Data Security

News & Analysis as of

European Parliament Passes Landmark Data Protection Regulation

On April 14, 2016, the European Parliament passed the General Data Protection Regulation (GDPR) and its companion, Data Protection Directive for Police and Criminal Justice Authorities. The GDPR is a comprehensive regulation...more

More (MACRA) Data Analysis, Please

On July 1, CMS finalized new MACRA rules that significantly expand how qualified data entities will be allowed to share or sell analyses of Medicare and private claims data to providers, insurers, employers, and others who,...more

Three Tips to Verify the Security of Your E-Discovery Software

SOC 2® Type 2 Certification and Zapproved–Building Trust and Confidence that Your Data is Secure - Today in e-discovery, it should be no surprise that cyber security is a rising concern among corporate leaders and that...more

U.S. Court for District of Minnesota Dismisses Target Data Breach Shareholder Derivative Suits

On July 7, 2016, the United States District Court for the District of Minnesota granted Target’s unopposed motion to dismiss the derivative actions filed by a number of shareholders against the company relating to the...more

Pokémon Go in the Workplace: Oh Look There’s a Pikachu!

Did you know that the world is now inhabited by creatures called Pokémon? (Or maybe they’ve always been there?) Some run across the plains; others fly through the skies; and some live in the mountains….and some, yes, some,...more

FinTech Companies Face Big Privacy Challenges in 2016

According to the FBI, “there are only two types of companies: those that have been hacked and those that will be.” It does not take an actual data breach, however, for a company to be liable for its data security practices. ...more

Breach of ePHI Results in $2.7 Million Fine

Oregon Health & Science University (“OHSU”) has paid $2.7 million to the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) to settle allegations that it violated the Health Insurance Portability...more

First EU-wide cybersecurity regime set to enter force in August 2016 after final approval by European Parliament

The European Parliament gave final approval to the Network and Information Security Directive (“Directive”), the first-ever EU-wide cybersecurity standards, on July 6, 2016. The Directive seeks to improve the cybersecurity...more

ATM vulnerability – Banks beware!

It is said that a chain is only as strong as its weakest link. Often the same is said for an organization’s data privacy & security defensives. Could it be that the ubiquitous ATM machine is the weak link to the banking...more

A Side-by-Side Comparison of "Privacy Shield" and the "Safe Harbor": The Easiest Way to Understand What Privacy Shield Is and...

More than 5,000 companies had taken advantage of the now defunct U.S.-EU Safe Harbor Framework. Those companies are now considering whether to join the newly approved “Privacy Shield,” and are trying to understand the...more

Ninth Circuit Vastly Expands Scope of Criminal, Civil Liability for Computer Fraud

In a pair of highly anticipated decisions, the Ninth Circuit significantly reshaped criminal and civil liability under the federal Computer Fraud and Abuse Act (CFAA). The court’s recent decisions in United States v. Nosal...more

FTC Steps Up Activity on APEC Cross-Border Privacy Certification: Issues Warning Letters to 28 Companies Claiming Certification

The Federal Trade Commission (FTC) has issued warning letters to 28 companies that claim to be certified participants in the Asia-Pacific Economic Cooperative’s (APEC) Cross-Border Privacy Rules (CBPR) system on their...more

Privacy Shield Finalized - How Everyone Can Take Advantage of the New European Data Transfer Framework

The EU Data Protection Directive 95/46/EC (the “Directive”) creates the legal framework for national data-protection laws in each EU Member State. The Directive states that personal data may only be transferred to countries...more

Waves of Guidance and Benefit Plan Developments Worth Watching

Notices on Second Round of Privacy and Security Audits are Out, Expat Plans, OON Surgery Center Billing Issues, and New Nondiscrimination Rules for Federal Contractors, New ERISA Civil Monetary Penalties, COBRA Notices and...more

Recent U.S. Department of Education Dear Colleague Letter Raises the Bar on Standards for Protecting Federal Financial Aid Data

On July 1, 2016 the U.S. Department of Education issued a follow-up Dear Colleague Letter to the Dear Colleague Letter of July 29, 2015. This most recent letter reminds institutions of their legal obligation to protect...more

[Webinar] Cloud licensing and health care data: Know the risks, learn the solutions - July 27th, 12:00pm CT

As identity theft and malicious attacks against clinical providers increase, more and more health care data is stored in the digital cloud. The health care industry is required to take special precautions when licensing...more

PCI DSS v. 3.2: New Requirements Coming to Protect Your Customers’ Wallets

The Payment Card Industry (PCI) Security Standards Council (PCI Council) released Version 3.2 of the PCI Data Security Standard (PCI DSS), containing several new requirements for merchants, acquirers, and other entities that...more

FDA’s New Guidance on Data Integrity and Compliance with GMPs and Potential Product Liability Considerations

The Food and Drug Administration recently released draft guidance for the industry entitled “Data Integrity and Compliance with CGMP [Current Good Manufacturing Practices].” While the draft is not legally binding on industry...more

Blog: FCA publishes guidance for firms outsourcing to the cloud and 3rd-party IT service providers

The FCA has published its final “guidance for firms outsourcing to the cloud and other 3rd-party IT services“. The guidance is generic in two senses: it “aims to help firms and service providers understand [the FCA’s]...more

The High Stakes Poker of Playing Fast and Loose with Federal Laws and Regulations Just Got More High Stakes: US Civil Penalties...

Though corporate compliance programs can be expensive, companies that fail to implement such programs are about to double down on their gamble as a result of a newly imposed increase in civil fines. Prior to this increase,...more

SEC Proposes New Requirement for Business Continuity Plans for Investment Advisers

On June 28, 2016, the Securities and Exchange Commission (“SEC”) proposed a rule that would require all SEC-registered investment advisers to adopt and implement a business continuity and transition plan (“BCP”). The BCP...more

SEC Proposes Rule Requiring Registered Advisers to Adopt Business Continuity and Transition Plans

On June 28, 2016, the Securities and Exchange Commission (SEC) proposed new Rule 206(4)-4 under the Investment Advisers Act of 1940 (Advisers Act) that would require registered investment advisers to adopt and implement...more

$90 Million Cyber Thefts From SWIFT Network Raise Security and Legal Issues

In February 2016, attackers stole $81 million from the Bangladesh central bank’s account at the New York Federal Reserve Bank by hacking into the Bangladesh bank’s computer network and sending fraudulent messages through the...more

Six Myths of Breach Response

Data breach has, unfortunately, become a fact of life. Practically every corporation has experienced some sort of security incident, although most have avoided (to their knowledge) significant network intrusions and loss or...more

Business Associate Settles HIPAA Investigation for $650,000

The U.S. Office for Civil Rights (OCR), the agency responsible for enforcing the HIPAA Privacy and Security rules, has just sent a strong message that business associates are not immune from scrutiny. On June 24, 2016, in a...more

899 Results
|
View per page
Page: of 36
JD Supra Readers' Choice 2016 Awards

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×