Iowa introduced a new bill, SSB 3200, on February 20 to establish a state privacy breach notification law.
As originally worded it would have also required merchants to follow credit and debit card industry data security rules and make them liable to banks for costs they incurred after a breach of payment card transaction data not retained in compliance with those rules. However, in the past week SSB 3200 was amended in committee to remove the retailer liability provisions.
A companion bill, HSB 721, was introduced February 26.
Posts Tagged ‘PII’
Iowa Privacy Breach Bill Has Much Of Its Teeth Pulled
Monday, March 10th, 20083rd HIPAA Criminal Indictment; Another Insider Job
Sunday, March 2nd, 2008Will Bad News Come in 3’s For Health Net?
Saturday, March 1st, 2008In the past several days Health Net made the news…in ways they would rather not have…
First this on 2/22:
Great Information Security and Awareness Event Coming In April
Tuesday, February 26th, 2008There’s a great information security and privacy awareness event coming up, Internet Safety Night on April 23, 2008, 6:30-8:30 p.m.
Have You Reviewed the FTC’s Proposed Privacy Principles Yet?
Monday, February 25th, 2008If you are responsible for information security or privacy at your organization, and your organization does marketing, here is something you need to know about and discuss with your marketing folks. I blogged about this in December.
$54 Million Lawsuit Against Best Buy For Losing Laptop
Wednesday, February 13th, 2008I knew the civil suits for lost laptops would start soon. Thanks so much to my buddy Alec for pointing out this story to me!
Raelyn Campbell took a laptop computer to Best Buy to get fixed, and three months later, after giving Campbell the run-around, Best Buy admitted to her that they lost the computer.
Give a Hoot, Don’t Privacy Pollute!
Tuesday, February 12th, 2008I just saw a term that can be used really well with non-technical folks, “data pollution.”
I wish I had thought of that term!
Today Google Provides Another Path For Data Leakage
Thursday, February 7th, 2008Here’s one more thing for IT, Information Security and Privacy folks to put on their list of things to worry about…
Encryption So Easy Even A Terrorist Can Use It
Tuesday, February 5th, 2008It seems all business leaders would understand by now, after literally thousands of privacy incidents in recent years, that they need to encrypt personally identifiable information (PII) stored on mobile computers and mobile storage devices, and when sending PII through networks.
Even the bad guys understand this.
A Stolen Health Insurer’s Laptop With PII Is Not Necessarily A HIPAA Violation
Wednesday, January 30th, 2008While scanning the news blurb summaries today, the statement, “This is a violation of HIPAA.” caught my eye. Hmm…let’s see what this is about…
This statement was actually within the reader comments to the story, “Blue Cross reports theft of computer.”
