Data Breach

Advocate Health Care Network Agrees to Pay $5.55 Million to Settle Potential HIPAA Penalties

August 5, 2016 By HIPAA Privacy & Security Team

On August 4, 2016, the Office of Civil Rights (“OCR”) announced that Advocate Health Care Network (“Advocate”), Illinois’ largest fully-integrated health care system, has agreed to pay a record-breaking $5.55 million to settle claims of multiple Health Insurance Portability and Accountability Act (“HIPAA”) violations involving electronic protected health information (“ePHI”). The substantial settlement stems from […]

Alston & Bird Issues Advisory on Six Myths of Breach Response

July 13, 2016 By Privacy, Cyber & Data Strategy Team

Alston & Bird recently issued an Advisory entitled “Six Myths of Breach Response,” authored by Jim Harvey. As data breaches are on the rise, so are the challenges that businesses face in handling these security incidents. This Advisory identifies six strategic pitfalls to avoid when responding to breaches. The Advisory addresses the true significance of […]

Illinois Makes Extensive Changes to Data Breach Notification Law

May 18, 2016 By Privacy, Cyber & Data Strategy Team

On May 6, 2016, Illinois Governor Bruce Rauner signed HB1260, which significantly updates the state’s Personal Information Protection Act. The changes take effect on January 1, 2017. When the new law becomes effective, Illinois’ data breach notification statute will include one of the broader definitions of the information which, if breached, will trigger notification […]

Supreme Court Holds Congress Cannot Confer Automatic Standing By Statute

May 18, 2016 By Donald Houser

The Supreme Court has issued its much anticipated opinion in Spokeo Inc. v. Robins, No. 13-1339, 578 U.S. ___ (2016) (click here for a prior post detailing the procedural history and case background). The Supreme Court granted certiarori in Spokeo to determine whether a bare violation of a statute – the Fair Credit Reporting Act […]

Nebraska Makes Changes to Data Breach Statute

April 19, 2016 By Privacy, Cyber & Data Strategy Team

Nebraska Governor Pete Ricketts has signed LB835 into law, updating the state’s data breach notification statute. The changes take effect on July 20, 2016. With the updates, Nebraska joins a growing number of states that include a username or email in combination with a password or security question and answer that would permit access to […]