I just shook my head yesterday when I heard about a proposed law in Minnesota that would require breach notification within 48 hours of discovery, the offer of free credit monitoring for one year, and golly gee, a $100 gift card that would be valid for one year if the breached entity was a retailer. Apparently I…
UK: Failure to adequately redact results in undertaking for Treasury Solicitor’s Department
In the UK, the Treasury Solicitor’s Department has signed an undertaking with the Information Commissioenr’s Office. As described in the undertaking, there had been a number self-reported breaches involving exposure of individuals’ information due to incomplete redactions or failure to fully check: The Information Commissioner (the ‘Commissioner’) was contacted by the data controller on 6…
Comparison of Five Data-Breach Bills Currently Pending in the Senate
Meena Harris writes: Data security continues to be a hot issue on Capitol Hill, and just yesterday Attorney General Eric Holder urged Congress to create a “strong, national standard” for quickly reporting data breaches to consumers. Democratic and Republican senators have been busy drafting legislation that would establish national requirements for data security and breach notice. The following bills…
University of Maryland revises offer of free credit monitoring to five years, creates cybersecurity task force
The University of Maryland has lengthened the time of free credit monitoring it will offer to the hundreds of thousands of people whose personal information was compromised during a data breach. President Wallace Loh said in a statement posted Tuesday on the university’s website that those affected will be offered five years of free credit…
Lawsuits against Target continue to be filed in wake of breach
MPR News reports that several Minnesota banks have sued Target over its recent data breach: The First Farmers & Merchants National Banks of Grand Meadow, Cannon Falls, Luverne, Fairmont, and Brownsdale. And for those keeping count, MPR reports: So far, Target now faces 22 data breach lawsuits in the Minnesota U.S. District Court alone. The…
Indiana University notifying 146,000 current & former students that details were accessed by webcrawlers over 11-month period
Indiana University issued the following statement today: Indiana University notified the Indiana attorney general’s office today of the potential exposure of personal data for some students and recent graduates. The data potentially at risk for disclosure includes names, addresses and Social Security numbers for approximately 146,000 students and recent graduates across seven IU campuses who…