JAMA: Cybersecurity Concerns and Medical Devices – Lessons from a Pacemaker Advisory

Interesting viewpoints from this Journal of the American Medical Association article on FDA’s August 2017 notice re: cyber security issues with certain pacemakers, including:

  • “This first widespread cybersecurity advisory involving a permanent medical device implant provides some insight into the ways in which the public experience with these types of medical device malfunctions might be improved.”
  • “Communications regarding widely used products for which multiple vendors exist in the marketplace should serve as opportunities to highlight current FDA and industry standards,…
  • More

GDPR Update: WP29 Guidelines adopted for Data Protection Impact Assessment

The new GDPR is much more detailed than the 1995 Directive. The GDPR has 99 articles, versus 34 in the Directive. And a few new key concepts clearly require new guidance.

Since the adoption of the Regulation on 27 April 2016, the Article 29 Working Party (with representatives of the Supervisory Authorities of all Member States) has issued 3 sets of guidance on “Data portability”,… More

Cybersecurity 2018 – The Year in Preview: HIPAA Compliance

Editors’ Note:  This is the first of a multi-part end-of-year series examining important trends in data privacy and cybersecurity during the coming year. Up next:  the emerging threat landscape.

Like many things in Washington, the HIPAA landscape in 2018 will be shaped by the shifting priorities of President Trump’s new administration.  Early signs point to less funding for the Office of Civil Rights (“OCR”) within the Department of Health and Human Services,… More

Schrems II Judgment Rendered

A 152 page judgment was rendered today by the Irish High Court in Schrems II:  DPC v Facebook.

Not surprisingly, the court decided to refer the case to the Court of Justice of the European Union to make a decision about the validity of the three decisions ‎issued by the Commission for the Standard Contractual Clauses.

Ms. Justice Caroline Costello referred these issues because she concurred with the Irish Data Protection Commissioner’s view there are “well founded”… More

EU Updates on Schrems II and the Privacy Shield

The current challenge to Facebook’s privacy practices in Ireland (“Schrems II”) may be coming to a head.  You will recall that in Schrems I, the challenge to Facebook’s privacy practices led to a decision issued by the European Court of Justice that invalidated the US-EU Safe Harbor.  Following the invalidation of the Safe Harbor, Facebook switched to the Commission’s Standard Contractual Clauses (SCC) and the Schrems complaint was reformulated to challenge the SCC.… More

Security in our Decentralized Election System: News from DHS

After repeated requests from various states, the Department of Homeland Security informed state governments which states had their election systems hacked or otherwise compromised during the 2016 general election.  According to reports, 21 states had their systems compromised in some fashion, although there is no evidence voting machines themselves were tampered with and in only some instances were computer systems actually penetrated.… More

The Massachusetts Attorney General’s Complaint Against Equifax

As most are aware, the Massachusetts Attorney General has won the race to the courthouse and been the first regulator to file suit against Equifax.

  • The 28 page complaint is summed up on paragraph 4:Consumers do not choose to give their private information to Equifax, and they do not have any reasonable manner of preventing Equifax from collecting, processing, using, or disclosing it. Equifax largely controls how,…
  • More

Watch: Privacy and Data Security for the Generalist In-House Counsel

Privacy and data security have rocketed to the top of the list of concerns for all corporate boards. Whether you are a technology company, a biotech, or a traditional widget maker, your company has confidential information about its products, customers and employees. And that information has to be protected as a matter of law, both by statute and under contracts with your customers and suppliers.

As in-house counsel,… More

Kaspersky Lab and Due Diligence – How Do You Minimize Risk?

Kaspersky Lab, a Russian-owned cybersecurity company that sells anti-virus software and other kinds of IT systems security products, has been banned from use by the federal government.  This latest development comes by way of the Department of Homeland Security (DHS), which issued a directive requiring agencies to (1) identify Kaspersky products they are using, (2) create plans to stop using those products, and,… More

Yes, You Were Likely a Victim of the Equifax Hack, But Here’s What You Can Do Now

As we previously said, the Equifax breach affects approximately 143 million Americans. While the hackers stole data that includes addresses, birth dates, full names and Social Security numbers, there are steps you can take today that will protect you from an identity theft worst-case scenario.

Assume the hackers stole your data

While no one wants to be in a situation where personal information was exposed,… More