In Dittman v. UPMC, the plaintiffs brought a class action alleging UPMC was negligent in securing the data and breached an implied contract. A divided panel of the Pennsylvania Superior Court ruled that UPMC did not owe a legal duty to its current and former employees to protect their personal and financial information from hacking.
Based on Tribes’ input, this Report articulates a set of principles that should inform agency practices in the realm of infrastructure. Among other things, this includes appropriate staffing, training, and resource allocations, as well as guidance as to how Tribal interests should be incorporated into agency decision-making processes in both formal and informal ways. These recommendations should help agencies fulfill their dual responsibilities of complying with applicable treaty and trust responsibilities and ensuring a smooth runway for infrastructure investments.
Justice Department Finds a Pattern of Civil Rights Violations by the Chicago Police Department.
Three States Join Others to Expand Personal Information Definition to Include Usernames or Email AddressesMark L. Krotoski, Pulina Whitaker and W. Scott Tester
A key issue in determining whether notification is required following a data breach is whether “personal information” (PI) was acquired by an unauthorized person. US states vary significantly in defining what information qualifies as PI. As part of a recent trend, some data breach notification statutes have been expanding the definition of PI, including by adding usernames and email addresses.
Whether justified or not, the recent spate of high-profile police shooting cases throughout the United States has brought national attention to the issue of whether law enforcement officers should be using body cameras while on duty.
The Sixth Edition of the Trial Manual for the Defense of Criminal Cases is now available for free download.