The Final Countdown: Your CPRA Checklist

In a July post (available here), we discussed a new rush of state data privacy laws that will affect businesses nationwide. In that post, we discussed new laws coming online in California, Colorado, Connecticut, Utah, and Virginia. Of these, the law that is (or should be) on every business’s mind right now is the California Privacy Rights Act or “CPRA”. This law [...]

2022-12-05T09:36:50-05:00December 2nd, 2022|

Planning for 2023: New State Data Privacy Laws Coming Online

On May 10, 2022, Connecticut Governor Ned Lamont signed the Connecticut Data Privacy Act, making Connecticut the fifth state in the nation to pass a comprehensive data privacy law after California, Colorado, Utah, and Virginia. Together, these laws represent a monumental shift in the regulatory landscape for businesses and impose significant and meaningful legal obligations on companies nationwide – regardless of where the company is located. [...]

2022-07-21T14:59:08-04:00July 20th, 2022|

Lawsuits Increasing Following HIPAA Breaches

Almost as surely as summer follows spring, lawsuits follow breaches of protected health information. Here’s a roundup of recent HIPAA breach lawsuits and settlements. Lawsuits Increasing Following HIPAA Breaches - Facts and Figures The law firm BakerHostetler published its annual Data Security Incident Response Report based on findings from 1,270 data security incidents managed by the firm in 2021.  Highlights included: 23% [...]

2022-05-27T16:58:52-04:00May 27th, 2022|

Colorado Privacy Act Becomes Third Comprehensive State Data Privacy Law

The Colorado Privacy Act (CPA) is a comprehensive consumer data privacy law passed in July 2021. The CPA taking effect on July 1, 2023, regulates the personal information of Colorado residents. Details of the Colorado Privacy Act are provided below. Who Is Regulated Under the Colorado Privacy Act? The Colorado Privacy Act regulates certain businesses that the law terms “controllers.” To qualify [...]

2022-05-06T17:03:31-04:00March 24th, 2022|

Utah Consumer Privacy Act Goes to Governor for Signature

The Utah Consumer Privacy Act (UCPA) is legislation unanimously passed in the Utah Legislature. The final version of this Utah privacy law now awaits the signature of Governor Spencer Cox. If, as expected, the Governor signs the legislation by March 24, 2022, Utah will become the fourth state in the nation with a comprehensive consumer privacy law. The details of the Utah Consumer Privacy Act are [...]

2022-05-06T17:03:32-04:00March 14th, 2022|

Settlement Reached in Excellus HIPAA Class Action Lawsuit

The final chapter of the Excellus Health Plan 2015 data breach that affected more than 9.3 million patients nationwide may be in sight. A settlement has been reached between the plaintiffs’ attorneys and the company in the Excellus HIPAA class action lawsuit, pending judicial review. Basis of Excellus HIPAA Class Action Lawsuit Attorneys announced the settlement on January 24, 2022, with Excellus, [...]

2022-05-06T17:03:39-04:00January 27th, 2022|

NY AG SHIELD UP! Vision Benefits Provider Settles Email Data Breach

In January of 2022, EyeMed Vision Care LLC, a New York vision benefits provider, settled an action brought by the New York State Attorney General against it for failing to implement adequate data security measures, including multifactor authentication, password management, and logging of email accounts.  These deficiencies resulted in a 2020 email data breach during which hackers accessed an EyeCare email account [...]

2022-05-06T17:03:39-04:00January 26th, 2022|

Data Breach Lawsuit Filed After Theft of Nearly 320k Records

Electronic Health Record (EHR) services provider QRS Inc. is facing a data breach lawsuit following an August cyberattack that may have compromised the privacy of 319,778 patients. Background of QRS Data Breach Lawsuit In a statement on their website, QRS confirmed their discovery on August 26, 2021, that a threat actor had accessed a server and may have obtained electronic protected health [...]

2022-05-06T17:03:41-04:00January 14th, 2022|

Quest Diagnostics Subsidiary Hit with Data Breach Lawsuit

Quest Diagnostics subsidiary, ReproSource Fertility Diagnostics has been sued by a patient over alleged security deficiencies. The Quest data breach lawsuit was filed one month after the October 8, 2021 announcement of a ransomware attack that potentially exposed the protected health information (PHI) of 350,000 individuals. Details of the Quest Data Breach Lawsuit According to the notification provided by ReproSource, the company’s [...]

2022-05-06T17:03:43-04:00December 31st, 2021|

New Jersey State Attorney General Settles HIPAA Claims Against Printing Companies

In November of 2021, the New Jersey State Attorney General’s (AG) Office, Division of Consumer Affairs, settled 2 HIPAA claims, one HIPAA claim against Command Marketing Innovations (CMI), and another HIPAA claim against CMI’s business associate, Strategic Content Imaging, LLC (SCI). This $130,000 resolution settled each company’s potential HIPAA Security Rule and Privacy Rule violations. The printing companies were drummed into New Jersey court for having [...]

2022-05-06T17:03:45-04:00December 21st, 2021|