The Cybersecurity Law Report

Incisive intelligence on cybersecurity law and regulation

Articles By Topic

By Topic: Breach Notification

  • From Vol. 2 No.5 (Mar. 2, 2016)

    Synthesizing Breach Notification Laws in the U.S. and Across the Globe

    Does your company have a comprehensive breach disclosure plan that complies with regulatory and legal obligations across the globe? In a recent panel held at Georgetown Law School, Harriet Pearson and Allison Bender, a partner and associate, respectively, at Hogan Lovells, discussed the changing legal landscape of breach notification obligations, including the proliferation of disclosure obligations at the state, national and transnational level, as well as disclosure obligations among organizations. See “After a Cyber Breach, What Laws Are in Play and Who Is Enforcing Them?” (May 20, 2015).

    Read Full Article …
  • From Vol. 1 No.15 (Oct. 28, 2015)

    Orrick Attorneys Explain California’s New Specific Standards for Breach Notification

    California, a state that has been a leader in strong data security laws, has amended those laws to make their breach notification requirements more specific.  Aravind Swaminathan and Rishad Patel, Orrick partner and associate, respectively, spoke with The Cybersecurity Law Report about what companies need to know about the changes made by the amendments and how companies can approach the different notice requirements of 47 states.  The California changes take effect January 1, 2016 and include SB 570, which requires specific breach notice formatting; SB 34, which expands the definition of personal information and clarifies the substitute notice process; and AB 964, which clarifies the meaning of encryption.  See also “After a Cyber Breach, What Laws Are in Play and Who Is Enforcing Them?,” The Cybersecurity Law Report, Vol. 1, No. 4 (May 20, 2015).

    Read Full Article …
  • From Vol. 1 No.2 (Apr. 22, 2015)

    Steps to Take Following a Healthcare Data Breach

    The prevalence, size and cost of healthcare breaches is skyrocketing, with hackers gaining sophistication and regulators becoming more active.  It is a rare covered entity that has not had to report a data breach to patients/members and the U.S. Department of Health & Human Services Office for Civil Rights since the Health Information Technology and Economic Clinical Health Act became effective in 2009.  To assist healthcare companies in understanding and responding to data breaches in this regulatory environment, in a guest article, BakerHostetler partner Lynn Sessions discusses: the enforcement climate; the legal definition of a healthcare breach; strategies for handling unsecured personal health information; notification requirements and best notification procedures; activating a breach response team; mitigating the impact of a breach; and what’s next in cybersecurity for the healthcare industry.

    Read Full Article …