Litigation and legal developments concerning data breaches.
Wiley Rein explains: The New Mexico Court of Appeals has held that cyber policy language affording coverage “for” a security breach was ambiguous and must be construed broadly to provide coverage for a breach of contract claim “because of,” “resulting from,” or “on account of” a security breach. Kane ex rel. N.M. Health Connections, Inc. v. Syndicate […]
The Office for Civil Rights (OCR) entered into two recent settlements with HIPAA covered entities alleging that they failed to conduct security risk assessments. Robinson & Cole LLP discusses the enforcement actions. Deer Oaks On July 7, 2025, OCR announced a settlement with Deer Oaks, a behavioral health provider, for alleged violations of HIPAA. The settlement resolves […]
Earlier this year, North Dakota’s Governor signed HB 1127, which imposes new obligations for financial corporations operating in North Dakota. The law will take effect on August 1, 2025. From JacksonLewis, an explainer on the new law’s requirements for a comprehensive, written information security programs: Read more of the required elements at Workplace Privacy, Data Management & […]
Attorneys at Fisher Phillips write: Read more at JDSupra.
Data breach notification law is governed by the Personal Information and Electronic Documents Act (PIPEDA). This federal law regulates the handling of personal information during commercial transactions. This includes the collection, use, and disclosure of personal data. As Lexpert explains, by extension, this also includes the storage of information while in use: Read more at […]
United24 reports: The United States has imposed sanctions on the Russian cybercrime group Aeza Group and its associated global network, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced on June 1 [sic]. OFAC designated Aeza Group for its role in supporting cybercriminal operations targeting victims in the United States and […]
Pharmacy Times reports: In January 2021, a nationwide mail-order pharmacy located in Massachusetts experienced a data breach. The pharmacy discovered the breach in May 2021 and investigated to determine its scope. Personally identifiable information (PII), including names and Social Security numbers for more than 75,000 customers, was breached. In February 2022, 9 months after the […]
From Covington and Burling: Read more at Inside Privacy.
From attorneys at Jackson Lewis: On June 20, 2025, Texas Governor Greg Abbott signed SB 2610 into law, joining a growing number of states that aim to incentivize sound cybersecurity practices through legislative safe harbors. Modeled on laws in states like Ohio and Utah, the new Texas statute provides that certain businesses that “demonstrate[] that at the time […]
Foley & Lardner has updated a resource on state laws. From their website:
