Report on Patient Privacy 20, no. 1 (January 2020) - ? A cybersecurity breach temporarily halted cancer radiation treatment services at the Cancer Center of Hawaii on Oahu,[1] the center said. The center, which provides...more
In 2015, following numerous customer data security breaches at major U.S. companies, the IRS announced special tax relief to breach victims who were provided identity protection services as a result of the breach. In January...more
Editor's Overview - Happy New Year! Because 401(k) plans play an increasingly prominent role as an employee's principal retirement investment vehicle, fiduciaries overseeing those plans face increased pressure to see...more
As reported here after last year’s customer data security breaches at major U.S. corporations, the IRS announced special tax relief for identity protection services provided to individuals affected by a security breach. In...more
On October 14, 2015, the National Association of Insurance Commissioners’ (NAIC) Cybersecurity Task Force adopted the Cybersecurity Bill of Rights, a document meant to inform consumers of the services they can expect from...more
The National Association of Insurance Commissioners (“NAIC”) continued its efforts to advance cybersecurity in the insurance industry when it recently adopted the Cybersecurity Bill of Rights. The Cybersecurity Bill of Rights...more
On September 22, the U.S. Securities and Exchange Commission (“SEC”) and R.T. Jones Capital Equities Management, Inc. (“R.T. Jones”), a St. Louis-based investment adviser, settled charges that R.T. Jones failed to adopt...more
Non-Enforcement Cybersecurity Is At the Top of SEC Examination Concerns In a recent SEC “risk alert” for registered broker-dealers and investment advisers, the SEC’s Office of Compliance Inspections and Examinations (OCIE)...more
A registered investment adviser agreed to settle SEC charges that it failed to adopt adequate cybersecurity policies and procedures reasonably designed to protect customer records and information as required by Rule 30(a) of...more
On September 22, 2015, the Securities and Exchange Commission (SEC) announced the settlement of an enforcement action against a St. Louis-based registered investment adviser (Adviser) brought under Rule 30(a) of Regulation...more
A week after OCIE announced it would conduct a second round of cyber-security exams, the Commission emphasized the issue by bringing an enforcement action against a non-custodial investment-adviser over a remediated data...more
Lawyers for former employees of Sony Pictures Entertainment (“SPE”) indicated in a September 2, 2015 filing that they have tentatively reached a settlement with SPE in the class action suit resulting from the data breach...more
Citing scary facts like the 16.6 million victims of identity theft in 2012 and the recent customer data security breaches at major U.S. companies, the IRS recently announced special tax relief for identity protection services...more
This Is The End? - Settlement appears imminent in an employee class action against Sony Pictures Entertainment (“SPE”) arising from disclosure of their personally identifiable information (“PII”) in a massive data breach...more
In yet another data breach affecting millions of individuals, UCLA Health System (“UCLA”) reported on July 17, 2015, that hackers had accessed portions of its health network that contained personal information, including...more