Security and Privacy Controls

News & Analysis as of

How Much Do You Spend on Cybersecurity…and on What? reported that according to an International Data Corporation (IDC) forecast, by 2020, spending on security-related hardware, software, and services will eclipse $100 billion. However, consulting company NTT Com...more

Guidelines for Data Maps and Data Inventories

Knowing the type of data that you collect, where it is being held, with whom it is being shared, and how it is being transferred is a central component of most data privacy and data security programs. The process of answering...more

HHS Issues Cloud Computing Guidance Which Is Helpful To All Users of Cloud Services

Last week, the Department of Health and Human Services’ Office for Civil Rights (OCR) provided guidance for HIPAA covered entities and business associates that use or want to use cloud computing services involving protected...more

Data protection in video surveillance systems

Since video surveillance systems involve the capture of images of individuals, Colombian privacy law must be observed when operating such mechanisms. Therefore, the Superintendency of Industry and Commerce issued the...more

Privacy Tip #55 – October is National Bullying Prevention Awareness Month

I never knew that since 2006, October has been designated as National Bullying Prevention Awareness Month. According to the Department of Health and Human Service’s website, “This year’s Bullying Prevention Awareness Month...more

NYSDFS unveils new cybersecurity requirements for foreign and domestic banks

The New York State Department of Financial Services (NYSDFS) recently unveiled its cybersecurity regulation for financial services companies, which takes effect on January 1, 2017. This regulation applies to every banking and...more

Guidelines for Written Information Security Policies

Although federal law only requires that financial institutions and health care providers maintain a written information security policy or “WISP,” approximately thirty four states have enacted legislation that requires...more

Avoiding common law firm cybersecurity pitfalls

Cybersecurity often causes trepidation among attorneys simply because attorneys lack understanding of the nature of online risks and how to protect themselves. As evidenced in Part One of this series, law firms appear to be...more

Customer Data and Privacy Laws

Customer data can be a treasure trove for an organization.  Many businesses believe customer and prospect data to be their most valuable asset.  Unfortunately, some have discovered that, unless handled with care, it can also...more

Privacy Implications of the Federal Aviation Administration’s New Drone Rule

A new era in the field of aviation began on August 29, 2016, when the Federal Aviation Administration’s (FAA’s) long-awaited commercial drone rule went into effect. The new rule, formally known as Part 107, broadly authorizes...more

Keeping Your Cybersecurity Affairs in Order: How to Avoid Becoming the Next Ashley Madison

In late August, the Privacy Commissioner of Canada and the Australian Privacy Commissioner published the results of their joint investigation into the hack of notorious infidelity site, Ashley Madison, and its parent company,...more

Federal Trade Commission Invites Comments on Gramm-Leach-Bliley Act (GLB) Safeguards Rule

‘Tis the season for listening. Joining a previous Presidential Commission invitation, the Federal Trade Commission (the FTC) is now seeking comments on the GLB Safeguards Rule. The GLB Safeguards Rule, which took effect in...more

Personal Data Protection - Personal Data Protection Commission publishes nine decisions on data protection enforcement

On 21 April 2016, Singapore’s Personal Data Protection Commission (PDPC) published its decisions of action taken against organisations in breach of provisions relating to the collection, use and disclosure of personal data...more

How to Develop a HIPAA Incident Response Team

Covered entities and business associates are required to identify and report breaches of unsecured protected health information (“PHI”) and security incidents. “Breach” is defined as the acquisition, access, use, or...more

Information Security and Privacy Group News: Is Your Student Information Adequately Protected?

Recently, educational institutions have become targets for hackers and the victims of significant data breach incidents. No institution is invincible from attack. Within the last two years, preeminent universities such as...more

Health Care Group News: Bitcoin. System Lockdown. Data Held Hostage. Ransom Demand.

If company executives are discussing the terms listed above, then their company is likely to have experienced better days. However, if the executives are in the "C Suite" or are the Compliance Officer, Privacy Officer and/or...more

HHS Releases Guidance on Privacy and Security Audits and Ransomware

If your organization operates in the healthcare industry, particularly if it qualifies as a covered entity or business associate under the Health Insurance Portability and Accountability Act (HIPAA), you may have noticed the...more

Heads of the FTC Push Back on Chief Administrative Law Judge and Find Consumer Harm in LabMD Data Leak

On July 29, 2016, the three Federal Trade Commission (“FTC”) commissioners vacated their chief administrative law judge’s bold decision to dismiss the agency’s action against a medical testing lab, LabMD, In the Matter of...more

Federal Trade Commission Holds Medical Laboratory Liable for Allegedly Unfair Data Security Practices

On July 29, the Federal Trade Commission (“FTC” or “Commission”) issued a unanimous Opinion and Final Order reversing the FTC Administrative Law Judge (“ALJ”) Initial Opinion issued November 13, 2015, which had dismissed the...more

LabMD Opinion Reverses ALJ Decision; Articulates Standard for “Substantial Injury” Under the Unfairness Prong of the FTC Act for...

In a widely anticipated move, the Federal Trade Commission (FTC) has overruled a decision by its own Administrative Law Judge (ALJ) that had dismissed a case against a medical testing laboratory accused of unreasonable data...more

No Harm, Yes Foul: FTC Rules Risk of Consumer Harm Sufficient to Find LabMD Liable for Security Breach.

In a unanimous decision published Friday, July 28, attached here, the Federal Trade Commission (FTC) overruled an administrative law judge and found that a medical testing company’s lack of security measures violated federal...more

Three Tips to Verify the Security of Your E-Discovery Software

SOC 2® Type 2 Certification and Zapproved–Building Trust and Confidence that Your Data is Secure - Today in e-discovery, it should be no surprise that cyber security is a rising concern among corporate leaders and that...more

Business Associates of HIPAA Covered Entities Beware!

If your organization is a business associate of a HIPAA covered entity (such as a health care provider or employee health benefit plan), you should know that the Department of Health and Human Services' Office of Civil Rights...more

"Data Privacy Protection and Cybersecurity: A Business and Legal Primer"

The news regularly reports on data breaches and cybersecurity. While we read about the biggest breaches – Home Depot, Target, Anthem, JP Morgan, Wyndham – probably every business has been hacked and will be hacked again. ...more

Lessons from LinkedIn: Privacy and Data Security Representations in the M&A Context

Microsoft’s blockbuster acquisition of LinkedIn earlier this month—a deal where concerns for privacy and data security loomed large—provides a glimpse into the growing trend of including separate privacy and data security...more

148 Results
View per page
Page: of 6
JD Supra Readers' Choice 2016 Awards

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.