What's Changed? The U.S. Department of Justice (DOJ) published a Data Security Program (DSP), pursuant to a final rule (Final Rule), which became effective on April 8, 2025....more
4/29/2025
/ Covered Transactions ,
Cybersecurity Information Sharing Act (CISA) ,
Data Privacy ,
Data Security ,
Department of Justice (DOJ) ,
Enforcement ,
Final Rules ,
National Security ,
Personal Data ,
Regulatory Requirements ,
Sensitive Personal Information
On April 11, 2025, the Department of Justice's National Security Division (NSD) issued additional guidance to assist U.S. organizations in understanding and complying with the Data Security Program (DSP). As discussed in our...more
4/24/2025
/ Data Security ,
Data Transfers ,
Department of Justice (DOJ) ,
Export Controls ,
Final Rules ,
Foreign Adversaries ,
National Security ,
New Regulations ,
Personal Data ,
Regulatory Requirements ,
Sensitive Personal Information
The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) issued a Notice of Proposed Rulemaking (NPRM) on December 27, 2024, to update the Health Insurance Portability and Accountability Act...more
On May 31, 2023, renowned managed file transfer solution provider Ipswitch, Inc. revealed a zero-day vulnerability in its flagship solution, MOVEit Transfer, that can enable mass data theft from thousands of organizations....more
In August 2022, LastPass – one of the largest password managers in the world – suffered a cyber breach resulting in the theft of thousands of password vaults of both individual and corporate users. Password managers are an...more
If your management team and board of directors are not talking often about cyber liability and risk management, they will be soon. As a matter of both corporate and individual liability, recent enforcement makes it clear...more
In mid-September, the Office of Management and Budget (OMB) released a memorandum requiring federal agencies to obtain attestation from software developers before running third-party software on government networks. Under...more
On Tuesday, December 8 one of the nation's leading cyber defense vendors (FireEye) announced it suffered a recent cyber-attack from a "highly sophisticated threat actor, one whose discipline, operational security lead us to...more
12/11/2020
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
Data Security ,
Hackers ,
Incident Response Plans ,
Personally Identifiable Information ,
Popular ,
Risk Management
As organizations prepare for certain contingency work arrangements in response to the coronavirus (COVID-19) outbreak, companies must also focus attention on ensuring appropriate cyber hygiene. ...more
Happy Data Privacy Day! Today, January 28, is a day to raise awareness, foster dialogue, and empower companies to act to ensure proper privacy (and security) of all types of data and information....more
In early July, a global hospitality company announced in a U.S. Securities and Exchange Commission (SEC) filing that it had been fined more than $124 million (more than £99 million) by the United Kingdom's Information...more
After a confusing month of contradicting guidance, the Centers for Medicare & Medicaid Services (CMS) issued a memorandum clarifying its position regarding the use of text messaging with patient information between providers....more
States continue to amend their Data Protection and Breach Notification Requirements. Maryland and Delaware are the most recent states to pass legislation designed to bring additional precision to an organization's...more
On July 10, 2015, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced a settlement agreement with St. Elizabeth's Medical Center (SEMC) in Brighton, Massachusetts, regarding potential...more
7/16/2015
/ Compliance ,
Corrective Actions ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Data-Sharing ,
Department of Health and Human Services (HHS) ,
Electronically Stored Information ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
OCR ,
Passwords ,
Settlement Agreements