John Cassell, Imran Ahmad,and Miranda Sharpe of Norton Rose Fulbright write: On July 27, 2022, the Office of the Information and Privacy Commissioner of Alberta (OIPC) released its 2022 PIPA Breach Report.[1] The report analyzes the nearly 2,000 breach reports[2] received by the OIPC during the ten year period since reporting was mandated in Alberta under…
US regulator urges MFA and puts banks on notice – not reasonably protecting data is illegal
Jim Nash reports: A U.S. consumer finance regulator has published a circular warning that insufficient security for consumer biometric and other personal data is illegal under federal law. Multi-factor authentication is singled out as a method of making data security sufficient. Anyone reading that who still thinks it will never happen to them is invited…
Au: WA Health sorry over monkeypox data breach
Michael Ramsey reports: Western Australia’s health department has apologised for accidentally leaking the personal details of passengers aboard a flight carrying a person infected with monkeypox. A woman who travelled on the flight from Doha last week said she received the document in an email from WA Health. It contained the personal information of 47…
Court Authorizes Service of John Doe Summons Seeking the Identities of U.S. Taxpayers Who Have Used SFOX Cryptocurrency Dealer
On Aug. 15, 2022, a federal court in the Central District of California entered an order authorizing the IRS to serve a John Doe summons on SFOX, a cryptocurrency prime dealer headquartered in Los Angeles, California, seeking information about U.S. taxpayers who conducted at least the equivalent of $20,000 in transactions in cryptocurrency between 2016…
NY: Practice Resources, LLC notifies 942,138 patients after ransomware attack
On August 4, Practice Resources, LLC notified the California Attorney General’s Office that it had been the victim of a ransomware attack on April 12. They also notified HHS that 942,138 patients were affected by the breach (see below). The New York firm is a business associate that provides a variety of health management services,…
Atlantic Dialysis Management Services notifies patients of data security incident
On August 5, Atlantic Dialysis Management Services (ADMS) in New York issued a press release that no longer appears to be available on any of the sites that published it — with one exception. ADMS also posted a security incident notice on its website. Their website notice reads, in part: On June 9, 2022, Atlantic…