Compliance Data Protection

Compliance programs typically refer to formalized institutional procedures within corporations and organizations to detect, prevent and respond to indvidual and widespread instances of regulatory... more +
Compliance programs typically refer to formalized institutional procedures within corporations and organizations to detect, prevent and respond to indvidual and widespread instances of regulatory violations.  In response to many corporate scandals evidencing rampant unethical business practices, many nations, including the United States, began passing strict regulatory frameworks aimed at curbing these abuses. Notable pieces of legislation in this area include the U.S. Foreign Corrupt Practices Act (FCPA), Sarbanes-Oxley (SOX), and the U.K. Bribery Act, to name a few. The foregoing statutes and the severe penalties often associated with them form the basis of many modern institutional compliance programs. less -
News & Analysis as of

How to protect your business against cyber crime

The Internet is an amazing thing. People can gather and share information. You can market and sell goods. You can communicate in real time with people on the other side of the world. ...more

Florida’s New Data Breach Notification Requirements Take Effect July 1

On June 20, 2014, Florida Governor Rick Scott signed the Florida Information Protection Act of 2014 (FIPA) into law. FIPA imposes stringent new security and notice requirements on businesses and employers that maintain...more

Boards of Directors Charged with Cybersecurity Risk Management by SEC Commissioner

Last week, SEC Commissioner Luis Aguilar outlined expectations for directors of public companies to manage cybersecurity risk. If you think it is enough that a board of directors reviews annual budgets for privacy and IT...more

Security Breach Notification Chart - Revised June 2014

Perkins Coie's Privacy & Security practice maintains a comprehensive chart that summarizes state laws regarding security breach notification. The chart is for informational purposes only and is intended as an aid in...more

SEC Commissioner Calls on Corporate Boards to Address Cybersecurity—Refers to NIST Cyber Framework as “the Bible”

While attending the "Cyber Risks and the Boardroom" Conference at the New York Stock Exchange on Tuesday, June 10, 2014, U.S. Securities and Exchange Commissioner Luis Aguilar called on corporate boards to make sure they are...more

SEC Requires Greater Disclosure of Cyber Events

Cyber is still a relatively young risk and the various stakeholders in cyber-risk are at times, still trying to determine their particular role. This includes the officers and/or directors of companies for establishing...more

Perspectives - June 2014

In This Issue: - Staying in Compliance While Giving or Receiving Electronic Health Record Systems - When Donations Cross the Line - House Bill 296 Signed into Law to Increase Access to Epinephrine Autoinjectors...more

Policyholders Face Heightened Scrutiny Under OCR’s New Permanent Audit Program

The U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) has notably increased enforcement of compliance with the Health Insurance Portability and Accountability Act (“HIPAA”) and Health Information...more

Will the Cybersecurity Framework Create a New Standard Operating Procedure for Businesses?

On February 12, 2013, President Barack Obama issued Executive Order 13636 (EO 13636) entitled “Improving Critical Infrastructure Cybersecurity.”EO 13636 noted the importance of cybersecurity for the nation’s security and...more

Ignoring XP End Of Life May Make Your Company An Attractive Target

On April 8, Microsoft officially ended all support and ceased providing updates for their Windows XP operating system. This “end of life” (EOL) announcement is not uncommon with software platforms, where continued support of...more

SEC Takes Proactive Approach to Cybersecurity

Last month, the Securities and Exchange Commission’s (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) formally announced its cybersecurity initiative in a Risk Alert. The initiative followed up on OCIE’s...more

The GPMemorandum, Issue 180

In This Issue: - Franchisor Uses Uniform Domain-Name Dispute-Resolution Policy To Obtain Control Over Infringing Domain: A franchisor whose trademark was being infringed in a domain name recently obtained...more

Why Do I Need a Business Associate Agreement? Ensuring Your Business is HIPAA and HITECH Compliant

Many companies have recently begun receiving Business Associate Agreements from healthcare entities, including hospitals, clinics, physician offices, public health facilities and similar types of organizations. Business...more

HHS announces new risk assessment tool for HIPAA security compliance

Recently, the Department of Health and Human Services released an interactive security risk assessment tool intended to assist employers who sponsor self-insured group health plans in complying with their HIPAA security rule...more

Physical Therapy Provider Enters into HIPAA Settlement

U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently announced yet another enforcement action. Specifically, OCR opened a compliance review of Concentra Health Services (Concentra) upon...more

Is Your HIPAA Compliance Program Going Out the Window with XP?

April 8, 2014 marks the end of Microsoft’s support for the Windows XP operating system, which means the end of security updates from Microsoft and the beginning of new vulnerability to hackers and other intruders into systems...more

HHS's New Security Risk Tool for HIPAA Compliance

On March 28, 2014, the HHS Office of the National Coordinator for Health Information Technology (ONC), in conjunction with the HHS Office for Civil Rights (OCR), released a Security Risk Assessment tool (SRA tool) to assist...more

Can covered entities run Windows XP and remain HIPAA compliant?

Microsoft recently announced that, after April 8, 2014, it will not longer provide security updates or technical support for Windows XP. Microsoft’s statement that “businesses that are governed by regulatory obligations such...more

French Employers: Only Three Months Left to Set Up a Single Database | Base de données unique : plus que trois mois pour la mettre...

French law requires companies with 300 or more employees to set up a single database for economic and employment information by no later than 14 June 2014. The French Job Security Act of 14 June 2013, which codified...more

U.K. Law for the U.S. Employer, Part II: Discrimination, Data Privacy, and Termination Rights

Part one of this three-part series covered the basic principles of employment laws in the United Kingdom and the minimum benefits and rights to which employees are entitled. Part two covers a number of employers’ obligations...more

Whistleblowing and Data Privacy in France: A New Pragmatic Approach for Employment and Discrimination Claims

The French data protection authority has extended the scope of whistleblowing protections to employment and discrimination claims. ...more

Top Legal Issues Facing Suppliers in 2014

We know that you have been considering what business and commercial issues you will face in 2014 (and perhaps beyond) as an Automotive Supplier. But, have you been considering what legal issues you are likely to face? Do you...more

Privacy And Data Security For Life Sciences And Health Care Companies

Pepper Hamilton Health Care-Life Sciences Webinar - The explosion of mobile technology and Web applications linking patients with doctors, pharmacies and medical devices is undergoing scrutiny by the FDA, FTC, HHS and...more

FINRA Conducting Cyber-Security Sweep Exam

Reacting in part to recent data-breaches and cyber-attacks on larger retailers, the Financial Industry Regulatory Authority (“FINRA”) is conducting a targeted examination of some 20 broker-dealer member firms’ compliance and...more

What is “Expedient” Notification of a “Data Breach?”

One of the first questions companies ask us when we are hired to help them respond to a new security incident is how fast they have to notify if the investigation shows that a “breach” occurred. Except for a couple of states...more

108 Results
|
View per page
Page: of 5