Data Privacy and Security Blog

March 26, 2019 Cybersecurity / Legislation

Ohio Cybersecurity Legislation Applicable to Insurers Now In Effect

Ohio’s new law requiring insurance providers to take steps to protect personal information recently went into effect March 20, 2019. Ohio now follows South Carolina as the second state to adopt legislation modeled after the NAIC’s Insurance Data Security Model Law. The law, codified at new Ohio Revised Code Chapter 3695, applies to all individuals or non-governmental entities required to be authorized, registered, or licensed under Ohio insurance laws (defined as “licensees”). Only smaller licensees that have fewer than 20 employees, less than $5… Continue Reading

March 1, 2019 Cybersecurity / Data Privacy

Washington State Cyberstalking Law Deemed Unconstitutional

On February 22, a federal judge in the State of Washington held that Washington’s cyberstalking law impermissibly inhibits constitutionally protected speech in violation of the First Amendment. The case of Rynearson v. Ferguson was commenced by Richard Rynearson, III against Washington State’s Attorney General and county prosecuting attorney under 42 U.S.C. Section 1983 for the purpose of enjoining the state’s enforcement of its cyberstalking statute, Wash. Rev. Code Section 9.61.260. Rynearson is an online author and activist who regularly writes online posts and comments directed… Continue Reading

February 26, 2019 Uncategorized

Largest Health Data Breach of 2019 Strikes Seattle Hospital

On December 26, 2018, University of Washington School of Medicine in Seattle, Washington was notified that their database had been misconfigured, resulting in a breach affecting approximately 974,000 individuals, the largest health breach of 2019. UW Medicine was first notified of this error on December 4, 2018 after a patient performed a Google search for their own name and found a file online containing some of their information through UW Medicine visible on the internet. This information contained protected health information that UW Medicine is… Continue Reading

February 22, 2019 Cyber Breach / Regulation

Vermont’s “Data Brokers” Law is a Glimpse into the Future for Many Industries

Cybersecurity has been a field where the concept of state governments acting as legislative laboratories has been observed in real time, with multiple states passing different pieces of legislation every year. One of the more unique laws passed in 2018, and effective as of January 1, 2019, is Vermont’s descriptively titled “act relating to data brokers and consumer protection.” Although unknown to most consumers, there is a booming industry of “data brokers” who act as middlemen between companies who collect data and those looking to… Continue Reading

February 12, 2019 Cybersecurity

Key Upcoming Deadlines under the New York DFS Cybersecurity Regulation

When New York’s landmark cybersecurity regulation became effective back in March 2017, the Department of Financial Services (DFS) implemented a two-year timeline for implementation of the regulation’s requirements, with a final compliance deadline of March 1, 2019. Entities covered by the wide-sweeping regulation should remember filing their first certificate of compliance in February of last year. The two-year implementation period is almost over, and once again, important deadlines are now quickly approaching. “Covered Entities” (banks, insurance companies, and other financial services institutions and… Continue Reading

February 6, 2019 Uncategorized

San Francisco Legislation Would Ban the City’s Use of Facial Recognition Technology

Over the last few years, there has been a marked increase in legislation regulating the collection and retention of individuals’ biometric information. For instance, Illinois, Texas, and Washington have enacted legislation regarding the collection of biometric information, and the European Union’s General Data Protection Regulation broadly regulates the collection of biometric data. In San Francisco, one motivated municipal lawmaker with similar concerns relating to privacy and the disproportionate impact surveillance has had on certain communities proposed a bill that would regulate how the city uses… Continue Reading

February 1, 2019 Lawsuit / Regulation

Absence of DOJ Regulations Does Not Bar Liability for Failure to Comply with the ADA

In the face of an ever-growing number of lawsuits based upon allegedly non-ADA compliant website designs, defendants have enjoyed little success obtaining dismissal at the pleadings stage of proceedings. One lingering glimmer of hope had been the viability of a due process argument premised upon the “primary jurisdiction” defense, which formed the basis of Judge Otero’s decision dismissing the plaintiff’s complaint in Robles v. Domino’s Pizza, LLC. In short, the defendant argued that the plaintiff’s action must be either stayed or dismissed because the… Continue Reading

January 29, 2019 Class Action / Lawsuit

As If 200 Class Action Lawsuits Weren’t Enough…

The Illinois Supreme Court finally made its long awaited ruling on standing to sue under the Illinois Biometric Information Privacy Act (BIPA), siding with the class action representative in Rosenbach v. Six Flags Entertainment Corp., 2019 IL 123186, and allowing persons having suffered no actual injury to maintain a cause of action under BIPA. BIPA has already given rise to 200+ putative class action lawsuits against businesses nationwide, including those with any measureable operation in Illinois. Businesses have fought back, arguing that BIPA’s private… Continue Reading

January 28, 2019 Data Privacy

Data Privacy Best Practices on Data Privacy Day

Data Privacy Day is the perfect time to make sure that you – and your company’s employees – are practicing data privacy best practices. We’ve put together a list of best practices to keep your data secure:

Develop a data protection plan, including data protection services and privacy policies, as well as effective data engineering services, so you can understand the terms of use for online devices, data breach plans, and an assessment of your company’s current cybersecurity practices and weaknesses. Read More

January 23, 2019 Cyber Breach / Emerging Issues / Regulation

National Counterintelligence and Security Center Launches Effort to Protect Industry Against State Actors

On January 7, 2019, the National Counterintelligence and Security Center (NCSC), which coordinates counter-intelligence efforts within the U.S. government, announced that it would begin disseminating its “Know the Risk, Raise Your Shield” materials in an effort to assist the private sector in guarding against threats from foreign intelligence entities and other adversaries. This campaign appears to have been prompted by the Trump administration’s efforts to drive U.S. companies to better protect their trade secrets from foreign hackers. This comes on the heels of recent cyber-attacks… Continue Reading

Data Privacy and Security™

LATEST INSIGHTS