The Kentucky legislation, if enacted, would require victimized state agencies to notify individuals whose personal data were exposed within 35 days of the completion of the investigation into a breach.
Undeterred, two senators will try again to get their colleagues to enact legislation that they contend would better safeguard sensitive information and notify consumers of a data breach when personally identifiable information is exposed.
Target Corp.'s revelation that personal information about up to 70 million customers was breached in a recent malware attack raises new questions about Target's security practices and risks to consumers.
The House of Representatives is scheduled to vote Jan. 10 on two Republican bills addressing breach notification requirements and data security for Obamacare's HealthCare.gov website and health insurance exchanges.
The Department of Health and Human Services has issued a proposal that aims to remove legal barriers under the HIPAA Privacy Rule that may prevent state agencies from reporting mental health information used for gun background checks.
Leon Rodriguez, director of the HHS Office for Civil Rights, could leave the HIPAA enforcement agency to become the director of U.S. Citizenship and Immigration Services if his presidential nomination is formalized and he wins Senate approval.
Buried deep within a 308-page report from a presidential panel on ways to tighten federal surveillance and IT security programs are important recommendations on how to mitigate the insider threat at federal agencies.
Another federal investigation of a relatively small health data breach has resulted in a financial penalty, this time for a physician group practice in Massachusetts. Find out the details behind the settlement.
While preparing a speech to be delivered in Korea, NIST's Ron Ross wanted to convey the message of the importance of computer security. He hit on five themes - threat, assets, complexity, integration and trustworthiness - which form the acronym TACIT.