The HIPAA (Health Insurance Portability and Accountability Act) breach notification regulations require covered entities to self-report the
On October 27, 2016, the U.S. Federal Communications Commission (the "FCC") adopted the Open Internet Order (the "Order"). The Order reclassified
Overruling the surprise decision last year of an administrative law judge, the Federal Trade Commission has held that LabMD's data security practices
With the ever-increasing amount of personal information stored online, it is unsurprising that data breach litigation has become increasingly common
Last Friday, the FTC reversed an Administrative Law Judge’s ruling in the FTC data security case against clinical laboratory LabMD, broadening the
Non-cyber insurance policies often contain exclusions to limit or preclude coverage for data breaches. A Maryland federal district court recently
A putative class action complaint filed on June 22, 2011, in the United States District Court for the Northern District of California alleges that the popular cloud-based storage provider Dropbox, Inc. failed to secure users’ private data or to notify the vast majority of them about a data breach.
The Health Information Technology for Economic and Clinical Health (HITECH) Act, part of the American Recovery and Reinvestment Act of 2009 (ARRA), generally requires employer-sponsored health plans and their business associates that handle protected health information (PHI) to notify affected individuals, the Department of Health and Human Services (HHS), and in some cases the media, when there is an unauthorized disclosure of the individuals' unsecured PHI.