Million Multistate Settlement with Marriott for Data Breach of Starwood Guest Reservation Database
The following enforcement action was related to FTC action, also announced today, but is a separate settlement with states. The following press release is from Connecticut’s Attorney General: (Hartford, CT) – Attorney General Tong announced today that a coalition of 50 attorneys general, co-led by Connecticut, has reached a settlement with Marriott International, Inc. as…
FTC Takes Action Against Marriott and Starwood Over Multiple Data Breaches
From the Federal Trade Commission: The Federal Trade Commission will require Marriott International, Inc. and its subsidiary Starwood Hotels & Resorts Worldwide LLC to implement a robust information security program to settle charges that the companies’ failure to implement reasonable data security led to three large data breaches from 2014 to 2020 impacting more than 344…
General Hospital Cybersecurity Requirements Take Effect in New York
Mark Furnish and Jane M. Preston of Greenberg Traurig, LLP write: A new regulation related to cybersecurity program requirements for all New York general hospitals licensed under Article 28 of the Public Health Law (PHL) took effect Oct. 2, 2024. All general hospitals must comply with the new provisions within one year of the adoption…
Qatar Financial Centre issues company $150,000 fine for data breach
Asmahan Qarjouli reports: The Qatar Financial Centre’s (QFC) Data Protection Office (DPO) has issued a $150,000 fine on a company under its license following a data breach that enabled access to personal data. The measures, the first of their kind in Doha, were taken by DPO on Tuesday following an investigation that detected breaches of…
Ex-Uber CISO Requests a New, ‘Fair’ Trial
Kristina Beek reports: Former Uber CISO Joseph Sullivan, convicted in 2023 of trying to cover up a data breach, is seeking a new trial, citing procedures omissions from his original trial that his lawyers said tainted the verdict. Sullivan was initially convicted on charges related to Uber’s 2016 data breach and was sentenced to three years of…