Imagine you have completed your HIPAA risk assessment and implemented a robust privacy and security plan designed to meet each criteria of the Omnibus Rule. You think that, should you suffer a data breach involving protected health information as defined under HIPAA (PHI), you can show the Secretary of the Department of Health and Human

On January 21, 2014, the United States District Court for the Southern District of California announced a significant ruling for plaintiffs in data breach cases (Case No. 3:11-02258).  Although the Court dismissed 43 of the Plaintiffs’ 51 claims, the Court allowed certain claims based upon state consumer protection statutes to proceed.  Unlike the rulings in

DataSecurityWe are pleased to announce the launch of our Data Breach 411 App, which is available for free download in the iTunes store at:

The Data Breach 411 App is a data breach survival guide designed to tackle a general counsel’s worst nightmare:  the loss or theft of sensitive data.

Features of the app

Does your company collect and store personally identifiable information related to its consumers or employees? If the answer to this question is “yes”, then you need to be prepared to respond to a data security breach.

Data security breaches happen without any warning and affect companies of all sizes and across all industries. In the

Beginning in 2012, under the California Breach Notification Laws (Cal. Civ. Code 1798.29 and 1798.82), any agency, person or business that notifies more than 500 California residents of a data security breach, must also report such a breach to the California Attorney General.  As a result of this requirement, in 2012, the California Attorney General

On July 11, 2013, the Department of Health and Human Services announced that it reached a settlement with WellPoint Inc. related to potential violations of the HIPAA Privacy and Security Rules.  In compliance with the HITECH Breach Notification Rule, WellPoint notified the HHS Office for Civil Rights that certain security weaknesses in one of its

In connection with a class action lawsuit filed against Michaels Stores Inc., the United States District Court for the District of Massachusetts certified to the Supreme Judicial Court of Massachusetts three questions: (1) whether a ZIP code constitutes personal identification information; (2) whether, under the Massachusetts statute prohibiting collection of personal identification information during a

On Friday, February 22, 2013, the FTC resolved an enforcement action that it brought against HTC America Inc. for allegedly failing to use "reasonable and appropriate" security measures in developing and customizing its devices. In its first case against a mobile device manufacturer, the FTC has instructed HTC America Inc. about how to develop and build its products. The