Data Security

News & Analysis as of

HIPAA Compliance: Navigating a Health Care Minefield

In the two decades since its original passage, complying with the federal Health Insurance Portability and Accountability Act (HIPAA) hasn’t gotten any easier. Enacted with the primary goal of protecting the confidentiality,...more

Best Practices For Implementing Internal Security Controls

Many security risks can be avoided or mitigated by implementing sufficient internal security controls which are tailored to the organization’s size, needs, and specific industry. The Federal Trade Commission (“FTC”) sets...more

Nebraska and Illinois Update Breach Notice Requirements

The data breach notification laws for Nebraska and Illinois have been updated to expand the definition of “personal information” to include usernames and email addresses in combination with a password or security question...more

A Storm Brews: Retailers Push Back Against Payment Card Industry Data Security Standards

As businesses and financial institutions grapple with data security in the wake of high profile breaches, tensions between retailers and the credit card industry over the creation and implementation of security standards...more

FBI reports $3.1 billion lost by businesses through “business email compromise”

Wire fraud crime has long been a problem for financial institutions and banks. However, wire fraud through email is a completely different beast. Originally characterized by law enforcement as an extension of traditional wire...more

Colorado Student Data Privacy Bill – What EdTech software providers need to know

Colorado is the latest state to revisit, and expand upon, its laws pertaining to the use and protection of student data. Colorado Governor John Hickenlooper recently signed into law House Bill 16-1423 (the “Bill”) designed to...more

[Webinar] Cloud licensing and health care data: Know the risks, learn the solutions - July 13th, 12:00pm CT

As identity theft and malicious attacks against clinical providers increase, more and more health care data is stored in the digital cloud. The health care industry is required to take special precautions when licensing...more

IRS Issues New Requirements for IVES Participants

On June 23rd, the IRS dropped a bombshell on the lending industry. As of Midnight on July 1, 2016, many lenders will no longer be able to verify directly borrower income except through snail mail. If the IRS sticks to its...more

World Energy Council warns utility industry of advanced malware

The World Energy Council recently warned the utility industry that one of the top threats to the energy sector is advanced malware attacks. The warning noted that the utility sector is vulnerable because of the size of the...more

NTIA Multistakeholder Process Finalizes General Privacy Guidelines for Commercial Facial Recognition Use

We’ve previously blogged about the National Telecommunications and Information Administration (NTIA) privacy multistakeholder process to address concerns associated with the emerging commercial use of facial recognition...more

OCR Warns of HIPAA Risks in Third-Party Apps

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently issued a warning regarding vulnerabilities in third-party applications used by entities covered by HIPAA. The OCR warning applies...more

Data Breaches Response Costs Continue to Rise

SEC Chair Mary Jo White recently opined that cyber security is the biggest risk facing the United States financial system. Companies should take heed of that warning in light of the release of the 2016 Cost of Data Breach...more

Governor Signs Student Data Privacy Law

On June 9, 2016, Governor Malloy signed into law Public Act 16-189, “An Act Concerning Student Data Privacy” (the “Act”), which ushers in sweeping changes to the protection and use of student data. As schools increasingly...more

Ransomware Update: The FBI Weighs In

The FBI recently released an article discussing the spate of ransomware attacks on a variety of different entities, including hospitals. In the article, the FBI warned that ransomware attacks and the cybercriminals carrying...more

Cybersecurity News & Notes – June 2016 #3

In Case You Missed It: Illinois strengthened its data privacy and security law, with the amendments going into effect in January 2017. The amendments include expanding the definition of “personal information” to include a...more

Data Security Safeguards Can Help Healthcare Employers Withstand Cyberattacks—and Government Audits

The last couple of years have brought a steady rain of bad news for the healthcare industry when it comes to data security: Insurers faced with massive data breaches affecting thousands of health plans and millions of...more

FTC Delays Ruling in LabMD Appeal

The Federal Trade Commission has decided to put off until late July a decision about whether to overturn a ruling by the agency’s chief administrative law judge in the closely watched data security action against LabMD, the...more

Will Privacy Enforcement Actions Impact “Reasonable” Security Measures Needed to Protect Trade Secrets?

In widely-publicized, contested privacy cases last year, the FTC advocated in favor of a high baseline for information security measures.  Among the security practices attacked by the FTC as critical mistakes by companies...more

Data Security Plays a Key Role in the Adoption and Success of Precision Medicine

The White House recently released a guidance document for those in the precision medicine community to help ensure that participants’ data and resources remain secure. The document, titled “Precision Medicine Initiative:...more

Cloud storage providers to abide by new UK checklist

As cloud storage has widely spread, there have been growing concerns from the UK authorities about whether consumer rights are effectively protected. New guidelines for consumers and a new checklist for industry bring fresh...more

The CFPB and Data Security Enforcement

The Consumer Financial Protection Bureau (CFPB) announced its intention to act as a data security regulator by releasing its first unfair, deceptive or abusive acts or practices (UDAAP) enforcement action for allegedly...more

How to Respond to a Cyber Extortion Demand

Cyber extortion refers to a situation in which a third party threatens that if an organization does not pay money, or take a certain action, the third party will take an adverse action against the organization. Among other...more

FedRAMP Accelerates the Process for Federal Contractors to Obtain Cloud Service Provider Authorizations and DoD Revises its Cloud...

Cloud computing is ubiquitous in the federal market place. Many federal contractors either provide cloud computing services to the government or use cloud computing services when performing a federal contract. For cloud...more

The Paper Trail: The Potential Data-Breach Sitting in your Printer

In April 2016, the sensitive personal medical information of NFL players was stolen from the car of a trainer who had left the files in a backpack in his locked car. In 2014, Safeway, Inc. settled charges brought by the...more

What to Consider When Drafting or Reviewing a Privacy Policy

Although financial institutions, health care providers, and websites directed to children are required to create consumer privacy policies under federal law, other types of websites are not. In 2003, California became the...more

869 Results
|
View per page
Page: of 35
JD Supra Readers' Choice 2016 Awards

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×