Compliance Data Security

Compliance programs typically refer to formalized institutional procedures within corporations and organizations to detect, prevent and respond to indvidual and widespread instances of regulatory... more +
Compliance programs typically refer to formalized institutional procedures within corporations and organizations to detect, prevent and respond to indvidual and widespread instances of regulatory violations.  In response to many corporate scandals evidencing rampant unethical business practices, many nations, including the United States, began passing strict regulatory frameworks aimed at curbing these abuses. Notable pieces of legislation in this area include the U.S. Foreign Corrupt Practices Act (FCPA), Sarbanes-Oxley (SOX), and the U.K. Bribery Act, to name a few. The foregoing statutes and the severe penalties often associated with them form the basis of many modern institutional compliance programs. less -
News & Analysis as of

OIG report spurs OCR to announce phase 2 audits

On September 29, it was revealed that the HHS Office for Civil Rights (OCR) will commence Phase 2 of its HIPAA audit program in “early 2016.” OCR’s revelation regarding the Phase 2 audits, which had been the subject of...more

EXPECT FOCUS: Onboard Technology, NAIC Cybersecurity, DOL, ACA Litigation, SEC Regulation (Vol. III, Summer 2015)

In This Issue: IN THE SPOTLIGHT - - Your Data Breach Collided With My Personal Injury Coverage LIFE INSURANCE - - Phantom Injury Dooms “Shadow Insurance” Case - Latest NAIC Cybersecurity News - A...more

OIG Calls for Stronger HIPAA Compliance Efforts

The OIG has issued two reports calling for stronger ONC oversight of covered entity compliance with HIPAA standards. In the first report, “OCR Should Strengthen Its Oversight of Covered Entities’ Compliance with the HIPAA...more

States Continue To Grapple With Data Breach Notification Issues

Connecticut’s data breach notification law currently requires notification “without unreasonable delay.” Effective October 1, 2015, Connecticut will (a) require notice of any breach of security not only “without unreasonable...more

CA AG Requires Chief Privacy Officer and Privacy Compliance Program

California’s Attorney General, Kamala Harris, has required Houzz, a home décor information and e-commerce website and mobile app publisher, to hire a chief privacy officer (CPO), conduct a company-wide privacy assessment, and...more

SEC brings first cybersecurity-related enforcement action

The Securities and Exchange Commission (“SEC”) recently settled its first cybersecurity-related enforcement action against a Missouri based registered investment adviser, R.T. Jones Capital Equities Management, Inc. (the ...more

European Union Advocate General Calls For High Court to Rule U.S.-EU Data Sharing Program Invalid

In an opinion that has the potential to seriously disrupt how U.S. companies can share data from Europe, on September 23, Advocate General (AG) Yves Bot of the Court of Justice of the European Union (CJEU) declared that the...more

EU–US Safe Harbor About to be Struck Down?

Thousands of U.S. and European companies who rely on the EU–US Safe Harbor Framework to permit the transfer of personal data from the EU to the U.S., have come a step closer to seeing the transfer mechanism struck down....more

SEC’s Increased Cybersecurity Enforcement and How to Reduce Your Risks

The SEC announced last week that an investment adviser had agreed to settle charges that it failed to take required steps to protect against and respond effectively to a cybersecurity breach. The action comes on the heels of...more

The SEC OCIE Announces Increased Scrutiny of Broker-Dealers’ and Investment Advisers’ Cybersecurity Programs

On September 15, 2015, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) issued a National Exam Program Risk Alert (2015 Risk Alert) to provide broker-dealers and investment...more

Schrems v. Irish Data Protection Commissioner: some further thoughts

As the dust begins to settle after the headline-grabbing Advocate General opinion in the Schrems v. Irish Data Protection Commissioner it may be worth considering some of the other potential implications arising from that...more

TN Ethics Opinion Approves Lawyers’ Cloud Storage of Client Data

Tennessee has joined other states in formally approving lawyers’ cloud-storage of client-confidential data. The Board of Professional Responsibility (“BOPR”) held that lawyers ethically may use cloud storage for...more

Evolving Litigation of Data Breach Claims

An Illinois circuit court judge has dismissed five of six claims in a consolidated class action against Advocate Health and Hospital Corporation arising from a data breach in July 2013. The judge’s dismissal with prejudice...more

SEC Releases First Cybersecurity Enforcement Action for Failure to Protect Client Data

The SEC’s focus in the action was not on the manner of the firm’s responses to the breach or whether there was any actual harm, but predominantly on the adequacy of the firm’s written policies for safeguarding customer...more

OCIE’s 2015 Cybersecurity Examination Initiative

On September 15, 2015, the Securities and Exchange Commission’s (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) released a Risk Alert (the “2015 Risk Alert”) that announced its second round of cybersecurity...more

Securities Litigation and Enforcement Newsletter

A CD or not a CD, That is the Question… That the Auditors Should Have Answered - A headline-grabbing SEC enforcement action last week against BDO USA and several of its national partners may lead audit firms to insist on...more

OCR Enters into $750,000 Settlement with Physician Practice for HIPAA Violations

On September 2, the Department of Health and Human Services Office of Civil Rights (OCR) announced a settlement with Cancer Care Group, P.C., a thirteen-physician oncology practice in Indiana related to violations of the...more

SEC Continues to Focus on Cybersecurity Risks

On September 15, the U.S. Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) issued a risk alert regarding the SEC’s ongoing cybersecurity examinations of registered broker-dealers...more

OCIE to Conduct More Cybersecurity Exams

This week the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) announced a second-round of cybersecurity examinations, continuing its initiatives on the issue. The move follows the SEC’s: March 2014 roundtable...more

OCR settlement reiterates importance of proactive security rule compliance

On September 2, 2015, the U.S. Department of Health & Human Services (HHS) announced that Cancer Care Group, P.C. (CCG), a physician practice located in Indiana, agreed to pay $750,000 as part of a settlement to resolve...more

Cybersecurity Update: National Futures Association Proposes Cybersecurity Guidance Setting Forth General Requirements for Member...

The National Futures Association (“NFA”) submitted to the Commodity Futures Trading Commission (“CFTC”) on August 28, 2015 a proposed Interpretive Notice (“Proposed Guidance”) for CFTC’s approval, which provides guidance to...more

SCRA Compliance, Cybersecurity, and Responsible Innovation Remain Top Priorities at OCC

On August 31, Grovetta Gardineer, the OCC’s Deputy Comptroller for Compliance Operations and Policy, delivered remarks at the Association of Military Bankers of America annual workshop in Leesburg, VA. Throughout her...more

Interim rule requires Department of Defense contractors to report cyber breaches

Companies doing business with the U.S. Department of Defense are facing new requirements for reporting data security breaches and for acquiring cloud computing services. The Interim Rule, effective August 26, 2015, amends the...more

$750,000 Settlement Agreement Reiterates Importance of HIPAA Security Rule Compliance

On September 2, 2015, the U.S. Department of Health and Human Services ("HHS") announced that it had entered into a Settlement Agreement with an Indiana-based medical practice for alleged violations of the Health Insurance...more

Russia’s new data law

Russia’s new Data Localisation Law went live yesterday on 1 September. Many companies with operations in Russia are scratching their heads about how to comply. The Basics - The new law applies to businesses with a...more

47 Results
View per page
Page: of 2

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.