On April 15, 2015, the Payment Card Industry Security Standards Council (PCI-SSC) updated the PCI Data Security Standard (PCI-DSS) from version 3.0 to version 3.1. The new version is effective immediately. PCI DSS Version 3.0 will be retired on June 30, 2015. A summary of the changes, along with the updated standard, can be found […]
Data Breach
Wyoming Broadens Definition of Personal Information In Amended Data Breach Notification Law
Wyoming has updated its data breach notification statute to widen the definition of “personal identifying information” that will trigger notification to individuals. In addition, the amendments prescribe the information to be contained in the notice and provide a safe harbor to entities that provide notice in compliance with and under the requirements of the Health […]
President Obama Signs Executive Order Authorizing Sanctions for Cyber Attacks, Use of Stolen Data
On April 1, 2015, the White House unveiled Executive Order 13694, which authorizes the Treasury Department to sanction entities outside of the United States that engage in “cyber-enabled activities” that are “reasonably likely to result in, or have materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial […]
California Health Care Facility Breach Statute Updated: Changes Effective Now
As a result of recent breaches – including breaches of health information and information held by health insurers – a great deal of attention has recently been focused on state data breach notification requirements. Most States have general data breach notification requirements that apply to all data breaches, including those involving health information. A few […]
Montana Broadens Data Breach Notification Law
Montana has amended the state’s data breach notification law to both broaden the definition of “personal information” that triggers individual notice and to require notice to the state’s attorney general. The changes become effective on October 1, 2015. Montana has joined several other states, including California and Florida, that include medical-related information in the definition […]