CyberAdviser

Insights from the frontlines of privacy and data security law

Latest from CyberAdviser - Page 2

Last Friday we blogged on the Saks data breach class action, and in the process mentioned a trend among federal courts to reject fear of future identity theft claims in retail breach cases.  As we  explained, because retail breaches rarely involve theft of social security numbers, date of birth, healthcare information or other data that can be used to commit identity theft, courts have typically found that plaintiffs in such cases lack standing to…
For years, plaintiffs in data breach class actions have argued that the threshold for Article III standing is low – and increasingly courts are accepting that argument. The Saks data breach class action, pending in the Southern District of New York, is the latest example of a federal court finding that Article III standing exists even where the plaintiff’s asserted injuries are very minimal.…
The Office of Civil Rights of the Department of Health and Human Services (OCR) announced that it has entered into a settlement with a business associate that provides electronic medical records services to health care providers.  The resolution agreement requires Medical Informatics Engineering, Inc. (MIE) to pay $100,000 and adhere to a corrective action plan.  Under the corrective action plan, MIE must conduct a security risk assessment and implement a security risk management plan under…