Security Risk Assessments Data Protection

News & Analysis as of

HIPAA and Text Messaging

Text messaging is pervasive. Doctors and other health care providers, covered entities, and business associates currently use (and embrace) the technology. Texting is easy, fast and efficient. It doesn’t require a laptop...more

CFTC Approves NFA Interpretive Notice on Information Systems Security Programs, Including Cybersecurity Guidance

The CFTC recently approved the National Futures Association’s interpretive notice (the “Cybersecurity Notice”) on the general requirements that members should implement for their information systems security programs...more

Data-Harvesting Zombie Hackers, Blood-Thirsty Auditors, and Other Reasons to be Scared on Halloween

This Halloween, the scariest monsters might not be in your closet or under your bed. They may be overseas, orchestrating intrusions into your electronic medical record. Or they may be lurking in your own workforce, carrying...more

“Bug Bounty” Programs Grow In Popularity

In a significant shift in the way the tech industry responds to hackers, an increasing number of companies are resorting to use of “bug bounty” programs that reward hackers who identify flaws in their company software and...more

Six Steps Banks Should Implement to Ensure Their Security Procedures are Commercially Reasonable

Banks are tasked by the Uniform Commercial Code (the UCC) with using “commercially reasonable” security procedures when processing funds transfers. This responsibility is constantly evolving as bank fraud becomes more...more

SEC Cybersecurity Update

Results from the SEC’s First Round of Cybersecurity Examinations - On February 3, 2015, the OCIE published a risk alert summarizing its findings from its examinations of over 100 registered investment advisers and...more

SEC Announces Second Wave of Cyber Exams of Broker Dealers and Advisors – Is Your Firm Ready?

In April 2014, the Securities and Exchange Commission’s (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert announcing its first cybersecurity sweep initiative. Pursuant to that initiative,...more

Privacy, Security, Risk: What You Missed At IAPP Conference

Earlier this month, privacy and security professionals from around the globe gathered for “Privacy. Security. Risk. 2015”—the second joint conference between the International Association of Privacy Professionals and the...more

Unmasking Information Governance: What is it and how do I move it forward in my organization?

The heightened state of information security in recent years has instigated genuine collaboration, in many organizations, amongst its professionals in IT, records, security, risk, compliance, and other stakeholders in...more

HIPAA Fine Underscores OCR’s Focus on Physician Group Compliance

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) recently announced a $750,000 fine and resolution agreement, including a Corrective Action Plan (CAP), for Cancer Care Group, P.C. (CCG), a...more

Proactive Approach To Cybersecurity: Recent SEC guidance and enforcement actions suggest that reactive firms may be in the SEC’s...

In an environment where even the largest and most powerful corporations have fallen victim to data breaches, it can be challenging to fathom how to protect against the sophisticated and ever-evolving threat of cyber attacks....more

Is Your HIPAA Compliance Program Ready for the FTC?

Everyone in healthcare knows that the next round of HIPAA audits is coming. Covered entities and business associates have long been advised to review and update their HIPAA security risk analyses, have business associate...more

Investment Adviser Settles SEC Cybersecurity Enforcement Action; SEC Issues Investor Alert

On September 22, the U.S. Securities and Exchange Commission (“SEC”) and R.T. Jones Capital Equities Management, Inc. (“R.T. Jones”), a St. Louis-based investment adviser, settled charges that R.T. Jones failed to adopt...more

SEC Brings First Cybersecurity Enforcement Proceeding in Wake of Risk Alert

Highlights Areas of High Risk and Examination Priorities for Financial Industry Firms - On September 15, the U.S. Securities and Exchange Commission’s (SEC’s) Office of Compliance, Inspections and Examinations (OCIE),...more

OIG Report Finds CMS’s MIDAS System Needs Improvement in Information Security Controls

On September 14, 2015, the OIG released a Public Summary Report finding that although CMS had implemented controls to secure the Multidimensional Insurance Data Analytics System (MIDAS) and consumer personally identifiable...more

SEC Ramps up Cybersecurity Scrutiny With Examination Priorities and an Enforcement Action

Why it matters - Signaling that it will continue to increase its scrutiny of firms' cybersecurity readiness, the Office of Compliance, Inspections and Examinations of the Securities and Exchange Commission (SEC) issued a...more

California Attorney General Settlement Requires Hiring of Privacy Officer: Businesses with Web Presences Subject to Increasing...

On Friday, Oct. 2, home design and renovation company, Houzz, Inc., reached a settlement with the Office of California Attorney General Kamala Harris over allegations that Houzz had recorded customer and employee...more

FTC Gives Words of Warning to the Wise

The Federal Trade Commission has issued new guidance on data security to help businesses that collect, store and use consumer information to stay out of hot water with the agency. Gleaned from the more than 50...more

A Compilation of Enforcement and Non-Enforcement Actions

Non-Enforcement Cybersecurity Is At the Top of SEC Examination Concerns In a recent SEC “risk alert” for registered broker-dealers and investment advisers, the SEC’s Office of Compliance Inspections and Examinations (OCIE)...more

The SEC Charges Investment Adviser with Violating Regulation S-P by Failing to Adopt Cybersecurity Policies and Procedures

In recent years, the SEC has been focused on cybersecurity. It has issued risk alerts, conducted examinations and provided guidance about what the agency sees as widespread weaknesses in many policies and procedures to...more

SEC Charges Investment Adviser With Failure to Adopt Proper Cybersecurity Policies and Procedures

A registered investment adviser agreed to settle SEC charges that it failed to adopt adequate cybersecurity policies and procedures reasonably designed to protect customer records and information as required by Rule 30(a) of...more

SEC Announces Cybersecurity Enforcement Action

On September 22, 2015, the Securities and Exchange Commission (SEC) announced the settlement of an enforcement action against a St. Louis-based registered investment adviser (Adviser) brought under Rule 30(a) of Regulation...more

Unprecedented Hacking and Trading Scheme Highlights Key Cybersecurity Lessons

On Aug. 11, 2015, federal prosecutors in the District of New Jersey and the Eastern District of New York unsealed indictments against nine individuals in the U.S. and Ukraine who were allegedly involved in a five-year,...more

Cure of Security Rule Violations Following Breach of EPHI Cannot Save Covered Entities from $750,000 Settlement; Non-Breach...

More than three years after the Cancer Care Group, P.C. (“CCG”) notified the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) of a breach of unsecured electronic protected health...more

SEC Provides Additional Information On Cybersecurity Examinations

On September 15, 2015, the Security and Exchange Commission’s Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert to provide additional information on the areas of focus for its second round of...more

32 Results
View per page
Page: of 2

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.