Published by Al Saikali

If you have noticed an increasing number of high profile problems for healthcare organizations with respect to privacy and security issues these last few weeks you’re not alone.  The issues have ranged from employee misuse of protected health information, web-based breaches, photocopier breaches, and theft of stolen computers that compromised millions of records containing unsecured

Legislation was introduced in the U.S. Senate late last week that, if passed, would create proactive and reactive requirements for companies that maintain personal information about U.S. citizens and residents.  The legislation, titled the “Data Security and Breach Notification Act of 2013” (s. 1193) creates two overarching obligations:  to secure personal information and

The phrase “cyber attack” elicits thoughts of a compromised information system, a crashed computer network, or inappropriate access to sensitive electronic information.  It doesn’t usually conjure up images of machinery setting on fire, and smoke emerging from a factory.  Nevertheless, here is a video of an experimental cyber attack named Aurora, which took place on

Late last week, another Federal District Court (the Southern District of Florida) weighed in on the circumstances under which a plaintiff may sue a breached entity civilly for damages when the plaintiff’s personally identifiable information (PII) is inappropriately accessed or acquired.  The Court allowed the case to proceed with counts for violation of Florida’s Unfair

Last week, the United States Court of Appeals for the Eleventh Circuit decided Resnick v. AvMed, Inc., No. 11-13694 (11th Cir. Sep. 5, 2012).  The Court’s opinion addresses some important issues regarding an individual’s right to bring a private lawsuit when her personally identifiable information or protected health information is compromised.  In its decision,

The title of this blog entry is somewhat of a misnomer because there is no single national data breach notification law that governs all information the same way as the state data breach notification laws do.  So, for the time being, companies and consumers are forced to determine which state data breach notification laws apply

In 2005, a company called ChoicePoint, which collected personal and financial information for millions of consumers, was the victim of a security breach.  Criminals stole from ChoicePoint personal information for more than 145,000 individuals.  The floodgates opened and a variety of other corporations and organizations revealed similar data breaches that had resulted in unauthorized