Collaborate Disseminate
Joe Uchill reports: At a joint hearing of the House Oversight and Homeland Security Committee about the SolarWinds-related espionage campaign, Rep. Michael McCaul, R-Texas, said that he and Rep. Jim Langevin, D-R.I., are working on legislation to requi… Continue reading At House SolarWinds hearing, bipartisan lawmakers announce breach disclosure bill
Anna D. Kraus, Libbie Canter, Tara Carrier, and Olivia Vega of Covington & Burling write: On January 5, 2021, an amendment to the Health Information Technology for Economic and Clinical Health (“HITECH”) Act was signed into law. The amendment requ… Continue reading HITECH Amendment Provides Some Protection For Covered Entities and Business Associates that Adopt Recognized Security Standards
HIPAA Journal has a nice recap of of HIPAA enforcement actions by states attorney general. You can read it here. Continue reading HIPAA Enforcement by State Attorneys General
John Eastwood, Nathan Snyder, Wendy Chu, David Rosenthal and Lloyd G. Roberts III of Eiger write: 1. GOVERNING TEXTS In Taiwan, there are two main branches of legislation pertaining to information security: legislation on cybersecurity and legislation … Continue reading An Overview of Cybersecurity Law in Taiwan
Hunton Andrews Kurth writes: On January 18, 2021, the European Data Protection Board (“EDPB”) released draft Guidelines 01/2021 on Examples regarding Data Breach Notification (the “Guidelines”). The Guidelines complement the initial Guidelines on perso… Continue reading EDPB Publishes Guidelines on Examples regarding Data Breach Notification
A Proposed Rule by the Comptroller of the Currency, the Federal Reserve System, and the Federal Deposit Insurance Corporation on 01/12/2021 This document has a comment period that ends in 90 days. (04/12/2021). You can submit a formal comment on it. S… Continue reading Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers
Joseph J. Lazzarotti and Maya Atrakchi of JacksonLewis write: In the final days of 2020, the Office for Civil Rights (OCR) at the U.S. Health and Human Service (HHS) released a HIPAA Audits Industry Report (“the Report”), that could be quite helpful to… Continue reading OCR Releases Report Summarizing HIPAA Privacy and Security Compliance Failures
Ry Crozier reports: The Australian Digital Health Agency, overseer of the My Health Record, has expressed concern at the number and type of “potential” data breaches it is being forced to disclose. In a submission to the Privacy Act review … Continue reading Australian Digital Health Agency sees ‘inconsequential’ My Health Record data breach notices eroding trust
Ffion Flockhart (UK) and Steven Hadwin (UK) write: The end of the Brexit implementation period on 31 December 2020 has brought with it significant changes to the data protection landscape for UK-based businesses. Amid headlines about data transfer issu… Continue reading Post-Brexit Personal Data Breach Reporting – An End to the ICO’s Role as One-Stop-Shop Lead Supervisory Authority
Hunton Andrews Kurth writes: On December 15, 2020, the Federal Trade Commission announced a proposed settlement with Ascension Data & Analytics, LLC, a Texas-based mortgage industry data analytics company (“Ascension”), to resolve allegations that … Continue reading FTC Announces Enforcement for Inadequate Third Party Risk Management Practices Under the GLBA’s Safeguards Rule