AI tools often drive efficiency and save money, but they have drawbacks. Here’s what to know....more
What is a Privacy Policy? A company’s privacy policy details its commitments regarding the handling and use of consumer data. The policy must explicitly define the company’s practices for collecting, storing, processing, and...more
The OIG, the nation’s leader in fighting fraud, waste and abuse of Medicare, Medicaid and other HHS programs, periodically publishes reports on how federal healthcare programs could improve....more
The SEC has been aggressively pursuing cybersecurity investigations and enforcement actions against public companies and foreign private issuers. In these actions, the SEC often alleges one of two theories: 1) that the...more
The Securities and Exchange Commission entered into a resolution agreement with R.R. Donnelley & Sons (RRD) on June 18, 2024 with RRD agreeing to pay $2.125 million to resolve disclosure and control violations alleged by the...more
More than two months after the February 2024 Change Healthcare cyber-ransom attack, the healthcare industry continues to grapple with the fallout, creating significant challenges, disruptions, and outages to the healthcare...more
The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) recently published an executive summary (Report) outlining key enforcement activities of the Health Insurance Portability and...more
A BP executive's husband pleaded guilty to securities fraud for buying and selling stock of BP's merger target. He knew of the upcoming transaction because he and his wife worked from home approximately 20 feet from each...more
A new report from Beyond Identity focuses on old, but very important issues—ending access rights to network systems by terminated employees and the rampant sharing of passwords....more
[author: Matt Kelly] In September 2020 the National Institute of Standards and Technology (NIST) unveiled the fifth version of its cybersecurity standard formally known as SP 800-53, “Security and Privacy Controls for...more
As the Covid-19 Pandemic forces more employees than ever before to work from home (“WFH”), businesses face new and different data privacy and security risks. This change is not lost on U.S. regulators, but it does not mean...more
The security and confidentiality of a company’s data is paramount. As businesses grapple with the COVID-19 pandemic and the need for employees to work remotely, it is important to remain focused on ensuring the security and...more
As employers respond to the ongoing COVID-19 coronavirus pandemic, many are implementing work-from-home policies and establishing situational teleworking opportunities for their employees. While remote-work technology can...more
We are living in the age of data and big data, where everyone wants to collect as much information as possible. The ability to analyze and monetize such information is a key strategy and selling point for many businesses. ...more
Eliminating the risk of business email compromise (BEC) attacks requires all parties to a financial transaction to pay close attention to email security, financial controls, and communication protocols. Key Points: ...more
The SEC, through its Office of Compliance Inspections and Examinations (“OCIE”), recently issued its most detailed cyber guidance to date. OCIE had previously issued several cybersecurity risk alerts over the past few years....more
The SEC’s Office of Compliance Inspections and Examinations published a series of observations gleaned from thousands of exams over a period of years. While OCIE’s charge is the inspection of certain SEC registrants the...more
On January 16, the Commerce Department’s National Institute of Standards and Technology (NIST) released version 1.0 of its Privacy Framework: A Tool for Privacy Through Enterprise Risk Management. The product of a two-year...more
On January 1, 2020, the California Consumer Privacy Act of 2018 (CCPA) went into effect. The CCPA applies to a wide range of companies and broadly governs the collection, use and sale of personal information of California...more
Q: How is the shift of medical devices moving to the Internet of Things affecting the health care industry? A: Connected medical devices routinely record sensitive health information about a patient. This critical...more
When the California Consumer Privacy Act (“CCPA”) takes effect in January 2020, California will become the first state to permit residents whose personal information is exposed in a data breach to seek statutory damages of...more
Are your employees instructed on the proper (and improper) use of social media? Does your organization have policies and provide training on the appropriate handling of sensitive information? A recent United States Department...more
Data security and privacy is a hot global topic right now. New laws that closely regulate data security practices seem to be popping up everywhere in order to account for all of the data people transmit electronically daily....more
Did you know Americans lost nearly $150 million dollars to real estate internet scams last year? That makes real estate cyber crime a greater risk to Americans than identity theft ($100 million in losses) or credit card fraud...more