New Jersey Governor Chris Christie has signed a new law requiring health insurance companies to protect client health information by encrypting the data. The law applies to any insurance company, health service corporation, hospital service corporation, medical service corporation, or health maintenance organization authorized to issue health benefits plans in New Jersey. These entities must take […]
Board Governance & Cyber Risk Management
NIST releases “Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans.”
On December 12, 2014, the National Institute for Standards and Technology (“NIST”) announced the release of Special Publication 800-53A, Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans (“SP 800-53A”). SP 800-53A is a companion guideline to Special Publication 800-53, Security and Privacy Controls for Federal Information Systems and Organizations […]
TD Bank NA Settles Data Breach Lawsuit with Mass. AG
TD Bank North America (“TD Bank”) and the Massachusetts Attorney General announced an agreement on December 8 to end a data breach lawsuit brought against TD Bank by the Massachusetts Attorney General. The lawsuit alleged that TD Bank failed to properly protect and encrypt personal customer information contained on two server backup tapes that it […]
23 Privacy Enforcement Authorities Issue a Joint Open Letter to App Marketplaces
On December 9, 2014, a joint open letter (“Letter”) was issued to the operators of seven (7) app marketplaces, urging them to “make the basic commitment to require each app that can access or collect personal information, to provide users with timely access to the app’s privacy policy.” Although the Letter was sent to Apple, […]
Giovanni Buttarelli Confirmed as New European Data Protection Supervisor
On November 27, the European Parliament confirmed that Giovanni Buttarelli will serve as the next European Data Protection Supervisor (“EDPS”). Buttarelli will take over for Peter Hustinx, who served as EDPS for 10 years. Prior to his appointment, Buttarelli was the Assistant EDPS, a position which will now be held by Wojciech Rafal Wiewiórowski. Buttarelli’s privacy experience […]