Today the EU General Data Protection Regulation (GDPR) goes into effect, ending the data protection landscape as we know it. This comprehensive privacy law applies directly to the 28 EU countries and companies established in...more
5/25/2018
/ Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Oversight ,
Regulatory Requirements ,
Risk Management
The Federal Trade Commission (“FTC”) released an updated version of its guidance on complying with the Children’s Online Privacy Protection Act (“COPPA”) on June 21, 2017. Companies that collect personal information from...more
7/3/2017
/ COPPA ,
Data Collection ,
Data Protection ,
Federal Trade Commission (FTC) ,
Mobile Apps ,
Notice Requirements ,
Online Safety for Children ,
Parental Consent ,
Personally Identifiable Information ,
Privacy Policy ,
Websites
President Trump recently signed the Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. The Order sets forth the Trump Administration's policy for cybersecurity of...more
5/18/2017
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
Executive Orders ,
Hackers ,
Popular ,
Risk Management ,
Trump Administration
Cloud service providers that process electronic protected health information (ePHI) are business associates under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), even if the PHI is encrypted and the...more
11/7/2016
/ Breach Notification Rule ,
Business Associates ,
Cloud Computing ,
Cloud Service Providers (CSPs) ,
Covered Entities ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Encryption ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
PHI ,
Risk Assessment ,
Service Agreements
In an anticipated guidance, the United Kingdom's Information Commissioner's Office (ICO) updated its code of practice for privacy notices titled Privacy notices, transparency and control (the Code). Significantly, the ICO has...more
10/18/2016
/ Best Practices ,
Data Protection ,
Data Transfers ,
Disclosure Requirements ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Internet of Things ,
Notice Requirements ,
Privacy Policy ,
Third-Party Risk ,
UK ,
Websites
The Federal Trade Commission (FTC) has issued orders to obtain information about the process by which businesses audit their compliance with the Payment Card Industry Data Security Standards (PCI DSS) and the role of such...more
The European Commission (EC) has released details of the EU-U.S. Privacy Shield, a new framework under which personal data may be transferred from the European Union (EU) to the United States. The Privacy Shield replaces the...more
President Obama's Cybersecurity National Action Plan (CNAP), a comprehensive plan to address the nation's cybersecurity challenges through increased funding, a more robust cybersecurity workforce, and education initiatives,...more
In a landmark decision that threatens to undo the process by which American companies handle personal data flowing from the European Union, the Advocate General (AG) of the European Court of Justice (ECJ) issued an advisory...more
10/1/2015
/ Advocate General ,
Better Business Bureau ,
Cybersecurity ,
Data Protection ,
Data Security ,
Data Transfers ,
Edward Snowden ,
EU Data Protection Laws ,
European Court of Justice (ECJ) ,
Facebook ,
Federal Trade Commission (FTC) ,
National Security Agency (NSA) ,
Personal Data ,
PRISM Program ,
Safe Harbors ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework