Tennessee, Montana, Iowa, and Indiana have each recently passed a consumer privacy statute in recent weeks. These laws follow the same trend started by California’s Consumer Privacy Act by granting consumers the right to know whether a company is processing their data; the right to access that data, obtain a copy, and to have it
Indiana
Indiana Amends Breach Notification Law to Require Notification Within 45 Days
Indiana has amended its breach notification law to require entities to notify individuals “without unreasonable delay, but not more than forty-five (45) days after the discovery of the breach.” It clarifies that a delay is “reasonable” if it is: “(1) necessary to restore the integrity of the computer system; (2) necessary to discover the scope…
At Least 22 States Have Consumer Privacy Legislation Pending – Will 2022 Be the Year for More State Privacy Laws?
California is the gold standard for state privacy laws, having recently enacted the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). Virginia and Colorado also have enacted comprehensive privacy laws, which will take effect in 2023. Recently, the International Association of Privacy Professionals (IAPP) released its state privacy legislation tracker.…
Public Safety Sector and Drone Use: The Fort Wayne, Indiana Model
The public safety sector continues to grow and the need for police use of drones to protect and serve their communities is growing along with it. In Fort Wayne, Indiana, the Police Department Air Support Unit (ASU), first formed in 2017, is responsible for overseeing emergency service team (EST) operations. The team consists of two…
CafePress to Pay $2 Million in Multi-State Data Breach Settlement
On December 18, seven states have entered into a settlement agreement with e-retailer Cafe-Press for $2 million stemming from a 2019 data breach that exposed information of approximately 22 million consumers. The breach affected consumers’ personal information, including usernames and passwords, Social Security numbers, and/or Taxpayer Identification numbers.
Of the $2 million, $750,000 will be…
On the Border Restaurant Suffers Data Breach
Last week, the Tex-Mex restaurant chain On the Border suffered a data breach that impacted its payment acceptance systems in 27 states. The restaurant says that some credit card information of customers who visited the chain between April and August 2019 may have been compromised. In a press release, On the Border representatives said, “Our…
FTC and Ten States Settle with Caribbean Cruise Lines for Robocall Accusations
This week, the Federal Trade Commission (FTC) and ten states settled charges against the Florida-based cruise line, Caribbean Cruise Line, Inc. (CCL), for an illegal telemarking campaign that inundated consumers with billions of unwanted robocalls. In settling these charges, CCL’s owner, Fred Accuardi, and all of his companies are barred from robocalling and illegal telemarketing.…
Cancer Services Provider Confronts Ransomware Bully
My newest hero in the fight against ransomware is Little Red Door Cancer Services of East Central Indiana (Little Red Door). I am sending a donation to it to celebrate its courage in the last few weeks.
Little Red Door is a small not-for-profit agency in Indiana devoted to help cancer victims during their treatment, recovery and end of life. Its mission is to help people suffering with cancer.
On January 11, 2017, TheDarkOverlord attacked Little Red Door with ransomware and demanded a payment of 50 Bitcoin (approximately $43,000) for return of the data. If the ransom wasn’t paid, the threat was that confidential information would be disclosed to the public.
Continue Reading Cancer Services Provider Confronts Ransomware Bully
Orleans Medical Clinic Notifies 6,890 Patients of Data Breach
Orleans Medical Clinic (Orleans) in Indiana has notified the Office for Civil Rights that the protected health information of 6,890 patients was compromised as a result of an upgrade to its server. Orleans is in the process of notifying the affected patients whose information was exposed. According to Orleans, when it upgraded its server, its…
Indiana Governor announces formation of Indiana Executive Council on Cybersecurity
Indiana Governor Mike Pence announced last week the formation of the Indiana Executive Council on Cybersecurity through an Executive Order. The Council, comprised of 23 members from public and private organizations, is designed to be a public-private partnership to work together to protect the state from online threats.
In announcing the Council, the Governor stated…