Archives: Data Breaches

Subscribe to Data Breaches RSS Feed

New PCI Guidance Provides Businesses With Security Incident Response Assistance

A security event involving payment card data, especially card present data, can be one of the most costly events a company may face. Not only did a recent study report the average total cost of a data breach as $3.8 million, large payment card incidents such as those that occurred at Target and Home Depot … Continue Reading

State Data Breach Notification Requirements Specifically Applicable to Insurers

Almost all U.S. states and territories have enacted breach notification laws requiring private and/or government entities to notify individuals when their personal information is compromised. These laws vary, and much has been written about the challenges caused by the differences, including who must comply with the law (e.g., persons, businesses, information brokers, government entities, covered … Continue Reading

2015 BakerHostetler Security Incident Response Report Provides Insight Beyond Technical Incidents

There is no longer a debate – security incidents are inevitable. Organizations are working to be better prepared to respond when the first sign of an incident is detected (often at 4:30 p.m. on a Friday). So what kind of incidents should they prepare for and how should they prepare? Annual reports from forensic investigation … Continue Reading

2015 BakerHostetler Incident Response Report Shows One in Five Breaches Involved Paper Records

BakerHostetler’s inaugural Data Security Incident Response Report offers a wealth of information regarding the causes of data security breaches, the manner in which those incidents are handled, and the legal and regulatory aftermath for affected companies. Among the Report’s interesting takeaways is a rebuttal of the popular assumption that data security incidents are all about … Continue Reading

To Err Is Human; to Indemnify, Divine?: Human Foibles in the Cloud

BakerHostetler’s inaugural Data Security Incident Response Report (the “Report”) concluded that employee negligence and theft were two of the top five causes of data security incidents for the more than 200 incidents that we handled in 2014. Needless to say, this raises some important and concerning questions when it comes to the cloud. We note … Continue Reading

The DOJ Sets Out to Establish Standard for Data Security Incident Response and Preparation

Editor’s Note: The author is the most recent attorney to join our Privacy and Data Security Team. Paul represents clients in responding to potential data security incidents, counsels on incident response preparedness, and works with clients to develop appropriate policies to ensure compliance with applicable law, industry standards, or self-regulatory guidelines. He also counsels clients … Continue Reading

2015 BakerHostetler Incident Response Report Deeper Dive—Retailer Liability Arising from Stolen Payment Cards

We released the inaugural BakerHostetler Data Security Incident Response Report, which provides insights generated from the review of more than 200 incidents that our attorneys advised on in 2014. Over the next four weeks, we will post several blogs that will provide a more in-depth look at certain findings. In this post, we cover one … Continue Reading

Social Media’s Not For You—It’s About You: Risks for Organizations in a New Age of Sharing

Social media and social networking, including websites and applications that allow users to create and share content, have become ubiquitous. Joining the social networking revolution may be very easy for individuals, but establishing best practices for organizations that want or need to be actively engaged with social media is not. Initial considerations tend to focus … Continue Reading

BakerHostetler Recognized in LA Daily Journal’s Top Appellate Reversals of 2014

A precedent-setting decision in a class action case alleging privacy violations under California’s Confidentiality of Medical Information Act (CMIA), litigated by our BakerHostetler team, was recognized by the LA Daily Journal as one of the “Top Appellate Reversals of 2014.” The lawsuit was filed against Eisenhower Medical Center (EMC) following the theft of a computer containing patient … Continue Reading

FAQs by Employers Regarding the Anthem Breach

Do we have any legal obligations under HIPAA? It depends on your contractual relationship with Anthem and whether the group health plan offered by your company is self-insured. If your company’s group health plan is self-insured and your company contracts with Anthem to administer the plan, process claims, etc., then your company’s group health plan … Continue Reading

‘Going Postal’ Over Data Breach Response: Union Files Failure-to-Bargain Charge With NLRB Against USPS

As recent high-profile cyberattacks have demonstrated, employers have a duty to protect their employees’ electronically stored personal information from being accessed by hackers, and to promptly remedy any breach in security concerning such information. Depending upon the outcome of a recently filed charge before the National Labor Relations Board (“NLRB” or the “Board”), unionized employers … Continue Reading

California Attorney General Releases 2014 Data Breach Report and Recommendations, Finding More of the Same.

Editor’s Note: The author thanks Jaysen Borja for his contributions to this post. On October 28, 2014, Attorney General Kamala Harris released the second annual California Data Breach Report.  The report detailed the nature and scope of data breach notifications that her office received in 2013.  Her office has been analyzing notifications of data breaches … Continue Reading

How to Respond to SEC Inquiries Concerning Data Breach and Data Security Policies

Every company, whether public or private, has exposure to potential data breach or theft of confidential information. When this occurs, various state and federal regulatory organizations have jurisdiction over ensuring that there is prompt, corrective, and remedial action taken by the company whose systems have been compromised. Much of the focus of articles and commentary … Continue Reading

Company Claims “HIPAA Has No Teeth”, Will Start Notifying Affected Individuals of Security Breaches and Vulnerabilities that Have Not Been Disclosed by Organizations

A company named SLC Security, LLC (“SLC”), recently announced that it will begin notifying individuals if it believes it has identified a security breach or vulnerability of a company and it has not received a satisfactory response from the company to which it reported the issue. On SLC’s blog, it claims it is providing “awareness … Continue Reading

Will Using “Apple Pay” Keep the Data Breach Away?

Recently Apple unveiled its latest iPhones and other new products. While the big screens on the new iPhones are making the splashy headlines, perhaps the most interesting reveal, from a data privacy perspective, is not a shiny gadget, but the new mobile payment service dubbed “Apple Pay”. Although mobile payment services aren’t new – Google … Continue Reading

California’s Latest Amendments to Its Data Security Breach Notification Law – Much Ado about Nothing?

Editor’s Note: The authors would like to thank Jaysen Borja for his contributions to this post. On September 30, 2014, California Governor, Jerry Brown, signed Assembly Bill 1710 into law, amending California’s existing personal information privacy laws.  A.B. 1710 makes several changes to existing laws including: (1) the requirement that businesses that “maintain” personal information … Continue Reading

Credit Unions Continue to Demand New Data Security Standards for Retailers and Right to Recover Losses After a Breach

On September 3, 2014, following the news of a possible breach at Home Depot (which was confirmed on September 8), the National Association of Federal Credit Unions (NAFCU) called on Congress to enact new legislation to hold retailers more responsible for data security breaches. “These continued data breaches will have a chilling effect on our … Continue Reading

What Companies Can Do to Protect Themselves in the Face of Yet Another Massive Data Breach

Last week it was reported that a small group of Russian computer hackers illegally obtained an unprecedented quantity of internet credentials, including 1.2 billion username and password combinations, and over 500 million unique email addresses. The compromised companies have not yet been identified, but it is believed that the information came from over 420,000 websites. … Continue Reading

New York Attorney General Report Shows the Number of Data Breaches is on the Rise and Recommends Steps to Take for Protecting Against Them

On July 15, 2014, the New York Attorney General issued a report examining the growing number and costs of data breaches in the state of New York.  The report titled, “Information Exposed: Historical Examination of Data Security in New York State,” analyzes eight years’ worth of security breach data collected by the Attorney General and … Continue Reading

Florida Gives Breach Notification Statute More Teeth

On June 20, 2014, Florida Governor Rick Scott signed the Florida Information Protection Act of 2014 (“FIPA”), which will repeal Florida’s current breach notification statute at Fla. Stat. § 817.5681 and replace it with a new statute at Fla. Stat. § 501.171 effective July 1, 2014.  On the same day, Governor Scott also signed SB … Continue Reading

HHS Attorney: Major HIPAA Fines and Enforcement Coming

As regularly blogged about on the Data Privacy Monitor, the past 12 months have seen record-breaking HIPAA enforcement activity by HHS OCR.  But according to recent remarks by a high-ranking HHS attorney, if you thought these past 12 months were significant, just wait for the next 12 months. According to Law360, Jerome B. Meites, Chief … Continue Reading
LexBlog