Hospital Fined $250,000 For Not Reporting Data Breach

Lucile Salter Packard Children’s Hospital at Stanford University has been fined $250,000 by California health officials for failing to report within five days a breach of 532 patient medical records in connection with the apparent theft of a hospital computer by an employee.

Penalty equates to $100 for every day of delayed reporting after the first five days for each patient medical record that was breached!

The state’s medical record confidentiality laws require notification of a data breach within 5 days. While this law applies to the medical industry, there is a similar law which applies to all organizations – state government agencies and nonprofit organizations, as well as companies of all sizes, regardless of geographic location, that hold personal data on persons living in California.

California Senate Bill 1386, also known as the California Security Breach Information Act

SB1386 requires companies that collect and hold personal information on Californian residents –whether customers, employees, or individuals involved in some facet of the business – to notify immediately each person on their database should an information security breach occur OR if one is suspected.

The SB-1386 & ISO27002 Implementation Toolkit

The SB-1386 & ISO27002 Implementation Toolkit

Adhering to the Californian Senate Bill 1386 is crucial for any organization dealing with the personal information of individuals based in California. Specific privacy breach reporting requirements are set out in SB1386, for organizations that hold electronically stored personal information. Failure by an organization to comply by informing individuals when their personal information has been compromised, or even a suspected breach has taken place, can have catastrophic consequences.

The IT Governance comprehensive SB-1386 & ISO27002 Implementation Toolkit is specifically designed by experts in data compliance legislation, to guide organizations and agencies that must act in accordance with with SB1386; it conforms to ISO27002 and, if desired, also helps organizations prepare for external certification (ISO27001) that would demonstrate conformance to such a standard.

Don’t be the next $250,000 fine – Ensure your organization complies with this law

Buy The SB1356 & ISO 27001/27002 Toolkit Today >>