Home | FAQ | Tech Support

News Employee/Customer Data On Black Market Triggers Federal And State Laws A foreign executive is accused of selling the data of 31 million customers on the black market. What laws does the U.S. have regarding the sale of personal data? We examine. Read More Passports: The Personal Identifier That Goes The Extra Distance For Online Criminals A major hotel chain is hacked, and passport information was stolen from guests. We explain why your passport data is valuable to criminals. Read More Nation State Spear Phishing Linked To Social Media Use The DOJ seizes more than 40 internet domains of a nation state because of coordinated phishing campaigns to steal confidential information. Learn why prevention starts with your social media use. Read More	Employee/Customer Data On Black Market Triggers Federal And State Laws February 27, 2025 Star Health Insurance is facing regulatory scrutiny following allegations that a senior executive sold personal data of over 31 million customers. This incident has highlighted the urgent need for India to expedite the implementation of the Digital Personal Data Protection Act, 2023, which can impose heavy fines and stringent penalties on companies failing to secure data. Legal experts emphasize the importance of regular audits and assessments of data security practices for businesses, aligning with global standards. The new Act mandates that data fiduciaries must protect personal data in their possession by taking reasonable safeguards to prevent breaches. The breach has also brought attention to the need for timely disclosure of such incidents. The alleged data breach at Star Health Insurance underscores the vulnerabilities in data protection and the potential legal ramifications for companies that fail to secure personal data. https://legal.economictimes.indiatimes.com/news/corporate-business/star-health-faces-regulatory-scrutiny-over-alleged-data-breach-experts-warn-of-legal-ramifications/114176484 (Oct. 12, 2024). Commentary The above reported matter occurred in India. In the United States, federal laws exist to protect confidential user information including: Computer Fraud and Abuse Act: This law prohibits unauthorized access to computers and networks, which can include the theft or sale of confidential information stored on computer systems. Federal Trade Commission Act: Under Section 5(a)(1) of the FTC Act, it is considered an unfair or deceptive trade practice to misuse information collected in a confidential context for purposes not explicitly requested by the individual, without their affirmative express consent. Health Insurance Portability and Accountability Act: If the confidential information includes protected health information (PHI), selling it without authorization can violate HIPAA, which imposes strict penalties for unauthorized disclosure of PHI. Several states in the United States have enacted their own privacy laws to regulate the sale and protection of confidential consumer information: California Consumer Privacy Act (CCPA): This law gives California residents the right to know what personal data is being collected about them, to whom it is being sold, and the ability to access, delete, and opt-out of the sale of their personal data. Virginia Consumer Data Protection Act (VCDPA): This law provides Virginia residents with rights like those under the CCPA, including the right to access, correct, delete, and opt-out of the sale of their personal data. Colorado Privacy Act (CPA): This law grants Colorado residents the right to access, correct, delete, and opt-out of the sale of their personal data, and requires businesses to conduct data protection assessments for certain processing activities. Connecticut Data Privacy Act: This law provides Connecticut residents with rights to access, correct, delete, and opt-out of the sale of their personal data, and requires businesses to implement data security measures. The final takeaway is that the sale of a private information is a serious crime in the United States and many states. Organizations that store private information should take extreme care to safeguard it. Share Tweet Finally, your opinion is important to us. Please complete the opinion survey: I found this article very helpful. I found this article helpful. I did not find this article helpful.	Sign In Are you a new user? Register here User id Password Keep me signed in Retrieve password
	©2010-2025 The McCalmon Group, Inc., all rights reserved. Designated trademarks and brands are the property of their respective owners. Use of this web site constitutes acceptance of The McCalmon Group's User Agreement and Privacy Policy.

This site uses essential/technical cookies to function. Cookies allow us to provide the best experience possible and must be enabled to use this site properly. By continuing to use this site, you agree to our use of cookies. Please see our Privacy Policy or How to Enable Cookies for more information.

An error has occurred. We have been notified and are working to resolve the problem. Please return to the front page and try this action again later.

Error!

An Error has ocurred on this site.

The error has been reported to our programmers and we are working to correct it. We generally get errors fixed overnight, so please feel free to try this action again tomorrow.