Medical Device Legal News with Sam Bernstein: Episode 10
Drafting Consumer Breach Notices — From a Litigation Perspective - Unauthorized Access Podcast
IP|Trend: Dust up After the Breach
Hot Topics Roundtable for Fund Managers - Cybersecurity, Valuation, and More
The vast majority of commentary and public advice concerning data breaches surround, deservedly, the breach itself. This focus is only natural; it is the breach itself that requires victims to bring enormous resources to bear...more
Since the full implementation of Thailand’s Personal Data Protection Act (PDPA) in June 2022, the Personal Data Protection Committee (PDPC) has been instrumental in shaping the nation’s data protection framework. ...more
With 2025 barely three weeks old, the US Department of Health and Human Services Office for Civil Rights (OCR) has already announced six enforcement actions for the new year. Particularly significant is the advancement of...more
As the year comes to a close here are some of the highlights from the Workplace Privacy, Data Management & Security Report with our most popular topics and posts from 2024. Expanding State Privacy Laws- This year saw a...more
New York’s Cybersecurity Regulation continues its phased roll-out on November 1, when licensed financial services companies face a host of new requirements aimed at bolstering breach readiness and improving their ability to...more
On June 24, 2024, the U.S. Securities and Exchange Commission (SEC) published five new Form 8-K Compliance and Disclosure Interpretations (C&DIs) expanding the agency’s interpretations of cybersecurity incident disclosures...more
CDK Global, a key provider of cloud-based software for auto dealerships, suffered a severe ransomware attack this week, disrupting operations for thousands of dealerships across North America. The attack has crippled vital...more
This is a deceptively simple question — risk managers rightfully expect to know the scope of their coverages when they build their insurance programs. Unfortunately, judicial interpretation of common policy terms can turn...more
Publications and Advisories - November 13, 2023 – Kathleen Benway, Kate Hanniford, Amy Mushahwar, Kim Peretti, and Lance Taubin published “Privacy, Cyber & Data Strategy Advisory: FTC Approved New Data Breach Notification...more
Data breach class actions continue to rise, following almost inevitably from nearly every major security incident. Here are seven things in-house counsel can do to prepare for that anticipated litigation....more
A bipartisan coalition of 33 AGs settled with health care clearinghouse Inmediata Health Group, LLC and an affiliated entity (collectively, Inmediata) to resolve allegations that Inmediata violated state consumer protection...more
Most human resources professionals are concerned about the privacy and security of the vast amounts of personal information they manage. This article discusses steps to consider taking against the challenges. Deluge of...more
GoodRx Faces Million Dollar Proposed Penalty from FTC in First Enforcement Action Under the Health Breach Notification Rule - Settlement reveals views on application of unfairness authority to sharing of sensitive...more
The Office of Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) recently submitted two annual reports to Congress setting forth a summary of complaints and breaches reported to the OCR during...more
The Federal Trade Commission has issued new guidance under which consumers or companies should be notified of data breaches “regardless of whether a breach notification law applies.” Our Consumer Protection/FTC Team analyzes...more
Healthcare companies continue to face increased risks of ransomware attacks on their operations. According to the recently released BD Cybersecurity Annual Report for 2021, such attacks are also increasingly sophisticated....more
On October 27, 2021 the FTC issued a final rule (the “Final Rule”) amending 16 CFR Part 134, Standards for Safeguarding Customer Information (“Safeguards Rule”), after a period of notice and comment. While the existing...more
On 16 December 2020, the EU released its proposed revisions to the existing Directive 2016/1148 on the security of network and information systems (NIS2)....more
On November 27, 2019 the U.S. Department of Health & Human Services Office for Civil Rights (OCR) announced a $2.175 million dollar settlement with a hospital system to resolve alleged violations of HIPAA’s Breach...more
In our last article, we showed you how to evaluate where your organization sits on the landscape of readiness and preparedness. In this concluding article, we identify concrete steps you can immediately employ to move your...more
From the recent headline-grabbing attacks on hospitals and municipalities, the specter of cybersecurity threats looms large. As a result, spending on cybersecurity initiatives is expected to reach $96 billion this year....more
The health care industry is racing to adopt cutting-edge technology to provide patients with the best treatment possible at the lowest possible cost. ...more
This Friday is the deadline for General Data Protection Regulation (“GDPR”), yet many companies are still in the process of planning for compliance. Companies not able to meet the deadline may want to consider,...more
Worldwide, companies are scrambling to meet the May 25th deadline to comply with the European Union’s General Data Protection Regulation (GDPR). For companies with physical operations in an EU member state, this deadline is...more
Personal data is currency in the new world, and while the United States uses a sectoral approach to data privacy, the European Union (EU) treats privacy as a fundamental right of its citizens. Therefore, where U.S....more