The US government continues to refine its influential cybersecurity guidance, the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), with a substantial update to the CSF expected later this...more
This week the U.S. Department of Health and Human Services, the agency responsible for HIPAA enforcement, announced the formation of three new divisions within the Office for Civil Rights (“OCR”). The new divisions –...more
Through Aerospace & Defense Insights, we share with you the top legal and political issues affecting the aerospace and defense (A&D) industry. Our A&D industry team monitors the latest developments to help our clients stay in...more
On October 18, 2022, the United States Transportation Security Administration (TSA) released a new Security Directive applicable to the rail industry that will require certain owners and operators to implement new,...more
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a Request for Information (RFI) and announced “public listening sessions” soliciting input in advance of formal rulemaking under the Cyber Incident...more
9/13/2022
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Ransomware ,
Rulemaking Process
The Federal Trade Commission (FTC) recently has signaled its intent to inject new life into a longstanding but rarely triggered rule governing health breach notifications for non-HIPAA-covered health records. Specifically,...more
2/28/2022
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Digital Health ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Popular
Imagine a country paralyzed by the inability — even for just one day — to move people or goods by rail or by plane. This is not science fiction. This is the reality of the potential cybersecurity threats that could impact the...more
11/10/2021
/ Aviation Industry ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Homeland Security (DHS) ,
Railways ,
Ransomware ,
Transportation Industry ,
TSA
Connecticut’s new cybersecurity standards law, which goes into effect on October 1, 2021, protects companies from punitive damages in certain data breach actions where an organization has a cybersecurity program that conforms...more
10/1/2021
/ Affirmative Defenses ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Information Security Modernization Act (FISMA) ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
NIST ,
Popular ,
Safe Harbors ,
State Data Breach Notification Statutes
There has been a significant development in the ongoing debate regarding the scope of the authority of the Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) to issue penalties under the Health...more
On July 25, New York Governor Andrew Cuomo signed into law a pair of bills establishing new requirements for businesses that process certain personal information related to New York residents. The changes include expanding...more
8/8/2019
/ Biometric Information ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Governor Cuomo ,
Hackers ,
New Legislation ,
Personally Identifiable Information ,
Popular ,
Security Standards ,
SHIELD Act ,
State and Local Government ,
State Data Breach Notification Statutes
The Federal Trade Commission (“FTC”) issued notices on March 5 seeking public comment on proposed amendments to the regulations implementing the Gramm-Leach-Bliley Act (“GLBA”), commonly known as the Safeguards Rule and...more
3/14/2019
/ Chief Information Security Officer (CISO) ,
Data Management ,
Data Security ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
Gramm-Leach-Blilely Act ,
Incident Response Plans ,
Privacy Rule ,
Public Comment ,
Regulatory Agenda ,
Regulatory Standards ,
Risk Assessment ,
Rulemaking Process ,
Safeguards Rule ,
WISP
This is the eleventh installment in Hogan Lovells’ series on the California Consumer Privacy Act.
Much of the focus on the California Consumer Protection Act (“CCPA”) has been on the new rights that it affords California...more
Connected medical devices deliver numerous benefits not available before, including improved monitoring of patient welfare and a wealth of vital data. But for all the advantages available through these devices, their...more
3/12/2018
/ Best Practices ,
Connected Items ,
Cyber Attacks ,
Cybersecurity ,
Data Security ,
Federal Trade Commission (FTC) ,
Food and Drug Administration (FDA) ,
General Data Protection Regulation (GDPR) ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Internet of Things ,
Life Sciences ,
Medical Devices ,
Patient Safety ,
Personal Data ,
Pharmaceutical Industry ,
Popular ,
Regulatory Oversight ,
Risk Management ,
Security Risk Assessments ,
Training