Colin J. Zick

Colin J. Zick

Foley Hoag LLP

Contact  |  View Bio  |  RSS

Latest Publications


Sharing Consumer Health Information? Look to HIPAA and the FTC Act

Does your business collect and share consumer health information? Check out these tips from the FTC for complying with HIPAA and the FTC Act....more

10/24/2016 - Covered Entities Data Collection Enforcement FTC Health Care Providers HIPAA Privacy Policy Privacy Rule

Quick Thoughts About the Yahoo Breach

Another day, another 500 million Yahoo accounts reached. Our friends at the FTC are right on top of this with guidance for individuals with Yahoo accounts. First and foremost, change your Yahoo password....more

9/23/2016 - Breach Notification Rule Data Breach FTC Yahoo!

Bad News for HIPAA Business Associates: HHS OCR Announces $650,000 Settlement for BA Breach

Catholic Health Care Services of the Archdiocese of Philadelphia (“CHCS”), a HIPAA business associate, has agreed to pay the Department of Health and Human Services Office of Civil Rights (“OCR”) $650,000 in connection with a...more

7/5/2016 - Data Breach Data Protection HHS HIPAA Mobile Devices OCR PHI Risk Management Settlement

Cybersecurity News and Notes – June 2016

In Case You Missed It: US and EU officials signed on to the so-called “Privacy Umbrella” deal last week. The agreement is designed to protect the personal data of EU citizens when it is transferred to the US for law...more

6/7/2016 - Cybersecurity Data Protection Enforcement Actions EU Facebook Hackers International Data Transfers LinkedIn Mark Zuckerberg Personal Data Privacy Umbrella Ransomware Social Media

HHS OCR Launches Phase 2 of HIPAA Audit Program–So What?

You have seen all the hysterical headlines — “The HIPAA audits are coming, the HIPAA audits are coming….” But when you really think about it, what is the big deal? If you are a HIPAA covered entity, you surely know by now...more

3/26/2016 - Business Associates Covered Entities HHS HIPAA HIPAA Audits HITECH OCR

Challenging the Conventional Wisdom on Mandatory Password Changes

Very interesting thought piece from the FTC’s Chief Technologist. Do mandatory password resets actually make us less secure? ...more

3/4/2016 - Cybersecurity FTC Passwords

President Obama Signs the Judicial Redress Act (H.R.1428/S.1600)

As part of implementing the EU-US Privacy Shield, on February 24, 2016, President Obama signed the Judicial Redress Act (H.R.1428/S.1600). This law is designed to give EU citizens the right to sue the U.S. government for...more

2/26/2016 - Barack Obama Data Protection EU EU-US Privacy Shield International Data Transfers Judicial Redress Act Personal Data Umbrella Agreement

In Cybersecurity, No Harm Does Not Necessarily Mean No Foul

How much does the question of harm matter in cybersecurity law? The answer is: It depends on who is bringing the claim. Businesses confronting data breaches can face litigation from private consumers as well as from...more

2/18/2016 - Article III Clapper v. Amnesty International Cybersecurity Data Breach Enforcement Actions FTC v Wyndham Injury-in-Fact LabMD Neiman Marcus SEC Standing Unfair or Deceptive Trade Practices Wyndham

The Cybersecurity Act of 2015: Implications for Threat Sharing

On December 18, 2015, President Obama signed the Cybersecurity Act of 2015 (The “Act”), legislation designed to combat online threats to the federal government, state and local governments, and private entities. Within the...more

2/4/2016 - Cyber Threats Cybersecurity Cybersecurity Information Sharing Act (CISA) Exemptions Government Entities New Legislation Private Sector

EU Commission and United States agree on new framework for transatlantic data flows: EU-US Privacy Shield

What follows below is the EU’s press release regarding the agreement on a replacement for the EU-US Safe Harbor. We are working to get details and will schedule a webinar on the new framework shortly....more

2/3/2016 - Data Protection Authority EU EU-US Privacy Shield European Commission European Court of Justice (ECJ) FTC International Data Transfers Personal Data Press Releases Surveillance U.S. Commerce Department US-EU Safe Harbor Framework

EU Safe Harbor Update: No Solution in January?

As we have noted previously, in the wake of the ECJ’s decision that undid the US-EU Safe Harbor, we were told that there would be no enforcement of the EU Directive until after January 31, to allow the US and EU to hammer out...more

1/19/2016 - Article 29 Working Party (WP29) Enforcement EU EU Data Protection Laws EU Directive International Data Transfers Moratorium US-EU Safe Harbor Framework

Phishing for Christmas

As the Wall Street Journal noted yesterday, banks are being deluged with phishing attacks. These attacks are especially fierce around the holiday season, when more personnel are absent and normal procedures are ignored or...more

12/23/2015 - Banks Email FBI Phishing Scams Popular Security and Privacy Controls Social Media Wire Transfers

The European Court of Justice Invalidates Safe Harbor

The European Court of Justice has just issued a decision (ECJ 6 October 2015 Case C-362/14, Maximillian Schrems v. Data Protection Commissioner) that invalidates the so-called US-EU “Safe Harbor” system. Suddenly, what 3,500...more

10/7/2015 - Binding Corporate Rules Data Privacy Data Protection Authority Data Security Edward Snowden EU EU Data Protection Laws European Commission European Court of Justice (ECJ) International Data Transfers Personal Data SCC Surveillance U.S. Commerce Department US-EU Safe Harbor Framework

What is reasonable? The emerging legalities of cybersecurity post-Wyndham

This month’s edition of the Advanced Cyber Security Center’s newletter includes my discussion of lessons to be learned from the Wyndham decision: Historically, security was an issue reserved in a back room for the IT...more

10/1/2015 - Cyber Attacks Cyber Threats Cybersecurity Data Breach Data Collection Data Privacy Data Protection Data Security FTC FTC v Wyndham Hackers Identity Theft Personally Identifiable Information Privacy Policy SEC Unfair or Deceptive Trade Practices

Reflections on “Privacy in the Modern Age”

With the heart of the summer vacation season upon us, it seems like a good time for some reflection. Here, it comes in the form of excerpts from an essay by privacy maven, Deborah Hurley. The one time Director of the Harvard...more

7/1/2015 - Human Rights Code Privacy Concerns Privacy Laws Right to Privacy

Surprise Bills Laws Enacted in California and New York

What Do They Mean for Providers? - Both California and New York have recently enacted so-called “Surprise Bills Laws” that require out-of-network providers to give notice to patients that a particular item or service...more

5/13/2015 - Billing Health Insurance Healthcare New Legislation Out of Network Provider

Massachusetts Legislation Proposes Cost Disclosures and Price Caps for Prescription Drugs

The Massachusetts Legislature is currently considering Senate Bill 1048, “An Act to Promote Transparency and Cost Control of Pharmaceutical Drug Prices.” The bill, sponsored by State Senator Mark Montigny, Vice Chair of the...more

4/29/2015 - Disclosure Requirements Healthcare Pending Legislation Pharmaceutical Industry Prescription Drugs

Now's the Time to Review Your OFAC Compliance Program

Obama Executive Order Targets International Cyberattacks Against U.S. with New Sanctions - New Sanctions Are Part of U.S. Escalation of Efforts to Bolster Cyber-Security: As part of a series of measures aimed at...more

4/8/2015 - Barack Obama Blocked Person Cyber Attacks Cybersecurity Executive Orders National Security OFAC Sanctions SDN List

HIPAA Compliant Technology and the Importance of Encryption

We welcome this guest blog by Gene Fry, Compliance Officer, Scrypt, Inc. The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for protecting sensitive patient data. This means that any...more

2/24/2015 - Business Associates Covered Entities Cybersecurity Data Breach Data Protection Electronic Medical Records Electronically Stored Information Encryption HIPAA HITECH PHI

Update on President Obama’s “Summit on Cybersecurity and Consumer Protection,” Part II: The Executive Order

As a follow up to our summary of the key takeaways from the White House’s first Summit on Cybersecurity and Consumer Protection, the centerpiece of which was President Obama’s signing of a new Executive Order, “Promoting...more

2/18/2015 - Barack Obama Cybersecurity Cybersecurity Framework Cybersecurity Summit Executive Orders Information Sharing Private Sector

SEC Office of Compliance Inspections and Examinations Releases Cybersecurity Examination Sweep Summary of Investment Advisers and...

Our colleagues Catherine M. Anderson and Kate Leonard of our Investment Management group have summarized the February 3, 2015 findings by the Office of Compliance Inspections and Examinations (OCIE) of its Cybersecurity...more

2/6/2015 - Broker-Dealer Cybersecurity Investment Adviser OCIE Risk Alert SEC

FDA Issues Draft Guidance on Medical Device Accessories

On January 16, 2015, the Food and Drug Administration (FDA) issued a draft guidance document titled “Medical Device Accessories: Defining Accessories and Classification Pathway for New Accessory Types.” The draft guidance...more

1/23/2015 - Draft Guidance FDA Medical Devices

Life Sciences Alert FDA Issues Draft Guidance on General Wellness Products

On January 16, 2015, the Food and Drug Administration (FDA) issued a draft guidance document titled “General Wellness: Policy for Low Risk Devices.” The draft guidance carves out a category of products, deemed “general...more

1/23/2015 - Draft Guidance FDA FDCA Life Sciences Software Wellness Programs

38 Results
View per page
Page: of 2

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.