Privacy/Data Security/Cyber Risk Archives - Page 16 of 21

Washington New Credit Card Data Breach Liability Law

May 7, 2010 | Privacy/Data Security/Cyber Risk | United States

Washington Governor Christine Gregoire recently signed HB 1149 into law. Under HB 1149, if a person or entity that meets the definition of a “processor” or “business” that fails to take reasonable steps to guard against unauthorized access to credit or debit card account information that is in its possession, and such failure is found to be the proximate cause of a breach, the processor or business is liable to the financial institution for reimbursement of reasonable actual costs related to the reissuance of credit or debit cards, even if the financial institution has not suffered an injury as a result of the breach.

California Proposes Amendment to Data Breach Notification Law

May 7, 2010 | Privacy/Data Security/Cyber Risk | United States

The California State Senate approved Senate Bill 1166 on April 15, 2010. The bill amends sections 1798.29 and 1798.82 of the California Civil Code, which require state agencies and businesses to notify California residents of a data breach, by adding specific content requirements for such notices.

Liability Insurer Seeks Declaration of No Coverage in School Laptop Monitoring Case

Apr 27, 2010 | Coverage & Claims, Privacy/Data Security/Cyber Risk | United States

An insurer that issued a school district liability policy to the Lower Merion School District has filed a declaratory judgment action, seeking a ruling that a recent privacy-related civil rights lawsuit against the school district is not covered by the policy.

Mississippi New Data Breach Notification Law

Apr 14, 2010 | Privacy/Data Security/Cyber Risk | United States

Mississippi is the latest state to adopt a data breach notification statute under House Bill 583.

Virginia New Medical Information Data Breach Law

Apr 14, 2010 | Privacy/Data Security/Cyber Risk | United States

The Commonwealth of Virginia recently enacted a law requiring notice of data breaches involving medical information.

District of New Jersey Dismisses Securities Fraud Claims Against Company That Suffered Data Breach

Mar 29, 2010 | New Jersey Developments, Privacy/Data Security/Cyber Risk | United States

Late last year, the United States District Court for the District of New Jersey dismissed a securities fraud litigation that had been brought against a payment card processor in connection with the theft, by cybercriminals, of credit and debit card information from the company’s computer system.

Massachusetts Supreme Court Affirms Dismissal of Data Breach Claims Brought Against Retailer by Financial Institutions

Mar 3, 2010 | Massachusetts Developments, Privacy/Data Security/Cyber Risk | United States

Recently, the Supreme Judicial Court of Massachusetts upheld two lower court decisions dismissing, on separate motions to dismiss and for summary judgment, a number of claims brought by credit unions against a retailer in connection with a breach of debit and credit card data.

Business Associate Regulations Effective; Enforcement Uncertain

Feb 24, 2010 | Healthcare, Privacy/Data Security/Cyber Risk | United States

New requirements making the HIPAA privacy and security rules applicable to business associates of healthcare entities became effective on February 17, 2010. However, the new requirements, under the the Health Information Technology for Economic and Clinical Health (“HITECH”) Act, may not be enforced immediately.

Study Shows Cost of Data Breaches Increases

Feb 9, 2010 | Privacy/Data Security/Cyber Risk | United States

The Ponemon Institute, a privacy and information management research firm, released its fifth annual U.S. Cost of a Data Breach Study (the “Study”). According to the Study the cost of a data breach increased two dollars from last year to $204 per compromised record. Although the number of reported data breaches decreased (657 in 2008 and 498 in 2009), the average total cost of a data breach rose from $6.65 million in 2008 to $6.75 million in 2009.

Medical Professionals Continue to Challenge the FTC’s Enforcement of the Red Flags Rule

Feb 9, 2010 | Privacy/Data Security/Cyber Risk | United States

On January 27, 2010, the American Medical Association, American Dental Association, American Osteopathic Association, and the American Veterinary Medical Association sent a letter to the FTC Chairman, Jon Leibowitz, requesting that the FTC announce that the Red Flags Rule will not be applied against licensed health care professionals until at least 90 days after the final resolution of the American Bar Association (ABA) lawsuit (as we reported here) and commit that, if the final resolution of the ABA lawsuit is that the Red Flags Rule will not be applied to attorneys, the FTC will not apply the Red Flags Rule to licensed health care professionals either.

Topic: Privacy/Data Security/Cyber Risk

Washington New Credit Card Data Breach Liability Law

California Proposes Amendment to Data Breach Notification Law

Liability Insurer Seeks Declaration of No Coverage in School Laptop Monitoring Case

Mississippi New Data Breach Notification Law

Virginia New Medical Information Data Breach Law

District of New Jersey Dismisses Securities Fraud Claims Against Company That Suffered Data Breach

Massachusetts Supreme Court Affirms Dismissal of Data Breach Claims Brought Against Retailer by Financial Institutions

Business Associate Regulations Effective; Enforcement Uncertain

Study Shows Cost of Data Breaches Increases

Medical Professionals Continue to Challenge the FTC’s Enforcement of the Red Flags Rule

Search

InsurTech

Jurisdictions

Topics

Archives

Email the Editor

Share

Locke Lord LLP

Follow Us