Data Breach Compliance

News & Analysis as of

New Guidance for Financial Institution Directors and Officers In Cybersecurity Preparedness

Earlier this summer, the Federal Financial Institutions Examination Council (FFIEC) released its highly anticipated Cybersecurity Assessment Tool (Assessment), which is designed to assist financial institutions in identifying...more

South Korea introduces further data protection breach penalties to encourage compliance, and issues mobile app guidance

Ever since January 2014, when South Korea’s credit card industry lost huge amounts of customer data during a data breach, the South Korean government has been gradually announcing stricter penalties for those who run afoul of...more

Seventh Circuit rules hospital system is not a Consumer Reporting Agency under FCRA

Is a hospital a “consumer reporting agency”? Can a health care provider be liable under the Fair Credit Reporting Act (FCRA) in the event of a data breach? The Seventh Circuit Court of Appeals recently considered these...more

OMB Issues Guidance on Government Contractors’ Cybersecurity Systems

The Office of Management and Budget (OMB) released a draft guidance document on Aug. 11, 2015, titled “Improving Cybersecurity Protection in Federal Acquisitions” (the “OMB Guidance”). The OMB Guidance instructs agencies on...more

The ABCs of COPPA Compliance

In today’s environment – when data breaches seem to be in the news nearly every day – the media, regulators and many others are hyper-focused on privacy issues. Schools and educational institutions are no exception when it...more

Our July Picks for the Top 10 Ethics and Compliance Articles You Don’t Want to Miss

Picking this month’s top 10 was really, really hard. However, since I knew you wouldn’t appreciate a 12 page list of recommendations, I forced myself to narrow it down. Here are July’s top ten articles we think you shouldn’t...more

HIPAA Settlement Regarding Use of Internet Applications

On July 10, 2015, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced a settlement agreement with St. Elizabeth's Medical Center (SEMC) in Brighton, Massachusetts, regarding potential...more

Recent HHS Settlement Highlights Risks of Electronically-Sharing Protected Health Information

On July 10, 2015, the United States Department of Health and Human Services Office for Civil Rights (OCR) announced its second settlement of the year for violations of the Health Insurance Portability and Accountability Act...more

Use of File-Sharing Service Leads To $218,400 Fine For HIPAA Violations

Internet-based file-sharing services such as Dropbox and Google Drive can be easy and convenient to use, whether via the touch of an app on a mobile device or by opening a browser on a PC. Healthcare professionals are often...more

Massachusetts Hospital Agrees to Six-Figure Payment Related to HIPAA Compliance Allegations

St. Elizabeth’s Medical Center (SEMC), a tertiary care hospital based in Brighton, Mass., agreed to pay $218,400 to address deficiencies in its HIPAA compliance activities. The SEMC settlement continues a pattern of...more

Connecticut Imposes New Data Security Obligations

New law will require consumer breach notice within 90 days, identity theft protection for consumers,“kill switch” for smartphones, and implementation of data security programs for certain health providers, state agencies and...more

PIPEDA Amendments In-Force

Amendments to Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) are frequently proposed but just as frequently die on the order paper. Bill S-4, which proposed the most significant amendments to...more

A Year in Review: Key HIPAA Settlement Agreements by HHS’s Office for Civil Rights

The U.S. Department of Health and Human Services Office for Civil Rights had another busy year in 2014. More resolution agreements were signed by HHS and Covered Entities than in the previous year, and several Covered...more

Why Reputation Risk is Quickly Climbing the Ethics and Compliance Priority List, Part 3 | Beyond Compliance Training

So far in this series, we’ve discussed why companies are adopting a more public focus on ethics and compliance, how reputational risk can impact a company and its brand, and the first three elements of a five-part framework...more

Cybersecurity Oversight: What is a Board of Directors to Do?

Cybersecurity and the risks of data breaches figured prominently at the 35th Annual Ray Garrett Corporate and Securities Law Institute held April 30, 2015, at Northwestern Law School in Chicago. Participating in a panel...more

Employee Benefits Developments - April 2015

Health Insurance Company’s HIPAA Breach Affects Millions. At the end of January, a national BlueCross BlueShield affiliate, Anthem, Inc., discovered that its information technology systems were hacked. The information...more

FINRA Issues Cybersecurity Practices Report And Investor Guidance

On February 3, the Financial Industry Regulatory Authority (“FINRA”) issued two publications concerning cybersecurity risks at financial firms. The Report on Cybersecurity Practices presents the results of FINRA’s 2014...more

SEC and FINRA Publish Materials Addressing Cybersecurity

Twin reports provide a roadmap to best practices. U.S. financial markets and participants, much like other segments of the U.S. economy, are prime targets for technological hacks, intrusions, and breaches that can occur...more

Data Privacy And Cybersecurity For Investment Funds

In This Presentation: - WHY IS DATA PRIVACY AND SECURITY IMPORTANT? ..Why is it important to protect data? ..SEC Cybersecurity Risk Alert ..FINRA Scrutiny - BEFORE THE BREACH ...more

California Attorney General Releases 2014 Data Breach Report and Recommendations, Finding More of the Same.

On October 28, 2014, Attorney General Kamala Harris released the second annual California Data Breach Report. The report detailed the nature and scope of data breach notifications that her office received in 2013. Her office...more

Data Privacy: The Next Frontier of Corporate Compliance [Video]

Companies are collecting more and more personal data. With that collection is an increased responsibility and the potential for more government regulation. Attorneys Rick Martinez and Seth Northrop discuss the changes that...more

Mishandling Medical Records Turns Into an $800,000 HIPAA-Compliance Mistake

A non-profit healthcare company agreed to pay $800,000 as part of a settlement with the U.S. Department of Health and Human Services (HHS) for allegedly mishandling 71 boxes of medical records in violation of the privacy rule...more

Recent OCR Reports Illustrate Past and Future Compliance and Enforcement Efforts

Daily news stories about data breaches and enforcement actions seem to be the new norm, so it’s no surprise that people may start to believe that hackers have won the war and that no personal health information is safe. But...more

Florida’s New Data Breach Notification Requirements Take Effect July 1

On June 20, 2014, Florida Governor Rick Scott signed the Florida Information Protection Act of 2014 (FIPA) into law. FIPA imposes stringent new security and notice requirements on businesses and employers that maintain...more

Security Breach Notification Chart - Revised June 2014

Perkins Coie's Privacy & Security practice maintains a comprehensive chart that summarizes state laws regarding security breach notification. The chart is for informational purposes only and is intended as an aid in...more

72 Results
|
View per page
Page: of 3

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×