[ Monday, April 30, 2007 ]
New York Data Breach Case:
New York has a state law, similar to California's, that requires businesses to notify potential victims if they suffer a data breach that puts the potential victims' personal information at risk. A claims management company lost a laptop computer to an office thief, failed to properly notify potential victims (apparently at the request of the investigating police officers), and ran afoul of the state Attorney General's office. They've reached a settlement
, which doesn't impose penalties on the company but does require them to follow set procedures. Certainly something worth looking into if you suffer a data breach and are subject to New York law.
Jeff [3:51 PM]
Blogger: HIPAA Blog - Edit your Template