Breach Notification Rule

News & Analysis as of

The February 2017 Update – The Mintz Matrix

During 2016, amendments to breach notification laws in five states went into effect (California, Nebraska, Oregon, Rhode Island and Tennessee). And by the end of last year, well over twenty states had introduced or were...more

Data Breach Notification In the EU: A Comparison of US and Soon-To-Be EU Law

In the United States Congress has repeatedly attempted, but failed, to agree on federal data breach notification legislation. As a result, there is no single federal statute that imposes a breach notification obligation on...more

EU General Data Protection Regulation (GDPR) - Overview of Key Points

A new data protection framework (the GDPR) has been adopted, significantly changing current EU laws. It will take the form of a Regulation and so will be directly applicable in all EU Member States from 25 May 2018. Once in...more

Use Data from the EU? It’s Time to Update Your Data Breach Notification Procedures

This post is the second in a three-part series. With the EU General Data Protection Regulation (GDPR) looming near for organizations that process the data of European citizens, compliance is top-of-mind for...more

TortSource: Ransomware: A Reportable Breach?

In the past several years, a huge increase has occurred in the number of electronic attacks in the United States using ransomware, a form of malware that targets and encrypts critical data and systems for the purpose of...more

HIPAA Enforcement Update (October 2016 – January 2017)

Since October 2016, the Department of Health and Human Services, Office for Civil Rights (OCR) announced four settlement agreements to resolve allegations of Health Insurance Portability and Accountability Act (HIPAA)...more

Data Breach Notification Archive Made Publicly Available Online By Massachusetts Office Of Consumer Affairs

On January 3, 2017, the Massachusetts Office of Consumer Affairs and Business Regulation announced the online public availability of data breach notification records that it receives and maintains pursuant to the...more

Cybersecurity: 2017 Report & 2016 Reflections - What Businesses and Boards Need to Know

In 2016, cybersecurity continued to grow as a primary business risk for companies worldwide. Data breaches continued to escalate both in number and magnitude and the landscape of legal and regulatory liability evolved and...more

HIPAA Small Breach Notification Due March 1: “In Like a Lion, Out Like a Lamb” if You Submit Timely

March 1, 2017 is the date by which HIPAA covered entities must notify the U.S. Department of Health and Human Services Office for Civil Rights (OCR) of “small” breaches of unsecured protected health information that were...more

"Privacy & Cybersecurity Update - January 2017"

In this edition of our Privacy & Cybersecurity Update, we discuss how the prospect of a new chair and three new commissioners at the FTC may impact the agency's approach to cybersecurity regulation, a new Massachusetts...more

HHS Reaches $2.2 Million Settlement With Life Insurance Company For Impermissible Disclosure Of ePHI

On January 18, the U.S. Department of Health and Human Services, Office for Civil Rights (“HHS OCR”) announced that it had agreed to a $2.2 million settlement with MAPFRE Life Assurance Company of Puerto Rico (“MAPFRE Life”),...more

Heighten Importance for March 1, 2017 HIPAA Small Breach Reporting Deadline

With OCR’s recent announcement of its first enforcement action for lack of timely breach notification and its increased focus on small breaches, the upcoming annual reporting deadline for small breaches takes on increased...more

China Looks to Tighten the Regulation of Cloud Services

What You Need to Know: China has issued a new draft law tightening the regulation of cloud services. The draft: ..covers onshore hosted SaaS and PaaS (but possibly not IaaS) ..imposes new restrictions on...more

Strengthening international ties – Can support increased convergence of privacy regimes

The internet has become today’s global trade route, and personal data is one of its major currencies. The growth in the digital economy is impressive. One study found that economic activity taking place over the internet is...more

2016 Data Breach Legislation Roundup: What to Know Going Forward

States were busy updating their data breach notification statutes in 2016. With 2016 in the rear view, let’s take a look back at the legislative changes that will impact corporate incident response processes and what those...more

SEC May Leverage Investigation of Yahoo! Data Breaches to Clarify Prior Guidance

The Securities and Exchange Commission (SEC) is investigating whether Yahoo! should have reported the two massive data breaches it experienced earlier to investors, according to individuals with knowledge. The SEC will...more

Top 10 for 2017 – Happy Data Privacy Day

In honor of Data Privacy Day, we provide the following “Top 10 for 2017.”  While the list is by no means exhaustive, it does provide some hot topics for organizations to consider in 2017. ...more

Lessons Learned from Recent OCR Settlements

We can learn some valuable lessons about compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) from settlements that are announced by the U.S. Department of Health and Human Services, Office...more

Recent HIPAA Enforcement Actions

The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) recently announced the first ever settlement related to a Covered Entity’s untimely breach notification in violation of HIPAA. Presence Health,...more

HHS Gets Agressive: HIPAA Audits from 2016

HHS has become more aggressive with audits, and with increased penalties, covered entities and business associates simply cannot afford an audit on HIPAA rules and regulations. In March of 2016, HHS's Office for Civil Rights...more

OMB Issues Guidelines for Preparing for and Responding to PII Breaches

On January 3, the Office of Management and Budget (OMB) issued Memorandum M-17-12, which clarifies how federal agencies should prepare for and respond to data security breaches involving personally identifiable information...more

Federal Agencies Given New Breach Response and Preparation Guidelines

The White House has made a step toward implementing in federal agencies some breach response best practices currently used in the private sector. On Jan. 3, the White House issued a memorandum (Memo) updating for the first...more

Time Waits for No One: OCR Announces First HIPAA Settlement for Lack of Timely Breach Notification

On Jan. 9, 2017, the Department of Health and Human Services Office for Civil Rights (“OCR”) announced the first HIPAA enforcement action for failure to timely report a breach. Often investigating and making formal...more

Failure to Timely Notify Results in Enforcement Action and Significant Settlement

For the first time, on January 9, 2017, the Department of Health and Human Services, Office for Civil Rights (HHS/OCR) settled a HIPAA enforcement action based on the untimely reporting of a breach of unsecured protected...more

Breach of Privacy Prompts Breach of Etiquette: DHHS Sets New Precedent in Privacy Breach Enforcement

On January 9, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) took action against a health system for non-timely reporting of a breach of protected health information. It was the first...more

466 Results
|
View per page
Page: of 19
Popular Topics

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×