Australia Finally Gets A Data Breach Notification Law.

The Land Down Under is finally getting a data breach notification law. This should come as a surprise to many since (a) many would have assumed that Australia already has one and (b) it’s 2017 – unless you’re a war-ravaged country, chances you have a breach notification law. Because that’s how bad things are on […] read more

Children’s Medical Center of Dallas Pays $3.2 Million To Settle HIPAA Violations.

The Children’s Medical Center of Dallas (Children’s) recently settled with the US Department of Health and Human Services (HHS) over multiple failures to encrypt sensitive data in mobile devices. The settlement – $3.2 million dollars – is quite the figure, as is the timeline involved: It looks like an investigation could have been started as […] read more

Third Circuit Appellate Court Says “OK” To Data Breach Lawsuit.

Recently, the US Court of Appeals for the Third Circuit concluded that “the improper disclosure of one’s personal data in violation of FCRA [Fair Credit Reporting Act] is a cognizable injury for Article III standing purposes.” In other words, people can go to court over data breaches and data breaches alone; there is no need […] read more

UK Encryption: Royal & Sun Alliance Insurance Fined £150,000 For Stolen Hard Drive.

The UK’s Information Commissioner’s Office (ICO) has fined an insurance company, Royal & Sun Alliance (RSA), a total of £150,000 for the theft of an external storage device with information on nearly 60,000 clients (and credit card details for 20,000 people).   Stolen From a Locked Room Unlike your run-of-the-mill hard drive theft cases, there […] read more

Netherlands Officially Files 5,500 Breach Notifications In 2016.

The Personal Data Protection Authority of the Netherlands (Autoriteit Persoonsgegevens, “AP”) revealed last week that they received nearly 5,500 data breach notifications in 2016, the first year of mandatory data breach notifications for the European country. This contrasts with the 980 data breaches in the same period for the US, compiled by the Identity Theft […] read more

US Government Committee Concludes (Yet Again) That Encryption Backdoors Undesirable.

As the year draws to a close – and what a year! – we finally have some good, sensible news: the US government has found that “any measure that weakens encryption works against the national interest,” and so encryption backdoors are an untenable scenario. This should be the final and decisive nail to the coffin […] read more

UMass Amherst Settles HIPAA Violation for $650,000 and Corrective Action.

In 2003, the University of Massachusetts – Amherst (UMass Amherst) was embroiled in a health data security breach. A workstation computer was infected with malware, leading to a HIPAA violation involving patient data for 1,670 people. Skip to three years later, and UMass Amherst has settled legal actions related to the breach, brought by the […] read more

California Amends Data Breach Notification For Encrypted Data.

Beginning on January 1, 2017, organizations in California cannot automatically assume that personal details are safe if they were encrypted at the time of a data breach. This, in turn, means that businesses and other organizations will have to give some thought as to whether a data breach must be made public.   Encrypted Personal […] read more

Data Breach Reparations: Still Evolving, Consumers Begin To See Glimmers.

According to idtheftcenter.org, the US has seen over 858 data breaches that involved over 29 million records in 2016 (to be more specific, up until November 8). The list of breaches does not include those that go unreported, for obvious reasons, as well as those that weren’t vetted by credible sources like state Attorney General […] read more

Another Site Leaks Plaintext Passwords, Runs Afoul of COPPA.

The site arstechnica.com is reporting that i-Dressup not only experienced a data breach – over 2.2 million affected – but has been slow as molasses in responding to Ars’s emails that they have been hacked or, more importantly, fixing the vulnerability that lead to the security failure. Perhaps we shouldn’t be surprised, merely exasperated, that […] read more