Litigation and legal developments concerning data breaches.
As seen on Bloomberg Law: A new US notification requirement for victims of malicious hacks could push in-house counsel to disclose cyberattacks when faced with ransomware and other network compromises. Among the first-ever cyber regulations to be enforced by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the top US cyber authority, the […]
From a recent article on Reuters: Government regulators are seemingly as numerous as the stars nowadays, especially in the universe of data incidents. When organizations experience a data incident, they will need to quickly assess what happened, why it happened, and who (e.g., clients, consumers, vendors, employees) was affected. They will also need to chart […]
Attorney-General and Minister for Justice and Minister for the Prevention of Domestic and Family Violence The Honourable Yvette D’Ath issued the following statement: The Palaszczuk Government has today introduced legislation to establish a mandatory data breach notification scheme in Queensland, as recommended by the Coaldrake Review. The Information Privacy and Other Legislation Amendment Bill 2023 implements […]
The state Senate today approved bipartisan legislation sponsored by Sen. Tracy Pennycuick (R-24) to strengthen notification requirements for data breaches and provide affected citizens with free credit monitoring and a credit report. Senate Bill 824, introduced with Sen. Jimmy Dillon (D-5), would provide citizens affected by a data breach a free credit report and a year of […]
The law firm of Hogan Lovells has an article about FDA’s finalized guidance on “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions.” They note: FDA’s new final guidance replaces the April 2022 draft guidance of the same name, which we analyzed online here, and it also supersedes FDA’s 2014 final guidance “Content of Premarket Submissions for Management […]
IPB reports: Indiana Attorney General Todd Rokita is suing a northwest Indiana medical office over a ransomware event that put personal and protected health information at risk. The lawsuit alleges the provider was aware of security concerns before the data breach. The lawsuit filed last week against CarePointe — an ear, nose, throat, sinus and hearing […]
Another day, another RICO class action? Courthouse News reports: Taxpayers slapped Meta, Google and H&R Block with a sprawling RICO class action Wednesday, claiming that a “shocking breach” coordinated by the companies resulted in scraping taxpayers’ private information for profit. In a 49-page complaint, the plaintiffs say the international firm H&R Block used customers’ private income […]
Colorado Attorney General Phil Weiser announced a settlement with Broomfield Skilled Nursing and Rehabilitation Center, LLC. The settlement arose from a 2021 data breach affecting patient and employee data. The state claimed that Broomfield violated a number of state laws that are specifically identified in the assurance of discontinuance (settlement). The following is the press […]
When New York State Attorney General Letitia James announced a settlement with Marymount Manhattan College stemming from a data breach in 2021, some people discussing the case online were surprised that a state could go after a non-profit college that way, and they wondered if the state could get that kind of settlement with a […]
The U.S. Department of Homeland Security has released a report, “Harmonization of Cyber Incident Reporting to the Federal Government.” The report, which was released on Sept. 19, notes that there are currently dozens of cyberattack reporting requirements at the federal level. DHS is seeking to come up with a manageable and solution: … this report […]
