Wyatt Employment Law Report

Leave a comment

Legislation Would Require Kentucky Businesses to Notify Consumers of Data Breaches

By Daniel C.  Soldato

Data breaches, particularly of consumer information and other private information, are becoming an increasing public concern and a headline in the daily news.  We regularly hear about incidents in which electronically stored customer information is lost by or stolen from businesses, including health care companies, retailers, and telecommunications companies.  These risks are exponentially increasing with the increased use of mobile devices in businesses (e.g., laptops, tablets, flash drives, smartphones, etc.) and the increased use of mobile apps by consumers.  Electronic data, if not adequately secured, can lead to both physical and electronic thefts (e.g., hacking, malware, etc.).  In light of the increase in data breach reports, this week, the Consumer Financial Protection Bureau issued an advisory bulletin to provide guidance to consumers on protecting their personal information following the recent high-profile breaches involving debit cards and other payment data (e.g., Target, Michaels, Neiman Marcus).  Notice to consumers about a breach of their data is seen as another way to further protect against a loss. Continue reading

Leave a comment

Sweeping New Data Breach Notification Regulations Effective September 23

By Erin Brisbay McMahon

If your company is an employer with a self-insured health plan, sweeping new data breach notification regulations issued on August 24, 2009 will impact your company, as well as companies that need to use the health information of your employees to render services to the plan (e.g., third-party administrators).  The regulations, issued by the Department of Health and Human Services (HHS), go into effect September 23, 2009.

While employers aren’t subject to the data breach notification regulations, the self-insured health plans they sponsor are.  Because most employer-sponsored health plans don’t have employees, compliance responsibilities fall to the employer.

Continue reading