HB Ad Slot
HB Mobile Ad Slot
EyeMed Data Breach Multistate Settlement
Thursday, May 18, 2023

EyeMed recently entered into a settlement with the Attorneys General of Oregon, New Jersey, Florida and Pennsylvania around a 2020 breach of an EyeMed email account that contained the data of more than 2 million individuals. As we previously reported, EyeMed entered into settlement with NYDFS over this breach in October of 2022. 

EyeMed has agreed to pay $2.5 million as a part of this new settlement as well as implement an information security program with requirements around the following areas: (1) data collection and retention; (2) cyber security operations center; (3) logging and monitoring; (4) email filtering and phishing solution; (5) access controls; (6) authentication; (7) asset inventory; (8) data loss/exfiltration prevention; (9) encryption; (10) data deletion; (11) risk assessments; and (12) information security program assessment. For two years after the settlement, EyeMed must provide the Attorneys General a certification of compliance as well as additional documents requested to demonstrate compliance.

Putting it Into Practice: In addition to monetary settlements, in the aftermath of a breach, regulators are focusing on the security in place at the time of the breach. This is a reminder that companies should regularly assess their information security program to ensure it is appropriately designed to protect the security, integrity, and confidentiality of the companies’ data.

HTML Embed Code
HB Ad Slot
HB Ad Slot
HB Mobile Ad Slot
HB Ad Slot
HB Mobile Ad Slot
 
NLR Logo
We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins