Earlier this week, New York Attorney General Eric Schneiderman announced a $575,000 settlement with EmblemHealth for a data breach incident that exposed the Social Security numbers of more than 80,000 individuals. "At first glance, the case might seem 'routine,'" writes Wiley Rein Partner Kirk Nahra, CIPP/US. "Company has security breach, government investigates, and takes enforcement action. ... But there's a lot more going on here," he adds. In this post for Privacy Perspectives, Nahra highlights three takeaways from the case, including how the attorney general is using the case to propose an amendment to New York state data breach notification law, the importance of risk management around SSNs, and the fact that a state attorney general took an enforcement action under HIPAA.
If you want to comment on this post, you need to login.