Cybersecurity 2018 – The Year in Preview: Emerging Security Threats

Editors’ Note:  This is the second of a multi-part end-of-year series examining important trends in data privacy and cybersecurity during the coming year. Click here for our previous entry on HIPAA Compliance.  Up next:  trends in federal enforcement.

After one of Britain’s first victories in the Second World War, Winston Churchill declared that it was “perhaps, the end of the beginning” – a turning point in the war. … More

HHS Office for Civil Rights Issues Guidance on How HIPAA Allows Information Sharing to Address the Opioid Crisis

Following President Trump’s declaration of a nationwide public health emergency regarding the opioid crisis, the HHS Office for Civil Rights has released new guidance on when and how health care providers can share a patient’s health information with his or her family members, friends, and legal personal representatives when that patient may be in crisis and incapacitated, such as during an opioid overdose.

This guidance reveals nothing new,… More

Partner Colin Zick to Speak on Surveillance Panel at the Advanced Cyber Security Center Conference

Partner Colin Zick will join ACSC Executive Director Michael Figueroa on a panel called “Surveillance, Security, and Privacy” at the 2017 ACSC Annual Conference on November 2. The session will examine challenges and considerations for utilizing advanced surveillance capabilities from multiple perspectives. Click here for details. More

JAMA: Cybersecurity Concerns and Medical Devices – Lessons from a Pacemaker Advisory

Interesting viewpoints from this Journal of the American Medical Association article on FDA’s August 2017 notice re: cyber security issues with certain pacemakers, including:

  • “This first widespread cybersecurity advisory involving a permanent medical device implant provides some insight into the ways in which the public experience with these types of medical device malfunctions might be improved.”
  • “Communications regarding widely used products for which multiple vendors exist in the marketplace should serve as opportunities to highlight current FDA and industry standards,…
  • More

GDPR Update: WP29 Guidelines adopted for Data Protection Impact Assessment

The new GDPR is much more detailed than the 1995 Directive. The GDPR has 99 articles, versus 34 in the Directive. And a few new key concepts clearly require new guidance.

Since the adoption of the Regulation on 27 April 2016, the Article 29 Working Party (with representatives of the Supervisory Authorities of all Member States) has issued 3 sets of guidance on “Data portability”,… More

Cybersecurity 2018 – The Year in Preview: HIPAA Compliance

Editors’ Note:  This is the first of a multi-part end-of-year series examining important trends in data privacy and cybersecurity during the coming year. Up next:  the emerging threat landscape.

Like many things in Washington, the HIPAA landscape in 2018 will be shaped by the shifting priorities of President Trump’s new administration.  Early signs point to less funding for the Office of Civil Rights (“OCR”) within the Department of Health and Human Services,… More

Schrems II Judgment Rendered

A 152 page judgment was rendered today by the Irish High Court in Schrems II:  DPC v Facebook.

Not surprisingly, the court decided to refer the case to the Court of Justice of the European Union to make a decision about the validity of the three decisions ‎issued by the Commission for the Standard Contractual Clauses.

Ms. Justice Caroline Costello referred these issues because she concurred with the Irish Data Protection Commissioner’s view there are “well founded”… More

EU Updates on Schrems II and the Privacy Shield

The current challenge to Facebook’s privacy practices in Ireland (“Schrems II”) may be coming to a head.  You will recall that in Schrems I, the challenge to Facebook’s privacy practices led to a decision issued by the European Court of Justice that invalidated the US-EU Safe Harbor.  Following the invalidation of the Safe Harbor, Facebook switched to the Commission’s Standard Contractual Clauses (SCC) and the Schrems complaint was reformulated to challenge the SCC.… More

Security in our Decentralized Election System: News from DHS

After repeated requests from various states, the Department of Homeland Security informed state governments which states had their election systems hacked or otherwise compromised during the 2016 general election.  According to reports, 21 states had their systems compromised in some fashion, although there is no evidence voting machines themselves were tampered with and in only some instances were computer systems actually penetrated.… More

The Massachusetts Attorney General’s Complaint Against Equifax

As most are aware, the Massachusetts Attorney General has won the race to the courthouse and been the first regulator to file suit against Equifax.

  • The 28 page complaint is summed up on paragraph 4:Consumers do not choose to give their private information to Equifax, and they do not have any reasonable manner of preventing Equifax from collecting, processing, using, or disclosing it. Equifax largely controls how,…
  • More