January 2019 – InfoHive

Legal TREND. Health Care Data Breach Leads to All Employers have Duty to Protect Employee Data

Pennsylvania Supreme Court rules that all employers must exercise reasonable care to protect worker data.

How did they get there? A health care provider employee data breach led to a lawsuit. Lower courts sided with the employer that there was no data security requirements for employee records. The PA Supreme Court disagreed.

Pittsburg Post Gazette | PA Supreme Court rules UPMC — and all employers — must protect workers’ data. Doing so is harder

New Report. Key to State Data Security is Procurement.

Why is procurement key?

Procurement contracts can set the tone for state data security standards
Telecom infratructure is key to data security
States should offensively say what the data standards are, rather than what cannot be done
Private-public cooperation is the key for leading global solutions
Strengthen cyber security workforces
Contracted cloud solutions can fill in when funding does not exist for state data security experts

The Kosciuszko Institute | CYBE…

Lege TREND. Anatomy of a Data Security Election Bill.

State: Minnesota

Bill: SF 17 (MN | 2019)

What does it do?

reworks state voter registration to secure it better
federal funds
all specifics of how the new voter registration will protect voter data is determined by the state secretary of state

Lege Trend. Data Broker Registries

Tim Cook (Apple) is recommending a Data Broker Registry.

What’s a data broker? they buy and sell data from third parties

So how would it work?

every consumer can opt into their data being collected or not
consumers would be able to remove their data from the registry
the FTC would house the registry and consumers could see what info is being collected and by whom

Why does this sound familiar? Because in 2018 informed:intel told you about the first in the nation data broker state law in VT,…

4 Cyber Security Issues for Legislators

Election Security
Data privacy and Security think Marriott and Equifax Breach fixes to protect consumer data
Infrastructure Protection
Cyber Security Workforce

The Hill | Four cybersecurity priorities for Congress to confront active threats

Lege Trend. Anatomy of a Strict Data Breach Notification State Bill.

30 days to provide notification to consumers
Greater disclosures to consumers about data collected and where it is stored
Free credit freezes and unfreezes for a year
4 years of credit monitoring- free
Applies Deceptive Trade Practices Act penalties to Businesses (these accrue daily and per incident)

Who is backing this bill: North Carolina State Attorney General

What impact does this have to businesses?

healthcare comapnies would see their notifcation timeline cut from 60 days to 30…

Procurement Opportunity State Employee Cyber Security Training

What are states doing to train their employees to protect data?

Michigan, Oklahoma and Wyoming encourage but don’t require training
Idaho Governor Excutive order requires training for all executive staff
Illinois in 2017 made cybersecurity training mandatory for state employees
Indiana’s CIO has authority to make training mandatory for state employees
Utah sends out phony phishing emaisl to state employees to test them
CT offers voluntary training every 2 months
Alabama offers daily…

Lege TREND. Refresher Insurance Data Security Bills.

SB273 (OH |2018) does the following:

Adopts the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law
OH becomes the 2nd state after South Caroline to adopt the model law
Requires licesees develop, implement, and maintain a comprehensive information security program that contains administrative, technical, and physical safeguards to protect nonpublic information and the licensee’s information system within 1 year of the effective date of the Act;
Perform…