On March 24, 2016, Tennessee Governor Bill Haslam signed SB 2005 into law. The bill makes three principal updates to Tennessee’s data breach statute. First, the statute will now require organizations that have experienced a data breach to notify individuals within 45 days from the discovery or notification of the breach, unless a longer period of time […]
Security Breach
HHS/OCR Announces Launch of HIPAA Audit Program Phase 2
Today, the U.S. Department of Health & Human Services’s (HHS) Office for Civil Rights (OCR) announced the launch of Phase 2 of its HIPAA Compliance Audit Program. (OCR’s announcement can be accessed at Audit Phase 2 Announcement and further information about Phase 2 can be accessed at Audit Phase 2 Information.) In this phase, OCR will […]
FTC Announces Study of PCI-DSS Assessment Companies
On Monday, March 7 the Federal Trade Commission (FTC) issued a press release announcing that it had issued Orders to nine Qualified Security Assessor (QSA) companies, which are certified to assess whether or not entities involved in payment card processing, such as merchants, are compliant with the Payment Card Industry Data Security Standards (PCI DSS). […]
IBM and Alston & Bird Webinar: Cybersecurity Preparedness and Incident Response – On a Global Basis – March 29
IBM and Alston & Bird will host a webinar on Tuesday, March 29. Security incidents are increasingly taking on a global flavor, as multi-national companies continue to expand their data footprint across the globe. At the same time, a number of countries are passing new laws and regulations regarding cybersecurity preparedness and breach notification. The […]
FTC and Wyndham Settle Data Security Allegations
On December 9, 2015, the Federal Trade Commission announced that Wyndham Worldwide Corp., Wyndham Hotel Group LLC, Wyndham Hotels and Resorts, LLC, and Wyndham Hotel Management, Inc. (“Wyndham”) had agreed to settle FTC charges that the company’s security practices unfairly exposed the payment card information of consumers to hackers in three separate data breaches between […]