Collaborate Disseminate
HIPAA Journal reminds us all that states can require notification to the state of breaches that are also covered by HIPAA and can take enforcement action if they are not reported: Recently, there have been several instances where the California DOJ has… Continue reading California DOJ Must Be Notified About Breaches of the Health Data of 500 or More California Residents
Theresa Defino writes: Issue a final rule revising the privacy regulation and write guidance on the information blocking rule. Formalize the fledgling audit program required by Congress more than 10 years ago. Engage with providers and other HIPAA-regu… Continue reading Still Missing a New Leader, Former OCR Directors, Experts Offer Advice, Task List
By Jean Schaffer, Federal CTO, Corelight As the first National Cyber Director begins to settle into office, private industry is very hopeful that this will be one of the turning points to solidify a true private/public partnership for raising the cyber… Continue reading What’s next for the National Cyber Director?
While New South Wales’ new COVID outbreak is causing problems, it has other problems as well. On July 9, GRC World Forums reported: The New South Wales (NSW) department of education in Australia has deactivated some internal systems after becomin… Continue reading AU: Cyber-attackers partially knockout Australian education department, while unrelated leak impacts Blackboard Collab users
Kim Peretti, Lance Taubin, and Emily Poole of Alston & Bird write: On June 10, 2021, almost exactly three years after the passing of its Cybersecurity Law (CSL), the National People’s Congress of China passed a new Data Security Law (DSL) (click he… Continue reading People’s Republic of China Passes the Data Security Law: A Summary of What We Know
Aultman Health Foundation Notifying Patients of Insider-Wrongdoing The Ohio foundation is notifying approximately 7,000 patients that a former employee accessed their records without business need. HOYA Optical Labs of America Notifying Patients of Ra… Continue reading Bits ‘n Pieces
Catalin Cimpanu reports: Australian lawmakers have filed on Monday a new bill that would mandate that local companies inform the Australian Cyber Security Centre (ACSC) of their intention to pay a ransomware gang. The Ransomware Payments Bill 2021 was … Continue reading New Australian bill would force companies to disclose ransomware payments
Eric Goldman writes: Last week, the Supreme Court decided Van Buren v. US. Many hoped the decision would clarify how owners can delimit third-party usage of their computer resources for purposes of the Computer Fraud & Abuse Act (CFAA). Disappointi… Continue reading Do We Even Need the Computer Fraud & Abuse Act (CFAA)?–Van Buren v. US
Karen Allen writes: A new law brings South Africa up to international standards for fighting cybercrime. […] Together with the Protection of Personal Information (POPI) Act 2020, which will be in full effect after 30 June 2021, the new cyber law… Continue reading South Africa lays down the law on cybercrime
Aaron Mackey and Kurt Opsahl of EFF write: The Supreme Court’s Van Buren decision today overturned a dangerous precedent and clarified the notoriously ambiguous meaning of “exceeding authorized access” in the Computer Fraud and Abuse Act, the federal c… Continue reading Van Buren is a Victory Against Overbroad Interpretations of the CFAA, and Protects Security Researchers