Find Someone Observant: The Vital Role of Facility Security Officers
2023 DSIR Report Deeper Dive into the Data
Guidepost in Motion - Cybersecurity Frameworks and Metrics Part 2
Debra Geroux and Scott Wrobel on Responding to Data Breaches
Compliance and Regulations - Ensure adherence to SEC regulations with appropriate privacy and cybersecurity policies tailored to SEC requirements....more
The U.S. Department of Defense (DOD) has long questioned whether contractors and their supply chains have been fully compliant with existing cybersecurity requirements aimed at protecting Controlled Unclassified Information...more
The EU recently introduced the AI Act, landmark legislation aimed at regulating artificial intelligence (AI) technologies. This article provides an in-depth overview of the EU AI Act, its implications for organizations, and...more
The much anticipated response to the Consultation initiated by the Cyberspace Administration of China (CAC) last September has finally arrived (read our earlier briefing here). Last Friday, the CAC ended months of speculation...more
On March 22, 2024, the Cyberspace Administration of China (“CAC”) promulgated the final version of the Provisions on the Promotion and Regulation of Cross-Border Data Flows (the “Final Provisions”), bringing to conclusion the...more
Learning Objectives: - Benefits of doing a comprehensive security risk assessment - Understanding of the scope of a comprehensive risk assessment - Ability to evaluate their current security risk assessment - Ability to...more
The New York Department of Financial Services (NYDFS) on Nov. 9, 2022, released Proposed Amendments to its Cybersecurity Regulation. The NYDFS Cybersecurity Regulation was one of the first laws requiring companies to comply...more
The new guidelines provide insight into how businesses can submit applications to the CAC in order to obtain approval via the CAC security assessment cross-border data transfer requirement. As of September 2022, all...more
On March 30, 2022, the U.S. Securities and Exchange Commission’s (“SEC”) Division of Examinations released its exam priorities for fiscal year 2022 (the “2022 Priorities”). As in years past, these exam priorities naturally...more
In response to challenges facing the financial services industry as a result of coronavirus (COVID-19), New York's Department of Financial Services (DFS) has issued a COVID-19 compliance order, along with a series of industry...more
Businesses that have just about come to terms with the California Consumer Privacy Act (CCPA) may have more privacy rules and regulations to deal with going forward. Legislators in a number of other states across the country...more
Report on Patient Privacy 20, no. 1 (January 2020) - In the waning days of 2019, the HHS Office for Civil Rights (OCR) didn’t halt the HIPAA enforcement momentum it had built up during the last quarter of the year, dinging...more
Report on Medicare Compliance Volume 28, Number 40. (November 11, 2019) - - In a new Medicare compliance review, the HHS Office of Inspector General (OIG) said Angels Care Home Health in Salina, Kansas, didn’t comply with...more
The Health Insurance Portability and Accountability Act (“HIPAA”) was created for one specific reason – evolution of technology. Today, health care providers are using online clinical applications and electronic health...more
James Grago has a nice business going. He runs a website called ClixSense.com that permits users to earn money by completing surveys and watching advertisements. Revenues grew from $6.7 million in 2015 to $9.1 million in...more
Last week, Governor Cuomo signed the SHIELD Act into law. As a result, organizations that maintain private information concerning New York state residents will have to develop compliance programs before the law becomes...more
As businesses continue to digitise their assets and operations, the need to continually assess IT infrastructure and the technical measures in place to safeguard key information assets and data becomes ever more important....more
Earlier this month, privacy and security professionals from around the globe gathered for “Privacy. Security. Risk. 2015”—the second joint conference between the International Association of Privacy Professionals and the...more
The heightened state of information security in recent years has instigated genuine collaboration, in many organizations, amongst its professionals in IT, records, security, risk, compliance, and other stakeholders in...more
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) recently announced a $750,000 fine and resolution agreement, including a Corrective Action Plan (CAP), for Cancer Care Group, P.C. (CCG), a...more
Everyone in healthcare knows that the next round of HIPAA audits is coming. Covered entities and business associates have long been advised to review and update their HIPAA security risk analyses, have business associate...more
Federal government contractors handling Controlled Unclassified Information (CUI) should take notice of two recent executive agency actions. Combined, they lay the groundwork for a new cybersecurity clause to be added to the...more
On April 27, 2015, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced a resolution agreement with Cornell Prescription Pharmacy (CPP) pursuant to which CPP paid a $125,000...more