Collaborate Disseminate
If you can’t get an interpretation of a state breach notification statute from the state’s attorney general, where can you get it? DataBreaches recently wrote to the Maine Attorney General’s Office: I am not sure I really understand a… Continue reading Seeking clarification on Maine’s data breach notification statute
Arendse Huld writes: China has been expanding its legal framework for cybersecurity and data protection in recent years, with further advancements seen in 2023. This year witnessed the refinement of legal requirements governing the procedures to export… Continue reading China Cybersecurity and Data Protection Regulations – 2023 Recap and 2024 Outlook
Khine Zin Htet reports: On Nov. 7, 2023, MBS announced a breach of the personal data of 665,000 Marina Bay Sands (MBS) LifeStyle reward members by an “unknown third party” on Oct. 19 and 20, 2023. Following that, the government addressed th… Continue reading Sg: 665,000 MBS members data leak: Govt to investigate if there was ‘significant harm’
Hunton Andrews Kurth writes: Patrick Gunning from King & Wood Mallesons reports that, on November 2, 2023, the Australian Information Commissioner filed proceedings in the Federal Court of Australia against Australian Clinical Labs Limited seeking … Continue reading Australian Privacy Regulator Sues in MedLab Pathology Data Breach Case
Hunton Andrews Kurth writes: On November 1, 2023, New York Governor Hochul announced that the New York State Department of Financial Services (“NYDFS”) amended its Cybersecurity Regulation applicable to covered financial institutions. Our previous blog… Continue reading NYDFS Updates Its Cybersecurity Regulation to Protect Against Growing Cyber Threats
Rachel Walker and Elouise Casey of Dentons write: Failure to comply with the mandatory breach reporting regime is arguably the canary in the coal mine for regulatory compliance to Australian Securities and Investments Commission (ASIC). We are expectin… Continue reading AU: ASIC modifies licensees’ breach reporting obligations
Pennsylvania Senate Republicans write: The state Senate today approved bipartisan legislation sponsored by Sen. Tracy Pennycuick (R-24) to strengthen notification requirements for data breaches and provide affected citizens with free credit monitoring … Continue reading Pennycuick Measure Providing Free Credit Monitoring for Data Breach Victims Approved by Pennsylvania Senate
Emma Woollacott reports: British businesses could face lower fines if they proactively report data breaches, thanks to an agreement between the UK’s data protection regulator and cybersecurity agency. The Information Commissioner’s Office (ICO) and Nat… Continue reading Disclose data breaches to us proactively, and we’ll lower any fines — ICO
Philip N. Yannella, Gregory P. Szewczyk, and Timothy Dickens of Ballard Spahr write: The California Privacy Protection Agency (CPPA) recently published two new sets of draft regulations addressing a range of cutting-edge data protection issues. Althou… Continue reading California Privacy Protection Agency publishes new draft regulations addressing AI, risk assessments, cyber audits
LA Care, the largest publicly operated health plan in the country paid $1,300,000 to settle Today, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement of potential violations of the Health Insurance Po… Continue reading HHS Office for Civil Rights Settles with L.A. Care Health Plan Over Potential HIPAA Security Rule Violations