Mark L. Krotoski, Pulina Whitaker and W. Scott Tester | January 11, 2017 | Data Privacy
A key issue in determining whether notification is required following a data breach is whether “personal information” (PI) was acquired by an unauthorized person. US states vary significantly in defining what information qualifies as PI.1 As part of a recent trend,...
Pauline Toboulidis | October 6, 2016 | Data Privacy
Johnson & Johnson recently warned its patients in a letter that the OneTouch Ping Insulin Pump System has a cybersecurity issue involving the possibility of a third party gaining unauthorized access to the pump. Though the pump system is not connected to the...
Lara K. Forde and Elisa M. Krause | October 3, 2016 | Data Privacy
The Sixth Circuit has made it easier for victims of a data breach to proceed in court. In a case involving alleged victims of a data breach at Nationwide Mutual Insurance Company, the appellate court ruled that fear of future harm following a data breach is sufficient...
Melody McAnally | September 29, 2016 | Data Privacy
On July 1, 2016, important changes to Tennessee’s data breach notification law went into effect, which concerns all employers. Tennessee removed the encryption safe harbor, requires notice for employee data breach incidents, and changes when organizations must send...
