A Privacy Shield Replaces a Safe Harbor for the Swiss, Too

US companies with employees or clients in Switzerland will be interested to hear that the new Swiss-US Privacy Shield was approved on 11 January.

Although Switzerland is not a member of the European Union, its data protection law (Federal law of ‎19 June 1992) is very similar to the European 1995 Data Protection Directive. According to the Federal law, the transfer of personal data outside of the country is not allowed if that would pose a serious threat,… More

Foot-Dragging on HIPAA Breach Notice Costs Illinois Health System

Written by James Swann | This article was originally published in Bloomberg BNA Health Care Daily Report

An Illinois health system has reached a $475,000 settlement over allegations it waited too long to report a data breach, the first time the government has settled over untimely breach notifications.

Presence Health uncovered a data breach on Oct. 22, 2013 affecting 836 individuals,… More

How Should We Think About Cyber War, Where Rules Remain to be Written?

The recent hack of the Democratic National Committee (DNC) and the United States’ subsequent decision to impose retaliatory sanctions against Russia poses an important question:  what does international law have to say about state-sponsored cyberattacks?  Unfortunately, and perhaps unsurprisingly, the answer is, very little.  While technological innovation races ahead at warp speed, international law has lagged behind.

There are no international treaties on cyber warfare.… More

New York’s “First in the Nation” Financial-Sector Cybersecurity Regulations Put on Hold

In late December, New York’s Financial Services Superintendent Maria T. Vullo announced that the New York’s Department of Financial Services’ (“DFS”) new cybersecurity regulations would not go into effect on January 1, 2017 as initially planned.  These “first-in-the-nation” cybersecurity regulations were designed to help protect consumers and the financial system from the increasingly serious threat of cyberattacks.  However, the regulations faced opposition from the financial services companies and insurers that would have been subject to them.… More

Cybersecurity 2017 – The Year in Preview: Changes Afoot in Federal Enforcement?

Editor’s note:  This is the sixth and last in our end-of-year series.  See our previous posts on trade secretsstate regulation and law enforcement, HIPAA compliance, emerging threats, and energy.  See you in 2017!

Fragmentation in U.S. data privacy and cybersecurity law is both peril and promise.  The peril?  Businesses must contend with uncertainty and the costs associated with pleasing many regulatory masters. … More

Cybersecurity 2017 – The Year in Preview: Energy and Security

Editor’s note:  This is the fifth in a continuing end-of-year series.  See our previous posts on trade secretsstate regulation and law enforcement, HIPAA compliance, and emerging threats.  Our last post will focus on federal regulation and law enforcement.

In 2015, a sophisticated cyberattack hit six of Ukraine’s energy providers simultaneously, causing a blackout for hundreds of thousands of Ukrainians.  … More

“My Identical Twin Sequenced our Genome”

We all assume that our genetic information is personal and private.  This may not be totally correct, but that assumption goes completely out the window when you are an identical twin.  This question is explored in an interesting article in the Journal of Genetic Counseling.  The twins were interviewed in the MIT Technology Review. More

Additional Clarification regarding HHS OCR Phishing Email Alert

More information from HHS OCR about the phishing threat:

  • On November 28, 2016, the HHS Office for Civil Rights issued a listserv announcement warning covered entities and their business associates about a phishing email that disguises itself as an official communication from the Department. The email prompts recipients to click a link regarding possible inclusion in the HIPAA Privacy, Security, and Breach Rules Audit Program,…
  • More

Cybersecurity 2017 – The Year in Preview: Emerging Security Threats

Editor’s note:  This is the fourth in a continuing end-of-year series.  See our previous posts on trade secretsstate regulation and law enforcement, and HIPAA compliance.  Our last two posts will focus on the energy industry, and federal regulation and law enforcement.

In 2016, new and alarming cybersecurity threats emerged, raising concerns in government, the business world,… More