In late March 2025, the Florida Bar Board of Governors unanimously endorsed the recommendation of its Special Committee on Cybersecurity and Privacy Law that law firms should adopt written incident response plans (IRPs) to...more
On Friday, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced the fifth enforcement action under its Risk Analysis Initiative. In this case, OCR reached a settlement with Health...more
3/24/2025
/ Business Associates ,
Compliance ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Employee Retirement Income Security Act (ERISA) ,
Enforcement Actions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Risk Management
In February, a coalition of healthcare organizations sent a letter to President Donald J. Trump and the U.S. Department of Health and Human Services (HHS) (the Letter), urging the immediate rescission of a proposed update to...more
According to one survey, Florida is fourth on the list of states with the most reported data breaches. No doubt, data breaches continue to be a significant risk for all business, large and small, across the U.S., including...more
As the integration of technology in the workplace accelerates, so do the challenges related to privacy, cybersecurity, and the ethical use of artificial intelligence (AI). Human resource professionals and in-house counsel...more
1/29/2025
/ Americans with Disabilities Act (ADA) ,
Artificial Intelligence ,
Biometric Information ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Cybersecurity ,
Dashcams ,
Data Breach ,
Data Privacy ,
Data Protection ,
Department of Labor (DOL) ,
Employee Monitoring ,
Employee Privacy Rights ,
Equal Employment Opportunity Commission (EEOC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Popular ,
Privacy Laws ,
Third-Party Service Provider ,
Wearable Technology
Insider threats continue to present a significant challenge for organizations of all sizes. One particularly concerning scenario involves employees who leave an organization and impermissibly take or download sensitive...more
1/21/2025
/ Confidential Information ,
Confidentiality Agreements ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Former Employee ,
Intellectual Property Protection ,
Personal Data ,
Personal Information ,
Restrictive Covenants ,
Risk Management ,
Sensitive Business Information ,
Trade Secrets ,
UTSA
A massive data breach hit one of the country’s largest education software providers. According to EducationWeek, PowerSchool provides school software products to more than 16,000 customers, largely K-12 schools, that serve 50...more
1/13/2025
/ Compliance ,
Credit Monitoring ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Educational Institutions ,
Identity Theft ,
Incident Response Plans ,
Information Technology ,
Personal Information ,
Personally Identifiable Information ,
Privacy Laws ,
Ransomware ,
Regulatory Requirements ,
Risk Management ,
School Districts ,
State Privacy Laws ,
Vendors
Ask any chief information security officer (CISO), cyber underwriter or risk manager, or cybersecurity attorney about what controls are critical for protecting an organization’s information systems, you’ll likely find...more
1/9/2025
/ Artificial Intelligence ,
Biometric Information ,
Chief Information Security Officer (CISO) ,
Cryptocurrency ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Deep Fake ,
FBI ,
Fraud ,
Identity Theft ,
Know Your Customers ,
Multi-Factor Authentication ,
Phishing Scams ,
Risk Management ,
Secret Service ,
Social Engineering
As the healthcare sector continues to be a top target for cyber criminals, the Office for Civil Rights (OCR) issued proposed updates to the HIPAA Security Rule (scheduled to be published in the Federal Register January 6). It...more
1/2/2025
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Health Plan Sponsors ,
HITECH Act ,
Incident Response Plans ,
Malware ,
OCR ,
PHI ,
Policies and Procedures ,
Risk Assessment ,
Risk Management
As the year comes to a close here are some of the highlights from the Workplace Privacy, Data Management & Security Report with our most popular topics and posts from 2024.
Expanding State Privacy Laws-
This year saw a...more
1/2/2025
/ Artificial Intelligence ,
Biometric Information ,
Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Department of Labor (DOL) ,
Employee Privacy Rights ,
Fair Credit Reporting Act (FCRA) ,
Personal Data ,
Privacy Laws ,
Retirement Plan ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
State Privacy Laws ,
Web Tracking
No organization can eliminate data breach risks altogether, regardless of industry, size, or even if the organization has taken significant steps to safeguard their systems and train employees to avoid phishing attacks....more
12/2/2024
/ AirBnB ,
Cybersecurity ,
Data Breach ,
Phishing Scams ,
Popular ,
Property Management Companies ,
Risk Management ,
Third-Party Service Provider ,
Vacation Rentals ,
Vendors ,
Websites
On November 8, 2024, the California Privacy Protection Agency (CPPA) voted to proceed with formal rulemaking regarding artificial intelligence (AI) and cybersecurity audits. This comes on the heels of the California Civil...more
Announcing its fourth ransomware cybersecurity investigation and settlement, the Office for Civil Rights (OCR) also observed there has been a 264% increase in large ransomware breaches since 2018....more
9/30/2024
/ Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Security ,
Electronic Medical Records ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Multi-Factor Authentication ,
OCR ,
PHI ,
Policies and Procedures ,
Ransomware ,
Risk Assessment ,
Risk Management
If there is one thing artificial intelligence (AI) systems need is data and lots of it as training AI is essential for achieving success for a given use case. A recent investigation by Australia’s privacy regulator into the...more
9/26/2024
/ Artificial Intelligence ,
Australia ,
Consent ,
Cybersecurity ,
De-Identification ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Office of Australian Information Commissioner (OAIC) ,
PHI ,
Training
One of our recent posts discussed the uptick in AI risks reported in SEC filings, as analyzed by Arize AI. There, we highlighted the importance of strong governance for mitigating some of these risks, but we didn’t address...more
9/12/2024
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
Cybersecurity ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Fortune 500 ,
Governance Standards ,
Intellectual Property Protection ,
Machine Learning ,
Phishing Scams ,
Popular ,
Risk Assessment ,
Risk Management ,
Securities and Exchange Commission (SEC)
A little more than three years ago, the U.S. Department of Labor (DOL) posted cybersecurity guidance on its website for ERISA plan fiduciaries. That guidance extended only to ERISA-covered retirement plans, despite health and...more
“Cybersecurity” has emerged as one of top risks facing organizations. Considering the steady stream of massive data breaches affecting millions (sometimes billions), the debilitating effects of ransomware on an organization’s...more
4/11/2024
/ Biometric Information ,
California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
FERPA ,
General Data Protection Regulation (GDPR) ,
Genetic Testing ,
GINA ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personally Identifiable Information ,
Ransomware ,
Tracking Systems
As organizations continue to take steps to prevent cyberattacks, a near-universal recommendation is that they should implement multi-factor authentication (MFA), and for good reason. Organizations subject to the updated FTC...more
The explosion of generative AI has spawned a wide range of personal and professional tools and applications. One noteworthy (no pun intended) example of those tools and applications is notetakers that can capture, transcribe,...more
On February 28, 2024, President Biden issued an Executive Order (EO) seeking to protect the sensitive personal data of Americans from potential exploitation by particular countries. The EO acknowledges that access to...more
3/6/2024
/ Artificial Intelligence ,
Cyber Crimes ,
Cybersecurity ,
Data Transfers ,
Department of Health and Human Services (HHS) ,
Department of Veterans Affairs ,
Executive Orders ,
Exploitation ,
National Security ,
Secretary of Defense ,
Sensitive Personal Information
For healthcare providers and health systems covered by the privacy and security regulations under the Health Insurance Portability and Accountability Act (HIPAA), a breach of unsecured protected health information (PHI)...more
1/29/2024
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Mining ,
Data Protection ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
OCR ,
PHI ,
Subcontractors ,
Vendors
To celebrate Data Privacy Day (January 28), we present our top ten data privacy and cybersecurity predictions for 2024.
1. AI regulations to protect data privacy.
Automated decision-making tools, smart cameras, wearables,...more
1/29/2024
/ Artificial Intelligence ,
Audits ,
Automated Decision Systems (ADS) ,
Biometric Information Privacy Act ,
Class Action ,
COPPA ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Online Safety for Children ,
Popular ,
Risk Assessment ,
Risk Management ,
State Privacy Laws ,
Web Tracking
Phishing has long been a favorite tactic for threat actors (hackers) to commence a cyberattack. The rapid expansion of more adaptable and available artificial intelligence (AI) technologies, such as natural language...more
1/5/2024
/ Artificial Intelligence ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Email ,
Employee Training ,
FBI ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Multi-Factor Authentication ,
OCR ,
Phishing Scams ,
Popular ,
Risk Management
As the year comes to a close here are some of the highlights from the Workplace Privacy, Data Management & Security Report with our Top 10 most popular topics from 2023....more
12/21/2023
/ Artificial Intelligence ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Executive Orders ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
International Data Transfers ,
Securities and Exchange Commission (SEC) ,
Sensitive Personal Information ,
SHIELD Act ,
UK ,
Workplace Privacy
According to a New York Times story this weekend, the Security Exchange Commission’s lawsuit against SolarWinds is driving discussions in boardrooms and corporate security departments of large organizations about the handling...more
11/20/2023
/ Board of Directors ,
Boilerplate Language ,
Chief Information Security Officer (CISO) ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Hackers ,
Incident Response Plans ,
Popular ,
Ransomware ,
Reporting Requirements ,
Securities and Exchange Commission (SEC) ,
SolarWinds