FTC Undertakes 10-Year Review of Health Breach Notification Rule, Seeks Public Comments

By Jennifer K. Wagner, J.D., Ph.D.   On April 15, 2020, the Federal Trade Commission (FTC) published a notice of its intent to conduct a 10-year review of the Health Breach Notification Rule (HBN Rule) (85 FR 20889) and announced on May 8, 2020 that it would be requesting public comment. The comment period will
Read More »

An Approach to Discharging the Duty of “Reasonable Care” in Data Breach Matters

By Joseph Decker and Brett Creasy, CCE, CISSP, bit-x-bit LLC   When a company is targeted and a data breach results, the exposure can be staggering.  To take the most extreme example, Equifax’s Jan. 13, 2020 settlement of a 2017 class action data breach lawsuit, regarding a breach incident that affected approximately 147 million people,
Read More »

SB 308 Proposes 14-Day Data Breach Notice Requirement for Pennsylvania Businesses

By Thomas S. Markey and Chase J. Wright, McNees Wallace & Nurick LLC   In today’s tech-reliant business environment, companies increasingly maintain and store records electronically. With the luxury of going paperless comes the risks surrounding a potential data breach. If such a breach occurs and certain personal information is compromised, all U.S. states require
Read More »

Pennsylvania Supreme Court Holds Employers Have Duty to Protect Employee Data from Cyberattacks

By Joshua Mooney   As much of the country’s workforce traveled on the Wednesday before the Thanksgiving holiday, the Supreme Court of Pennsylvania issued a landmark decision in cybersecurity: under Pennsylvania law, employers have an independent duty to protect employee data from cyberattacks. Specifically, in Dittman v. UPMC, 2018 Pa. LEXIS 6051 (Pa. Nov. 21,
Read More »

Is Your Firm’s Data Secure? Common Law Firm Security Loopholes

By Jennifer Ellis, Esquire   Data breaches and identity theft are both serious and growing problems. Yet, many law firms fail to take the steps necessary to keep their clients’ information safe. Failure to protect not only your clients’ data, but the data of opposing parties, can lead to ethical issues, fines from government agencies
Read More »