Tag Archives: breach

HHS Office for Civil Rights Issues Bulletin on Requirements under HIPAA for Online Tracking Technologies to Protect the Privacy and Security of Health Information

On December 1, 2022, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services issued a bulletin to highlight the obligations of Health Insurance Portability and Accountability Act of 1996 (HIPAA) on covered entities and business associates under the HIPAA Privacy, Security, and Breach Notification Rules (“HIPAA Rules”) when using online tracking technologies.  These online tracking technologies, like Google Analytics or Meta Pixel,… More

U.S. Department of Homeland Security Announces New Cybersecurity Requirements for Critical Pipeline Owners and Operators

On May 27, 2021, the Department of Homeland Security’s Transportation Security Administration (TSA) announced a Security Directive that will enable DHS to better identify, protect against, and respond to threats to critical companies in the pipeline sector.  (And for those in other business sectors, this is a potential preview of cybersecurity regulation to come.)

“The cybersecurity landscape is constantly evolving and we must adapt to address new and emerging threats,” said Secretary of Homeland Security Alejandro N.… More

China’s Internet Regulator Drafts COPPA-Like Rules for Children’s Data Privacy

In early June, the Cyberspace Administration of China released for public comment new draft regulations applicable to the collection of personal information relating to children under 14 by online service providers.

The draft regulations share many of the same structures as those utilized by the Children’s Online Privacy Protection Act (“COPPA”) in the United States:

  • online service operators will have to obtain parental consent based on a comprehensive disclosure about the collection,…
  • More

Is Your Company’s Board of Directors Cyber Savvy?

Every company should expect that at some point it will experience a data breach. Whether as a result of hackers, disgruntled employees, or careless acts such as losing an unencrypted phone or laptop, data breaches may subject companies to liability and must be handled with speed and great care. What are the responsibilities of directors in preventing and addressing data breaches?

Without a doubt, directors must be generally aware of the data security risks facing the company and ensure that the company is prepared to manage those risks appropriately and has an incident response plan for a data breach.… More

“You Are Known By The Company You Keep” — Including Vendors Without Business Associate Agreements

The concept that one is known by the company one keeps dates back to ancient times (the particular phrase is attributed to both Aesop and the Book of Proverbs).  But this simple aphorism continues to be true.  A recent example is the $500,000 that Advanced Care Hospitalists (ACH) had to pay to the Office for Civil Rights of the U.S. Department of Health and Human Services (OCR) to settle potential violations of the HIPAA Privacy and Security Rules.… More

Free Consumer Credit Freezes Coming in September

As noted in the FTC alert below from Lisa Weintraub Schifferle, an attorney with the FTC’s Division of Consumer & Business Education, thanks to a new federal law, soon you can get free credit freezes and year-long fraud alerts. Here’s what to look forward to when the law takes effect on September 21st:

Free credit freezes

  • What is it? A credit freeze restricts access to your credit file,…
  • More

DNC Sues Russia, the Trump campaign, Wikileaks

It’s probably not going to change anything, but the Democratic National Committee has sued Russia (and members of the Russian establishment), members of the Trump campaign, and Wikileaks regard the 2016 election security breaches.  The DNC’s complaint includes almost every claim imaginable in response to a hacking incident.  If nothing else, it’s a good model for lawyers to crib from. More