Cynthia Larose

Cynthia Larose

Mintz

Contact

Readers' Choice Awards

Cybersecurity
Cybersecurity
Cybersecurity
Cybersecurity
Data Collection & Use
Cybersecurity
View Bio
RSS

Latest Posts › Risk Assessment

Share:

Further Updates to the CPPA Proposed Regulations: Risk Assessments and Automated Decisionmaking Technology

After years of internal discussion, the Board of the California Privacy Protection Agency (CPPA), at their March 8th meeting, voted to progress toward formalizing the proposed regulations on risk assessments and automated...more

3/26/2024  /  Artificial Intelligence , Automated Decision Systems (ADS) , Bias , California Privacy Protection Agency (CPPA) , Corporate Counsel , Cybersecurity , Employment Discrimination , Information Sharing , Personal Information , Policy Updates , Privacy Laws , Proposed Regulation , Risk Assessment

Major Win for California Privacy Protection Agency: Enforcement of Regulations Can Begin Immediately

If you have been relying on last year’s court order staying the ability of the California Privacy Protection Agency (CPPA) to enforce regulations promulgated under the California Privacy Rights Act (CPRA) to also stay your...more

2/16/2024  /  Audits , California Privacy Protection Agency (CPPA) , California Privacy Rights Act (CPRA) , Contract Terms , Cybersecurity , Enforcement , New Regulations , Notice Requirements , Opt-Outs , Risk Assessment , Targeted Digital Advertising

Draft Cybersecurity Audit and Risk Assessment Regulations Issued by CPPA

The California Privacy Protection Agency (CPPA) has released its agenda for the September 8 board meeting, which includes (among other topics) presentation of a draft Cybersecurity Audit Regulation and a draft Risk Assessment...more

8/30/2023  /  Artificial Intelligence , Audits , Automated Decision Systems (ADS) , California Privacy Protection Agency (CPPA) , California Privacy Rights Act (CPRA) , Cybersecurity , Data Selling , New Regulations , Personal Information , Privacy Laws , Risk Assessment , Rulemaking Process

New York Dept of Financial Services (NYDFS) Extends Cybersecurity Compliance Deadline

The NYDFS has announced that it has extended the deadline for compliance with certain cybersecurity requirements due to the coronavirus emergency. The announcement from the Superintendent of Financial Services of the State...more

4/1/2020  /  Banking Sector , Chief Information Security Officer (CISO) , Compliance , Confidential Information , Coronavirus/COVID-19 , Cybersecurity , Cybersecurity Framework , Data Protection , Disclosure Requirements , Financial Institutions , Financial Services Industry , Information Technology , Insurance Industry , Notice Requirements , NYDFS , Personally Identifiable Information , Popular , Risk Assessment , Risk Management , Third-Party Service Provider

New York Demands Coronavirus Emergency Plan from Crypto Firms by April 9th and Adds Requirements for Boards and CEOs

The New York Department of Financial Services (NYDFS) issued guidance to financial institutions engaged in virtual currency business activities, mandating that an emergency preparedness plan from each firm be submitted to...more

3/17/2020  /  Board of Directors , Coronavirus/COVID-19 , Corporate Governance , Cybersecurity , Emergency Management Plans , Financial Institutions , Infectious Diseases , Internal Controls , NYDFS , Risk Assessment

Are You Ready for the New York August 28th Compliance Deadline?  

If you are one of the many businesses licensed by the New York Department of Financial Services (DFS), and cannot avail yourself of the (very) limited exemptions, you must be ready for the first compliance transition date for...more

8/14/2017  /  Chief Information Security Officer (CISO) , Cybersecurity , Department of Financial Services , Filing Deadlines , Incident Response Plans , NYDFS , Privacy Policy , Reporting Requirements , Risk Assessment

Ransomware Attack – Quick Facts

By now, you may have heard about the global ransomware attacks affecting health care and other organizations throughout the world, in particular the United Kingdom, but also in the United States. The ransomware variant,...more

5/15/2017  /  Cyber Attacks , Hackers , Health Care Providers , Microsoft , Phishing Scams , Ransomware , Risk Assessment , UK

FTC Plants A Flag With LabMD Ruling: What This Means for Enforcement

On Friday, the heads of the Federal Trade Commission overruled the decision of the Administrative Law Judge (“ALJ”) in In the Matter of LabMd., Inc. The FTC concluded that the ALJ had erred in dismissing the Commission’s case...more

8/1/2016  /  Actual Injuries , Administrative Law Judge (ALJ) , Corporate Counsel , Data Security , Enforcement Actions , Federal Trade Commission (FTC) , FTC Act , LabMD , Risk Assessment , Section 5 , Unfair or Deceptive Trade Practices

Pay Attention to Business Associate Agreements!

For our HIPAA-covered entity readers, we have asked these questions before: Have you taken a business associate inventory? Have you undertaken a comprehensive risk assessment as required by HIPAA?...more

3/24/2016  /  Business Associates , Corrective Actions , Covered Entities , Health Insurance Portability and Accountability Act (HIPAA) , HIPAA Audits , HIPAA Breach , OCR , Risk Assessment , Settlement

Breaking Down the DOJ Cybersecurity Unit’s Guidance on Responding to Cyberattacks

Another federal agency has weighed in with “guidance” on cybersecurity preparation and breach response. The Department of Justice (DOJ) is the latest to issue guidance on how companies should respond to data breaches. The...more

5/8/2015  /  Corporate Counsel , Cyber Attacks , Cybersecurity , Data Breach , Department of Justice (DOJ) , New Guidance , NIST , Risk Assessment , Risk Mitigation

Cyber Extortion: What to Do When Your Data is Being Held for Ransom

Imagine you are the IT systems administrator of a large corporation. Coffee in hand, you sit down one morning and log in. You receive a message that there has been an intrusion into the corporate database, a large amount of...more

3/30/2015  /  Corporate Counsel , Cyber Crimes , Data Theft , Extortion , Risk Assessment , Risk Management

Privacy Wednesday

What’s that old saying … “a day late and a dollar short?” Here is our Privacy Monday roundup … on Wednesday. Office for Civil Rights HIPAA Crackdown? The Office for Civil Rights (OCR) — the enforcement arm of...more

6/18/2014  /  Department of Health and Human Services (HHS) , Health Insurance Portability and Accountability Act (HIPAA) , Hospitals , OCR , Patient Privacy Rights , Privacy Laws , Risk Assessment , Settlement

The New HIPAA Omnibus Rule & Your Liability — A Detailed Review

As we have reported in this blog, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently released final regulations containing modifications to the HIPAA Privacy, Security, Enforcement, and...more

2/18/2013  /  Business Associates , Cloud Computing , Covered Entities , Data Breach , Department of Health and Human Services (HHS) , Employee Retirement Income Security Act (ERISA) , Fundraisers , HIPAA Omnibus Rule , HITECH Act , Marketing , Notice Requirements , OCR , PHI , Privacy Rule , Risk Assessment , Subcontractors , Training
13 Results
 / 
View per page
Page: of 1

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide