On January 12, 2015, during a speech before the Federal Trade Commission (FTC), President Barack Obama announced that he would propose legislation to create a national, uniform data breach notification law. The White House later released the full text of the proposed bill. The President highlighted that a national breach notification law would benefit both […]
Board Governance & Cyber Risk Management
President Obama Proposes New Privacy Protections for Student Data
On January 12, 2015, President Barack Obama unveiled a series of comprehensive proposals aimed at protecting Americans’ personal and financial information, combating online fraud, and safeguarding digital privacy. As part of his speech at the Federal Trade Commission, President Obama highlighted certain initiatives related to student privacy that he will discuss in greater detail at […]
New Jersey Enacts Health Information Encryption Requirement
New Jersey Governor Chris Christie has signed a new law requiring health insurance companies to protect client health information by encrypting the data. The law applies to any insurance company, health service corporation, hospital service corporation, medical service corporation, or health maintenance organization authorized to issue health benefits plans in New Jersey. These entities must take […]
NIST releases “Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans.”
On December 12, 2014, the National Institute for Standards and Technology (“NIST”) announced the release of Special Publication 800-53A, Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans (“SP 800-53A”). SP 800-53A is a companion guideline to Special Publication 800-53, Security and Privacy Controls for Federal Information Systems and Organizations […]
TD Bank NA Settles Data Breach Lawsuit with Mass. AG
TD Bank North America (“TD Bank”) and the Massachusetts Attorney General announced an agreement on December 8 to end a data breach lawsuit brought against TD Bank by the Massachusetts Attorney General. The lawsuit alleged that TD Bank failed to properly protect and encrypt personal customer information contained on two server backup tapes that it […]