By Porter Wright on On Sept. 21, 2021, the Department of Treasury, Office of Foreign Assets Control (OFAC), updated its published guidance regarding sanctions risks associated with making ransomware payments and its official policy on such payments. This updated guidance, taken in conjunction with OFAC’s recent sanctions designation of a cryptocurrency payment exchange frequently used for ransomware payments, and … Continue Reading
By Katja Garvey on On June 4, 2021, the European Commission (EC) adopted a modernized set of standard contractual clauses for international data transfers (New SCCs) aimed at better protection of the data businesses transfer out of the European Union (EU). These New SCCs, which will take effect on June 27, 2021, will replace the standard contractual clauses that … Continue Reading
By Porter Wright on Implementing a cybersecurity framework may begin to pay off for companies doing business in Ohio. As anyone following data privacy litigation knows, litigation stemming from data breach incidents can prove to be extraordinarily burdensome and expensive. Ohio is the first state to pass a law that will limit a business’s exposure in data breach litigation … Continue Reading
By Donna Ruscitti on “The risk of loss due to some form of cyberattack should prompt employers to consider insuring against those losses. But, not all cyberinsurance policies are created equal.” Our colleague, Brian Hall, writes in the most recent Employer Law Report blog post which discusses the recent 6th Circuit case, American Tooling Center, Inc. v. Travelers Casualty and Surety … Continue Reading
By Porter Wright on On July 1, 2018, all fifty states will have active data breach statutes that govern the notification process for companies that experience a data loss incident. Alabama and South Dakota both recently passed data breach laws, representing the last two states to enact data breach legislation. As with other data breach statutes, Alabama and South … Continue Reading
By Donna Ruscitti on This week our colleagues at Employer Law Report published a post discussing the recent “Wannacry” ransomware attack. In the post, Brian Hall outlines the risks employers may face when dealing with cyber attacks and how human resource departments can help protect their organizations. Click below to read the full article. Don’t wannacry? Help your IT staff prevent … Continue Reading
By Porter Wright on The new year continues as the old ended, with HIPAA enforcement actions. On Jan. 11, 2017, MAPFRE Life Insurance Company of Puerto Rico (MAPFRE Life) entered into a Resolution Agreement with the United States Department of Health and Human Services, Office for Civil Rights (HHS) in which MAPFRE Life agreed to pay approximately $2.2 million … Continue Reading
By Donna Ruscitti on Consumer data breaches happen all of the time. And some of those times, consumers may not have had harm…yet. Our colleagues at Antitrust Law Source published a podcast discussing the how fear of harm may or may not warrant relief and the recent differing court decisions. Listen to the podcast, “Consumer data breaches.”… Continue Reading
By Donna Ruscitti on Porter Wright continues its tradition of providing cutting-edge information about how technology affects your business with the 2016 Technology Seminar Series, beginning May 18. This year’s sessions are: May 18: Big Data, Data Analytics & the Law 2016: What Your Company Needs to Know About the Evolution of the Next Big Thing “Big data” is one of today’s … Continue Reading
By Donna Ruscitti on Our colleagues over at Antitrust Law Source recently published a podcast on the inevitable health care data breach and how you can lessen the damages. Some key issues include: when to review data security policies, how to prepare for a potential breach and how to deal with third-party vendor access. Listen to the podcast to … Continue Reading
By Porter Wright on A few weeks ago, more than 1,000 academics, legal practitioners and government officials convened for one of Europe’s premier privacy law events: the Computers, Privacy and Data Protection (CPDP) conference in Brussels, Belgium. Europeans dominated this crowd but a significant number of participants from other countries, including the U.S., made this a truly international gathering. I … Continue Reading
By Jay L. Levine on At the end of last month, Boston hospital Beth Israel Deaconess Medical Center (BIDMC) settled a data breach lawsuit brought by the Massachusetts Attorney General related to the 2012 theft of a physician’s laptop. Under a consent decree entered on Nov. 20, 2014, BIDMC agreed to pay $100,000 and to take a number of steps … Continue Reading
By Brian Hall on The recent data breaches at Target, Home Depot, and Jimmy John’s have kept data privacy and security in the news lately. But from a legal perspective, there has never been much that the victims of these breaches could do to obtain a remedy in the absence of actual proof of identity or other theft. Indeed, … Continue Reading
By Donna Ruscitti and Porter Wright on The Florida Information Protection Act of 2014, aimed at strengthening Florida’s data breach notification law, goes into effect tomorrow, July 1, 2014. The act contains major changes to Florida’s existing data breach notification statute and makes it one of the toughest in the nation. Shortened notice period For example, notice to consumers must be given within … Continue Reading
By Donna Ruscitti on Porter Wright continues its tradition of providing cutting-edge information about how technology affects your business with the 2014 Technology Seminar Series, beginning June 18. This year’s sessions are: Social media in litigation: a shield and a sword June 18 The worlds of social media and litigation have collided. Social media evidence is used in employment … Continue Reading
By Jay L. Levine on A decision from the U.S. District Court for the District of New Jersey last week affirmed the Federal Trade Commission’s assertion of authority to prosecute data security breaches under Section 5 of the Federal Trade Commission Act. The FTC has increasingly used its authority under Section 5, which makes it unlawful to engage in “unfair … Continue Reading
By Donna Ruscitti on As companies struggle with how to develop cloud strategies that are both cost effective and protect sensitive consumer and corporate data, the National Institute of Standards and Technology (NIST) can provide hands-on information to the private sector to help implement a reasonable cloud computing solution. Though NIST provides guidelines to the U.S. Government, the private … Continue Reading
By Donna Ruscitti on On June 19, Porter Wright launches its four-part seminar series covering technology topics at the forefront of today’s businesses. Technology Law Source will continue to cover these topics in future blog posts, including navigating through U.S. and international laws, regulations and standards. The seminar series comprises: Social Media in the Law: Learn It and Use … Continue Reading
By Donna Ruscitti on Brand and business reputation suffer following a data breach. A recently released survey puts some numbers to the losses and shows just how much that damage can be, with breach of customer data being the most costly. The study, independently conducted Ponemon Institute LLC and sponsored by Experian® Data Breach Resolution, is believed to be … Continue Reading
By Porter Wright on Please join us for this informative series focused on the technical, enforcement, and practical aspects of experiencing and responding to a data security incident. For the complete invitation and details on registration please click here. IDENTITY THEFT, CORPORATE DATA SECURITY BREACHES AND LAW ENFORCEMENT: SHOULD I CALL THE COPS? Learn How to Effectively Utilize Law … Continue Reading
By Porter Wright on The Department of Health and Human Services (HHS) announced yesterday that it was temporarily withdrawing the breach notification final rule from review of the Office of Management and Budget (OMB) to allow HHS further time to consider these regulations. The breach notification rule, among other things, requires covered entities to notify individuals whose protected health information … Continue Reading
By Porter Wright on This week, the Identity Theft Resource Center released its 2010 data breach statistics report for data breaches through June 22, 2010. According to this weekly report, 2010 has already seen 325 reported data breaches exposing approximately 8.3 million records. Considering that the 2009 report shows 498 reported data breaches for all of last year, it looks like … Continue Reading
By Porter Wright on In January 2008, the Davidson Companies, a financial services holding company, announced that a database containing current and past customer records had been hacked during a SQL injection attack. On April 14, 2010—more than two years after the network intrusion—the Financial Industry Regulatory Authority (FINRA) fined the company $375,000 for the breach.… Continue Reading