News & Analysis as of

Data Breach Compliance

BakerHostetler

Data Governance: Practical Considerations for a Reasonable Security Program

BakerHostetler on

Imagine receiving an email from an unknown actor claiming to have taken approximately 2 terabytes of data from your organization’s network. The threat actor provides a file tree and sample files to substantiate its claim....more

Mitratech Holdings, Inc

6 Overlooked Strategies That Strengthen ISO 22301 Compliance

When disruption strikes—be it a cyberattack, supply chain failure, or extreme weather—your systems and team’s ability to respond with speed, clarity, and confidence are tested....more

Health Care Compliance Association (HCCA)

Former OCR Director Fontes Rainer Reflects On ‘Imperfect’ RSP Law, Urges Final Security Reg

In October, the HHS Office for Civil Rights (OCR) fined Providence Medical Institute (PMI) $240,000, an amount that reflected a 20% discount for having “recognized security practices” (RSPs) in place. But many more covered...more

Ropes & Gray LLP

Adversarial Machine Learning in Focus: Novel Risks, Straightforward Legal Approaches

Ropes & Gray LLP on

The Artificial Intelligence and Machine Learning (“AI/ML”) risk environment is in flux. One reason is that regulators are shifting from AI safety to AI innovation approaches, as a recent DataPhiles post examined. Another is...more

Baker Botts L.L.P.

Florida Bar Passes Pioneering Cybersecurity Recommendation

Baker Botts L.L.P. on

On March 28, 2025, the Florida Bar unanimously approved Recommendation 25-1, which was proposed by its Cybersecurity & Privacy Law Committee and encourages all Florida Bar members and their firms to adopt certain proactive...more

Health Care Compliance Association (HCCA)

[Event] Healthcare Privacy Compliance Academy - June 9th - 12th, Pittsburgh, PA

HCCA's Healthcare Privacy Compliance Academy is a three-and-a-half-day interactive education program with a focus on the vast body of privacy laws and regulations in place to help you protect PHI and other critical data. Our...more

Ankura

HIPAA Security Risk Analysis – How should regulated entities prepare for the Office for Civil Rights (OCR) Risk Analysis Audit...

Ankura on

Following the Office for Civil Rights (OCR) recent publication of four settlements as part of a new Risk Analysis Audit Initiative. We explore the current regulatory language for Risk Analysis, the proposed language for Risk...more

Alston & Bird

UK Government Publishes Cyber Governance Code of Practice for Boards and Directors

Alston & Bird on

On April 8, 2025, the UK government published the Cyber Code of Practice (the “Code”) to support board directors in governing cybersecurity risks. The Code is available online. The UK’s data protection regulator is actively...more

Axinn, Veltrop & Harkrider LLP

Axinn Associates at the Spring Meeting: Considerations on Data Privacy and AI Usage for Healthcare Companies

The February 2024 ransomware attack on Change Healthcare was the largest healthcare data breach in U.S. history. The attack disrupted operations—impacting patient care and provider finances—and potentially exposed the...more

Ward and Smith, P.A.

Privacy and Data Security in Community Associations: Navigating Risks and Compliance

Ward and Smith, P.A. on

For community associations, this is especially important as these organizations often manage large amounts of PII of homeowners and residents (e.g., name, address, phone number, etc.), including certain categories of...more

Cozen O'Connor

NY Settles With Insurer on Data Breach Rooted in Security Deficiencies

Cozen O'Connor on

New York AG Letitia James settled with Root Insurance Company to resolve allegations that the company’s data security deficiencies led to a 2021 data breach involving 72,000 people, in violation of state consumer protection...more

Foley Hoag LLP - Security, Privacy and the...

HHS OCR Settles HIPAA Security Rule Investigation with Health Fitness Corporation

On March 21, 2025, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement of HIPAA security rule claims involving Health Fitness Corporation (Health Fitness). Health Fitness...more

Jackson Lewis P.C.

Health Fitness, OCR’s Risk Analysis Initiative, and the ERISA Fiduciary Duty to Select Plan Service Providers

Jackson Lewis P.C. on

On Friday, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced the fifth enforcement action under its Risk Analysis Initiative. In this case, OCR reached a settlement with Health...more

Baker Botts L.L.P.

Ninth Circuit Upholds Conviction of Former Uber Security Chief Joseph Sullivan in Connection with 2016 Uber Data Security Breach

Baker Botts L.L.P. on

On March 13, 2025, a three-judge panel of the U.S. Court of Appeals for the Ninth Circuit unanimously upheld the conviction of former Uber Chief Security Officer Joseph Sullivan. The ruling affirms Sullivan’s 2022 conviction...more

HaystackID

[Webcast Transcript] Discovering Data Quickly in High-Stakes White-Collar Investigations

HaystackID on

Editor’s Note: White-collar investigations can send shockwaves through an organization, demanding swift, strategic, and legally sound responses. In a recent HaystackID® webcast, experts broke down the complexities of...more

Health Care Compliance Association (HCCA)

[Event] Healthcare Privacy Compliance Academy - March 24th - 27th, Chicago, IL

HCCA's Healthcare Privacy Compliance Academy is a three-and-a-half-day interactive education program with a focus on the vast body of privacy laws and regulations in place to help you protect PHI and other critical data. Our...more

Constangy, Brooks, Smith & Prophete, LLP

Chile brings its data privacy laws in line with global data privacy standards

Chile has amended its data privacy law granting significant rights to data subjects, and imposing stricter obligations on data controllers and processors. Published in the Official Gazette (Diario Oficial) on December 13,...more

Perkins Coie

HHS Proposal To Strengthen HIPAA Security Rule

Perkins Coie on

Earlier this year, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) adopted a new proposal to strengthen the Health Insurance Portability and Accountability Act (HIPAA) security standards...more

Health Care Compliance Association (HCCA)

$1.5M Warby Parker Fine a Holdover; OCR Focuses On Men in Sports, Antisemitism, ‘Biological Truth’

Nearly six years to the day that Warby Parker reported a breach affecting nearly 200,000 individuals, the HHS Office for Civil Rights (OCR) imposed a $1.5 million fine on the eyewear giant. Investigated by OCR under the Biden...more

StoneTurn

2025 and Cybersecurity: What is Your Strategy?

StoneTurn on

Cybersecurity in 2025 will continue to face escalating challenges from AI-driven threats, geopolitical tensions, and increased regulatory scrutiny. Organizations must adapt to sophisticated cyberattacks fueled by AI,...more

Robinson+Cole Data Privacy + Security Insider

Warby Parker Settles Data Breach Case with OCR for $1.5M

Eyeglass manufacturer and retailer Warby Parker recently settled a 2018 data breach investigation by the Office for Civil Rights (OCR) for $1.5 million. According to OCR’s press release, Warby Parker self-reported that...more

IR Global

Data Protection in the Digital Age

IR Global on

With data becoming one of the most valuable assets, protecting it is not just a legal obligation but a business imperative....more

Jackson Lewis P.C.

Industry Groups Urge Rescission of Proposed HIPAA Security Rule Updates

Jackson Lewis P.C. on

In February, a coalition of healthcare organizations sent a letter to President Donald J. Trump and the U.S. Department of Health and Human Services (HHS) (the Letter), urging the immediate rescission of a proposed update to...more

Schwabe, Williamson & Wyatt PC

Coast Guard Tightens Up Cybersecurity Regulations

The maritime industry has become a prime target for hackers. In the last few years, it has seen a steep increase in the number of shipping-related cyberattacks. The recent surge marks a new and pressing challenge for ports...more

HaystackID

Rising Cyber Threats in Europe’s Financial Sector: An ENISA Overview

HaystackID on

Between January 2023 and June 2024, cyber threats targeting Europe’s financial sector escalated, posing risks to banks, financial service providers, and regulatory bodies. According to the ENISA Threat Landscape: Finance...more

375 Results
 / 
View per page
Page: of 15

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide