Category Archives: Data Breach

Support Data Privacy Day on January 28, 2015

Written by
Did you know January 28 is Data Privacy Day (DPD)?  DPD commemorates Convention 108, the first legally binding international treaty dealing with privacy and data protection, signed on January 28, 1981.  DPD began in the United States and Canada in January 2008 as an extension of the DPD celebrated in Europe.  On January, 27, 2014, the 113th U.S. Congress adopted a nonbinding resolution expressing support for the designation of January 28 as “National Data Privacy Day.” National Cyber Security Alliance (NCSA), a non-profit organization dedicated to cyber-security education and awareness, [...] Read more

New York AG Schneiderman to Propose Revised Data Security Laws

Written by
New York’s Attorney General Eric T. Schneiderman announced on January 15 that he would propose legislation to New York State lawmakers to revise New York’s data security laws and to require new safeguards for personal data of New Yorkers. The legislation to be introduced by Mr. Schneiderman will broaden the scope of information that would require protection, impose stronger technical security measures for protecting information and create a safe harbor for companies who meet the required security standards. “With some of the largest-ever data breaches occurring in just the last year, [...] Read more

President Obama Proposes Strict National Data Breach Notification Law Ahead of State of the Union

Written by
On January 12, 2015, during a speech before the Federal Trade Commission (FTC), President Barack Obama announced that he would propose legislation to create a national, uniform data breach notification law.  The White House later released the full text of the proposed bill.  The President highlighted that a national breach notification law would benefit both consumers and notifying companies by pre-empting and streamlining the current system:  “right now almost every state has a different law on this and it’s confusing for consumers and it’s confusing for companies – and it’s costly [...] Read more

TD Bank NA Settles Data Breach Lawsuit with Mass. AG

Written by
TD Bank North America (“TD Bank”) and the Massachusetts Attorney General announced an agreement on December 8 to end a data breach lawsuit brought against TD Bank by the Massachusetts Attorney General. The lawsuit alleged that TD Bank failed to properly protect and encrypt personal customer information contained on two server backup tapes that it lost. The suit also alleged that TD Bank did not promptly notify the Attorney General of the breach as required by Massachusetts law. The data breach in question occurred after a set of unencrypted server backup tapes containing the personal information [...] Read more

Alston & Bird Health Care Advisory: HIPAA Audit Program Phase 2 Update

Written by
We have previously blogged about the U.S. Department of Health & Human Services HIPAA Audit Program, including the Audit Program pilot (November 30, 2011 and March 7, 2012), the release of the Office for Civil Rights (OCR) audit protocols (June 26, 2012), and the status of phase 2 of the Audit Program (February 26, 2014 and September 16, 2014).  Today, Alston & Bird issued a Health Care ADVISORY on the status of Phase 2 of the HIPAA Audit Program, in which we discuss recent guidance from OCR on the HIPAA Audit Program and its status and provide some basic compliance reminders that may [...] Read more

New California Law Expands Data Security Requirements, SSN Protections and Breach Notification Obligations

Written by
On September 30, 2014, the Governor of California signed Assembly Bill 1710, which made three small but important changes to the state’s privacy laws.  The bill:  (1) amended California’s breach notification law to require that the notifying entities offer identity theft protection services to affected individuals in certain cases; (2) required California businesses that “maintain” personal information on state residents to adopt reasonable security procedures to protect that personal information (a requirement that previously only applied to businesses that own or license such data); [...] Read more

Kim Peretti Interviewed by BankInfoSecurity

Written by
Kim Peretti, co-chair of the firm’s Security Incident Management & Response Team, was interviewed by BankInfoSecurity about what boards must know about security issues and how to keep directors risk-aware. In the interview, titled “Cybersecurity: What Boards Must Know,” Peretti discusses what directors don’t know about security, the pre- and post-breach responsibilities of boards, and how to educate the board – and when. “[Boards] have an awareness of the threat out there,” Peretti said. “But what they’re struggling with – what [...] Read more

Secret Service Estimates in Follow-Up Advisory that “Backoff” Malware Affected 1,000 U.S. Businesses

Written by
On Friday, August 22 the Department of Homeland Security (“DHS”) and U.S. Secret Service released an advisory warning that a family of malware known as “Backoff” may have infiltrated the Point of Sale (“PoS”) systems of over 1,000 U.S. businesses. The malware was injected into some systems as far as back as October 2013, and DHS warns that it “has likely infected many victims who are unaware that they have been compromised.” “Backoff” allows cybercriminals to remotely exfiltrate consumer credit card information by exploiting [...] Read more

Kim Peretti and Jessica Corley co-author Bloomberg BNA article on Director Liability for Cybersecurity

Written by
Kim Peretti, co-chair of the firm’s Security Incident Management & Response Team, co-authored with Jessica Corley, chair of the firm’s Securities Litigation Group, the Bloomberg BNA article, “Cybersecurity: What Directors Need to Know in an Era of Increased Scrutiny.” In the article, Peretti and Corley discuss the cybersecurity issues that directors and officers face due to the fact that most companies’ assets are stored digitally and, therefore, at risk of cyberattacks. Because of these risks, well-designed policies and procedures to ensure data security are crucial [...] Read more

Kim Peretti to Speak on AllClear ID Webinar

Written by
Kim Peretti, co-chair of the firm’s Security Incident Management & Response Team, will be a featured speaker on a webinar addressing the cyber risk landscape and best practices on breach preparation and response. The webinar, titled “Confidence in the Breach Age: Risks, Preparation, Response & Recovery,” will feature a panel of industry professionals who will share their perspectives on: Understanding the reality of cyber risk to your organization Legal practices in preparedness and response Managing the forensics investigation with confidence Restoring trust with [...] Read more