Privacy/Data Security/Cyber Risk

Subscribe to Privacy/Data Security/Cyber Risk via RSS
Late last year, the United States District Court for the District of New Jersey dismissed a securities fraud litigation that had been brought against a payment card processor in connection with the theft, by cybercriminals, of credit and debit card information from the company’s computer system. 


Read More District of New Jersey Dismisses Securities Fraud Claims Against Company That Suffered Data Breach

Recently, the Supreme Judicial Court of Massachusetts upheld two lower court decisions dismissing, on separate motions to dismiss and for summary judgment, a number of claims brought by credit unions against a retailer in connection with a breach of debit and credit card data. 


Read More Massachusetts Supreme Court Affirms Dismissal of Data Breach Claims Brought Against Retailer by Financial Institutions

New requirements making the HIPAA privacy and security rules applicable to business associates of healthcare entities became effective on February 17, 2010.  However, the new requirements, under the the Health Information Technology for Economic and Clinical Health (“HITECH”) Act, may not be enforced immediately. 


Read More Business Associate Regulations Effective; Enforcement Uncertain

The Ponemon Institute, a privacy and information management research firm, released its fifth annual U.S. Cost of a Data Breach Study (the “Study”).  According to the Study the cost of a data breach increased two dollars from last year to $204 per compromised record.  Although the number of reported data breaches decreased (657 in 2008 and 498 in 2009), the  average total cost of a data breach rose from $6.65 million in 2008 to $6.75 million in 2009. 


Read More Study Shows Cost of Data Breaches Increases

On January 27, 2010, the American Medical Association, American Dental Association, American Osteopathic Association, and the American Veterinary Medical Association sent a letter to the FTC Chairman, Jon Leibowitz, requesting that the FTC announce that the Red Flags Rule will not be applied against licensed health care professionals until at least 90 days after the final resolution of the American Bar Association (ABA) lawsuit (as we reported here) and commit that, if the final resolution of the ABA lawsuit is that the Red Flags Rule will not be applied to attorneys, the FTC will not apply the Red Flags Rule to licensed health care professionals either. 
Read More Medical Professionals Continue to Challenge the FTC’s Enforcement of the Red Flags Rule

The Privacy and Data Protection Group of Edwards Angell Palmer & Dodge is holding a 60 minute complimentary webinar entitled “Local Issue/National Challenge:  March 1 Massachusetts Data Security Requirements” on February 11, 2010 at 12:00 p.m. 


Read More EAPD Complimentary Webinar: Local Issue / National Challenge: March 1 Massachusetts Data Security Requirements (February 11, 2010)

January 28, 2010, was International Data Privacy Day – an annual event intended to raise awareness of data privacy and to promote data privacy education.  National and state governments, corporations such as Intel and Google, and institutions including universities observed the occasion.  (In Europe, the event is known as “Data Protection Day”). 


Read More January 28, 2010: Data Privacy Day

In our January 2010 Client Advisory (see the Client Advisory here) we wrote that, pending the outcome of a recent Ministry of Justice consultation, the Information Commissioner’s Office (the ICO) may be given increased statutory powers to impose fines. In a press release on 12 January 2010, the ICO confirmed this power is expected to come into force on 6 April 2010. 


Read More UK: Data Breaches to Incur up to £500,000 Penalty