State attorneys general across the United States have taken recent action towards addressing data privacy and security issues. In Connecticut, the attorney general announced the establishment of a Privacy and Data Security Department to handle investigations and litigation relating to data privacy and security. This month's National Association of Attorneys General (NAAG) Southern Region Meeting featured presentations on big data, cybersecurity, cloud computing and data breaches, and next month's NAAG presidential initiative summit will address topics such as intellectual property theft, cloud computing and digital currency. Finally, Washington's attorney general has proposed several amendments to expand the scope of that state's data breach notification requirements.… Continue Reading
New Jersey Governor Chris Christie has signed a law requiring health insurance carriers in that state to encrypt individuals' personal information. This new law will be enforced in conjunction with the New Jersey Consumer Fraud Act (NJCFA), and failure to obey the law will be classified as a violation of the NJCFA, which could result in financial penalties for the carriers. The new legislation may also affect business associates through the contractual terms of business associate agreements.… Continue Reading
On May 24, 2012, the Attorney General of Massachusetts announced that South Shore Hospital of South Weymouth, Massachusetts (South Shore) agreed to settle allegations that it failed to protect the personal and protected health information of more than 800,000 individuals. The settlement resulted from the hospital’s data breach report to the Attorney General in July … Continue Reading