340 000 Sensitive Legal Information Exposed

In particular, hipaa`s currently proposed amendments would facilitate access to medical records for patients and caregivers and reduce regulatory barriers to information sharing between providers for the purposes of care coordination and case management. [203] The NPRM was published in the Federal Register on January 21, 2021 and stakeholders have until March 22, 2021 to submit comments. [204] Retailers and loss prevention service providers. Many retailers have now tried to force arbitration and dismiss the lawsuits. [345] [64] Although the CCPA defines the term “business” in part as a for-profit entity that collects personal information from consumers doing business in California and owns “the personal information of 50,000 or more consumers, households or devices,” Cal. Civ. Code § 1798.140(c)(1)(B) [former ccpA text], the CPRA will remove these devices from the examination. See Cal. Civ. Code § 1798.140(d)(1) [as amended by the CPRA]. Web service companies. In July 2020, the U.S.

District Court for the Northern District of California approved a $117.5 million class action settlement for claims arising from data breaches that affected at least 194 million customers between 2012 and 2016. [303] The order approving the settlement is worth highlighting because of the detailed analysis that assessed the relevance of the settlement, in which the court compared the settlement to another significant data breach regulation approved in 2018. [304] The Court relied on a number of factors, including per capita recovery and other remedies in the regulation, the large number of violations, the period during which the violations occurred, the denial of the violations by the companies, the speed with which the companies were informed of the violations, the sensitivity of the data disclosed and much more. [305] These factors may be applied in future data breach cases to determine the relevance of comparative terms. TurgenSec experts found that the data breach was the result of misconfigured servers that allowed all sensitive documents involved to be set to “public” rather than “private.” This highlights the lack of awareness that even governments may have about the importance of properly configured networks in maintaining security. For at least two months, some 345,000 sensitive court documents from the Philippine Attorney General`s Office related to ongoing court cases were made public online and could have been accessed by anyone who knew where to look, according to British security firm TurgenSec, which identified the data breach. The company says the documents — which included hundreds of cases of words like “rape,” “execution” and “human trafficking” — were removed on April 28, but some are still cached by Google`s search engine and can be found on the open web. In addition to the cases described above, 2020 saw important updates on cases previously reported in last year`s report, as well as new issues related to children`s privacy and distance learning, connected vehicles and devices, and new legal issues in the fintech space. Historic establishment. In April, the U.S.

District Court for the District of Columbia approved a landmark $5 billion settlement with a major tech company over allegations by the FTC that the company deceived users into believing that certain settings would protect their information, including images and videos. whether instead this information would have been shared by the company with advertisers and other third parties. [178] In a statement at the time, FTC President Joe Simons noted that the settlement was “by far the largest fine ever received by the United States on behalf of the FTC, and the second largest in any context.” [179] New York. In 2020, New York lawmakers, including Senator Kevin Thomas (former sponsor of a comprehensive New York Privacy Act[39] and proposed amendments to the New York Data Breach Notification Act)[40], S8448D/A10583C, introduced legislation that “meets the requirements for the collection and use of emergency medical and personal data, as well as the use of technology to support covid-19. relates”. [41] This bill would apply to a wide range of “covered entities,” including “any person, including a government entity,] who collects, processes or discloses emergency health data. electronically or by wire or radiocommunication, as well as any company that “develops or operates a website, web application, mobile application, mobile operating system function or smart device application for the purpose of tracking, verifying, monitoring, tracing or mitigating contacts, or otherwise responding to the COVID-19 public health emergency”. [42] Health insurance.