Judge Jeffrey White of the Northern District of California recently dismissed a putative class action lawsuit in which plaintiffs claimed they faced an imminent threat of future of harm in the form of identity theft and fraud because their personal information, specifically their driver’s license numbers, may have been compromised
Identity Theft
California Amends Data Breach Notification Law to Require Notification of Breach of Encrypted Personal Information When Encryption Key Has Been Leaked
On September 13, 2016, California Governor Jerry Brown signed into law AB 2828, an amendment to the law that requires businesses to disclose data breaches to California residents whose personal information has been compromised.
Currently, the law requires notification of a breach when a California resident’s unencrypted personal information…
Tales from the (Quantum) Crypt
The dream of hack-proof communication just got a little closer to reality. On August 16, 2016, China launched the world’s first “quantum satellite,” a project the Chinese government hopes will enable it to build a communication system incapable of being hacked. Such a system, if perfected, would allow for encrypted communications between any two devices with absolute certainty that the encryption could not be broken, and with a built-in mechanism for alerting the sender/receiver if someone tried.
An Ounce of Prevention…Is Tax-Free: IRS Expands Tax Relief to Pre-Data Breach Identity Theft Protection Services
As reported here [http://www.proskauertaxtalks.com/2015/09/irs-provides-some-relief-after-data-hacks/], after last year’s customer data security breaches at major U.S. corporations, the IRS announced special tax relief for identity protection services provided to individuals affected by a security breach. In response to comments solicited in connection with that announcement, the Treasury Department and IRS have in Announcement 2016-02 [https://www.irs.gov/pub/irs-drop/a-16-02.pdf] extended that relief to no-cost identity protection services provided before a data breach.
California Updates State Breach Notification Law, Expands Security Procedures to Entities that “Maintain” Personal Information
On September 30, 2014, California took further steps to protect the personal information of its residents by amending several sections of its breach notification and information security laws (Cal. Civ. Code §§ 1798.81.5, 1798.82 and 1798.85). The amended law, which is effective January 1, 2015, updates existing law in three…
A $1.2 Million Photocopier Mistake: Health Plan Settles with HHS in HIPAA Breach Case
We have heard the well-publicized stories of stolen laptops and resulting violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and we generally recognize the inherent security risks and potential for breach of unsecured electronic protected health information posed by computer hard drives. We remember to “wipe” the personal data off of our phones or computers before they are disposed, donated, or recycled.
A recent HIPAA settlement offers a costly reminder that other types of office equipment we use regularly have similar hard drives capable of storing confidential personal information.
California Court of Appeal Says Chevron Can Collect ZIP Code Information for Pay-at-the-Pump Transactions
On June 20, 2013, the California Court of Appeal affirmed the dismissal of a putative class action which alleged that Chevron violated California’s Song-Beverly Credit Card Act (“Song-Beverly”) by requiring California customers to enter ZIP codes in pay-at-the-pump gas station transactions in locations with a high risk of fraud. Flores …
The SEC and CFTC Adopt Identity Theft Red Flag Rules
The Securities and Exchange Commission (the “SEC”) and Commodity Futures Trading Commission (the “CFTC”) recently adopted rules requiring entities subject to their respective enforcement authorities to adopt and implement programs to detect and respond to indicators of possible identity theft, as required by the Dodd-Frank Wall Street Reform and Consumer…