Archive for the “breach laws” category

Krebs on Cyber vs Physical Crooks

by adam on March 9, 2010

In addition, while traditional bank robbers are limited to the amount of money they can physically carry from the scene of the crime, cyber thieves have a seemingly limitless supply of accomplices to help them haul the loot, by hiring (…)

Read the rest of this entry »

2 Proposed Breach Laws move forward

by adam on November 6, 2009

See George Hulme, “National Data Breach Law Steps Closer To Reality ” and Dennis Fisher “http://threatpost.com/en_us/blogs/two-data-breach-notification-bills-advance-senate-110609.” Dennis flags this awe-inspiring exception language: “rendered indecipherable through the use of best practices or methods, such as redaction, access controls, or other such (…)

Read the rest of this entry »

Changing Expectations around Breach Notice

by adam on October 5, 2009

Earlier this month, the Department of Health and Human Services imposed a “risk of harm” standard on health care providers who lose control of your medical records. See, for example, “Health IT Data Breaches: No Harm, No Foul:” According to (…)

Read the rest of this entry »

Proskauer Rose Crows “Rows of Fallen Foes!”

by adam on September 18, 2009

Over on their blog, the law firm announces yet another class action suit over a breach letter has been dismissed. Unfortunately, that firm is doing a fine business in getting rid of such suits. I say it’s unfortunate for two (…)

Read the rest of this entry »

New Breach Laws

by adam on August 12, 2009

Missouri adds a law with a “risk of harm trigger” aka the full-employment provision for lawyers and consultants. Texas adds health data to their notification list. Most importantly, North Carolina requires notice to their attorney general for breaches smaller than (…)

Read the rest of this entry »