Breach Notification Rule Data Breach

News & Analysis as of

OMB Issues Guidelines for Preparing for and Responding to PII Breaches

On January 3, the Office of Management and Budget (OMB) issued Memorandum M-17-12, which clarifies how federal agencies should prepare for and respond to data security breaches involving personally identifiable information...more

Federal Agencies Given New Breach Response and Preparation Guidelines

The White House has made a step toward implementing in federal agencies some breach response best practices currently used in the private sector. On Jan. 3, the White House issued a memorandum (Memo) updating for the first...more

Time Waits for No One: OCR Announces First HIPAA Settlement for Lack of Timely Breach Notification

On Jan. 9, 2017, the Department of Health and Human Services Office for Civil Rights (“OCR”) announced the first HIPAA enforcement action for failure to timely report a breach. Often investigating and making formal...more

Failure to Timely Notify Results in Enforcement Action and Significant Settlement

For the first time, on January 9, 2017, the Department of Health and Human Services, Office for Civil Rights (HHS/OCR) settled a HIPAA enforcement action based on the untimely reporting of a breach of unsecured protected...more

Breach of Privacy Prompts Breach of Etiquette: DHHS Sets New Precedent in Privacy Breach Enforcement

On January 9, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) took action against a health system for non-timely reporting of a breach of protected health information. It was the first...more

Time is of the Essence When Reporting a Breach of PHI

The failure to timely report a breach of unsecured protected health information (PHI) has cost Presence Health (one of the largest health systems in Illinois) almost half of a million dollars. Earlier this month,...more

Three-Month Delay Means Health Network Must Pay

A delay in reporting a HIPAA violation can result in a significant monetary penalty. That was the message sent by the Office for Civil Rights (OCR), which recently announced the first HIPAA settlement based on the untimely...more

Cyber Alert: 2016 Breach Roundup, Part II: U.S. and EU Data Breach Notification Regulations Highlights and Trends

Frameworks requiring breach notifications of various kinds significantly expanded in scope in 2016 at both the state and federal levels. However, at least in the U.S., some of the new federal requirements may not be in place...more

Massachusetts Data Breach Notification History Now Available Online

The Massachusetts Office of Consumer Affairs and Business Regulation (OCABR) has published an online list of data breach notifications issued each year to Massachusetts residents since 2007, the inception of the...more

Massachusetts Breach Notifications Will Now Be Publicly Available Online

On Jan. 3, 2017, the Massachusetts Office of Consumer Affairs and Business Regulation announced that it will begin making its data breach notification archive publicly available online. Previously, data breach notifications...more

Three States Join Others to Expand Personal Information Definition to Include Usernames or Email Addresses

Businesses should take steps to protect usernames, email addresses, passwords, and security questions and answers. A key issue in determining whether notification is required following a data breach is whether...more

International Employers in Scope of the GDPR: Are You Ready?

The GDPR harmonizes data protection laws across the EU and updates the current 20-year-old regime to take account of globalization and the ever-changing technology landscape. It will apply not only to EU companies, but to...more

HHS OCR Levies Significant HIPAA Penalties in a Series of Recent Settlements: Covered Entities and Business Associates Alike...

Between June and November 2016, the Department of Health and Human Services Office of Civil Rights (HHS OCR) has announced seven high-dollar settlements to resolve alleged violations of the HIPAA privacy, security, and breach...more

2016 Breach Roundup, Part I: U.S. State Data Breach Notification Laws Highlights and Trends

In many respects, 2016 has been a remarkable year, but one constant with recent history is that multiple states (six this year) amended their breach notification statutes. As is commonly stated, the U.S. ...more

HHS Issues Warning About Phishing Campaign Disguised As Official Communication

As part of its efforts to assess compliance with the HIPAA Privacy, Security and Breach Notification Rules, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) engages in audits of covered...more

More on HIPAA Audits for 2016 and 2017–Desk Audits and On-Site Audits

As part of the ongoing HHS OCR HIPAA audit initiative, it is conducting “HIPAA desk audits.” These audits don’t involve auditors coming in your facility. Instead, covered entities are being asked to submit documents on...more

Data Security and Breach Notification Requirements of New FCC Privacy Order May Present Immediate Implementation Challenges for...

As ISPs continue to absorb the scope of the FCC’s recent Privacy Order (the “Order”), one immediate question presents itself: what steps must ISPs take to begin implementing the data security and breach notification...more

BIAS Rules: New FCC Regulations on Broadband Customer Privacy

On October 27, 2016, the Federal Communications Commission (“FCC” or “Commission”) adopted sweeping new privacy rules applicable to all telecommunications providers including broadband internet access service (“BIAS”) and...more

Hotly Anticipated Broadband Privacy Order Released by FCC

On Nov. 2, 2016, the FCC released its long-awaited broadband privacy Order and rules by a 3-2 vote. The Order comes nearly 18 months after the Commission moved to reclassify broadband internet access service (“BIAS”) as a...more

FTC Provides Nonbinding Materials to Help Businesses Defend Against and Respond to Data Breaches

On October 25, 2016, the Federal Trade Commission (FTC) released its nonbinding “Data Breach Response” guide with an accompanying blog post and video, all directed to help businesses prepare a data breach response plan. The...more

The FTC Offers Businesses Tips on How to Respond to a Data Breach

It seems like managing data breaches has become a part of doing business these days. From the October denial of service attack on Dyn (a company that provides core internet services to companies like Twitter, Spotify and...more

Alert: FCC Releases Sweeping Privacy Order

The Federal Communications Commission has released a 177-page order detailing new privacy and data security rules. It is important to note that these new rules not only apply to providers of broadband internet access service...more

Recent HIPAA Settlements Highlight Importance Of Business Associate Agreements

Two related healthcare companies were forced to pay settlements with the federal government totaling over $500,000 over allegations relating to a data breach involving patient health information. Much of the negative...more

"Privacy & Cybersecurity Update - October 2016"

In this edition of our Privacy & Cybersecurity Update, we take a look at the FCC's new rules for broadband privacy, the FTC's new playbook for data breach response and notification, the NHTSA's voluntary guidance for...more

Alert: FTC Issues Business Guide for Responding to Data Breaches

The Federal Trade Commission ("FTC") has released a 16-page guide on steps that businesses should take once a data breach has occurred. The FTC's guidance addresses three primary areas: securing operations, fixing...more

302 Results
|
View per page
Page: of 13
Popular Topics

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×