What's Changed? The U.S. Department of Justice (DOJ) published a Data Security Program (DSP), pursuant to a final rule (Final Rule), which became effective on April 8, 2025....more
4/29/2025
/ Covered Transactions ,
Cybersecurity Information Sharing Act (CISA) ,
Data Privacy ,
Data Security ,
Department of Justice (DOJ) ,
Enforcement ,
Final Rules ,
National Security ,
Personal Data ,
Regulatory Requirements ,
Sensitive Personal Information
In the final days of the Biden administration the U.S. Department of Justice (DOJ) issued a sweeping set of regulations which are in effect as of yesterday, April 8, 2025. The regulations focus on cross-border data transfers...more
4/9/2025
/ China ,
Compliance ,
Cross-Border Transactions ,
Data Privacy ,
Department of Justice (DOJ) ,
Final Rules ,
International Data Transfers ,
National Security ,
Personal Data ,
Regulatory Requirements ,
Russia ,
Sensitive Personal Information
In late February, California lawmakers introduced new legislation that would impose sweeping restrictions on the use of location and tracking data. Known as the California Location Data Act (CLDA), this legislation goes a...more
On May 6, 2024, OCR published the final rule interpreting and implementing Section 1557 at 45 C.F.R. ยง 92 (the Final Rule). The Final Rule regulates the use of patient care decision support tools, including AI algorithms for...more
1/24/2025
/ Artificial Intelligence ,
Automation Systems ,
Covered Entities ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Final Rules ,
Health Care Providers ,
Healthcare ,
OCR ,
Regulatory Requirements ,
Risk Management ,
Section 1557
The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) issued a Notice of Proposed Rulemaking (NPRM) on December 27, 2024, to update the Health Insurance Portability and Accountability Act...more
On May 31, 2023, renowned managed file transfer solution provider Ipswitch, Inc. revealed a zero-day vulnerability in its flagship solution, MOVEit Transfer, that can enable mass data theft from thousands of organizations....more
On Thursday, May 19, 2023, the Federal Trade Commission (FTC) issued a notice of proposed rulemaking and a request for public comment on proposed changes to the Health Breach Notification Rule (HBNR or, the Rule) that would...more
In August 2022, LastPass โ one of the largest password managers in the world โ suffered a cyber breach resulting in the theft of thousands of password vaults of both individual and corporate users. Password managers are an...more
For most companies, human resource departments handle one of their most valuable and sensitive information assets: the personal data of their employees and job candidates. While this dataset provides employers a goldmine of...more
On October 7, President Biden signed an Executive Order directing the federal government to implement U.S. commitments under the European Union-U.S. Data Privacy Framework (EU-U.S. DPF). The new Executive Order enhances...more
Happy Data Privacy Day! Today, January 28, is a day to raise awareness, foster dialogue, and empower companies to act to ensure proper privacy (and security) of all types of data and information....more
On July 10, 2015, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced a settlement agreement with St. Elizabeth's Medical Center (SEMC) in Brighton, Massachusetts, regarding potential...more
7/16/2015
/ Compliance ,
Corrective Actions ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Data-Sharing ,
Department of Health and Human Services (HHS) ,
Electronically Stored Information ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
OCR ,
Passwords ,
Settlement Agreements