Alabama’s new breach law

Greg Price recently submitted an article to the Troy Messenger, Alabama’s new breach law:

Starting June 1, 2018, private and public entities must establish reasonable data security measures and notify those affected negatively when personal data has been compromised. Despite Alabama being last to the data breach notification parade, our law has been described among the most stringent in the nation. From my personal experiences, I agree, Alabama’s law takes into consideration third-party service providers which many states neglect. Alabama’s inclusion of “third-party agents,” that is to say, entities contracted to maintain, store, process, or otherwise permitted to access sensitive personally identifying information in connection with providing services to a covered entity, is outstanding for Alabama’s citizens – there is no hiding, passing of the proverbial buck: if you collect electronic information from your customers, you are responsible for it.

Read Full Article

Related News: Johns Hopkins University web server breached; up to 1,300 affected

One new article link has been added to our Related News page. SC Magazine published an article titled Johns Hopkins University web server breached; up to 1,300 affected.

As many as 1,300 current and former Johns Hopkins University biomedical engineering students’ personal information was posted online by an attacker claiming to be affiliated with hacktivist collective Anonymous.

After the university refused to give into extortion threats, the hacker dumped the data, including students’ names, email addresses and phone numbers, online, according to The Balitmore Sun.

Source: SC Magazine