Posts tagged notification

Cloud, contracting, cyber insurance, GLB, HIPAA, indemnification, notification, privacy, risk, SB 1386, security breach

Cyber Insurance: An Efficient Way to Manage Security and Privacy Risk in the Cloud?

By InfoLawGroup LLP on February 01, 2012

As organizations of all stripes increasingly rely on cloud computing services to conduct their business, the need to balance the benefits and risks of cloud computing is more important than ever. This is especially true when it comes to data security and privacy risks. However, most Cloud customers find it very difficult to secure favorable contract terms when it comes to data security and privacy. While customers may enjoy some short term cost-benefits by going into the Cloud, they may be retaining more risk then they want (especially where Cloud providers refuse to accept that risk contractually). In short, the players in this industry are at an impasse. Cyber insurance may be a solution to help solve the problem.

Breach, do, Heartland, notification, Regulation S-P, risk assessment, SEC, Security, security breach

SEC Issues Guidance Concerning Cyber Security Incident Disclosure

By InfoLawGroup LLP on October 14, 2011

Publicly traded businesses now have yet another set of guidelines to follow regarding security risks and incidents. On October 13, 2011 the Securities and Exchange Commission (SEC) Division of Corporation Finance released a guidance document that assists registrants in assessing what disclosures should be made in the face of cyber security risks and incidents. The guidance provides an overview of disclosure obligations under current securities laws - some of which, according to the guidance, may require a disclosure of cyber security risks and incidents in financial statements.

Attorney General, Breach, California, content, data breach, Governor Brown, notice, notification, regulator, SB 1386, SB 24, security breach, Simitian

California Amends Its Data Breach Law - For Real, This Time! (As California Goes, So Goes the Nation? Part Three)

By InfoLawGroup LLP on September 01, 2011

California's infamous SB 1386 (California Civil Code sections 1798.29 and 1798.82) was the very first security breach notification law in the nation in 2002, and nearly every state followed suit. Many states added their own new twists and variations on the theme - new triggers for notification requirements, regulator notice requirements, and content requirements for the notices themselves. Over the years, the California Assembly and Senate have passed numerous bills aimed at amending California's breach notification law to add a regulator notice provision and to require the inclusion of certain content. However, Governor Schwarzenegger vetoed the bills on multiple occasions, at least three times. Earlier this year, State Sen. Joe Simitian (D-Palo Alto) introduced Senate Bill 24, again attempting to enact such changes. Yesterday, August 31, 2011, Governor Brown signed SB 24 into law.

Breach, consumer fraud law, damages, duty, employee, employee privacy, employer, litigation, negligence, notification, social security number

IL Appellate Court: No Duty Exists to Safeguard SSNs for Purposes of a Negligence Claim

By InfoLawGroup LLP on February 03, 2011

InfoLawGroup recently discovered a new data breach case, one of the first that we are aware of in the United States, that dives deep into the issue of whether a common law duty exists to safeguard personal information. In Cooney, et. al v. Chicago Public Schools, et. al¸ an Illinois appellate court actually rendered a decision holding that no such duty exists under Illinois law. In this blogpost we take a closer look at the court's rationale for dismissing the plaintiffs' negligence claim, as well as the other interesting holdings of the court.

Breach, call center, credit monitoring, cyber insurance, data security, insurance, notification

Insurers Deny Coverage for Breach Notice Costs (and why companies should consider cyber insurance coverage and why brokers should offer it)

By InfoLawGroup LLP on June 10, 2010

It was recently reported that an insurance carrier (Colorado Casualty Insurance Co.) denied coverage (and filed a lawsuit) for the $3.3 million in costs the University of Utah incurred to provide notice of a security breach involving the records of 1.7 million patients from the University's hospitals. You can find a copy of Colorado Casualty's declaratory judgment action complaint here. The University also filed its own counter claim, cross-claim and third party claim. As discussed further below, the University's cross-claim is against Perpetual Storage (the service provider that allegedly lost the data) and its third party claim is against Perpetual Storage's insurance broker (the broker that placed the insurance coverage with Colorado Casualty).