DEVELOPMENTS & COMMENTARY

IoT Vendors Beware: FTC’s Latest Enforcement Action Signals Further Scrutiny of the Industry

FTC Complaint Alleges IoT Vendor’s Security Promises Don’t Match Its Practices The FTC’s first data security enforcement action in 2017 sends a clear signal to vendors serving the Internet of Things (“IoT”) marketplace: make sure your data security promises match your data security practices.  IoT is in the spotlight following last ...

USB flash drive icon with long shadow.The Price of PHI – A $2.2 Million USB Drive

A stolen unencrypted USB drive led to a $2.2 million settlement and a Resolution Agreement. The Department of Health and Human Services Office for Civil Rights (OCR) announced on January 18th a settlement with MAPFRE Life Insurance Company of Puerto Rico (“MAPFRE”) after an unencrypted USB data storage device containing ...

health careTime Waits for No One: OCR Announces First HIPAA Settlement for Lack of Timely Breach Notification

On Jan. 9, 2017, the Department of Health and Human Services Office for Civil Rights (“OCR”) announced the first HIPAA enforcement action for failure to timely report a breach. Often investigating and making formal determinations concerning a potential breach can be very time consuming, even when responding promptly and appropriately to ...

list on smartphone screen.2017 Health Information Privacy and Security New Year’s Resolutions

To start off the New Year, here are some potential health information privacy and security resolutions. You can use these Annual, Quarterly, and Monthly lists to map out your privacy and security tasks for the year, and then check them off as you complete them. We have included empty rows ...

Video card vector illustration.PCI-DSS Version 3.2 Code Enters into Force

Will it be possible to reconcile the seemingly parallel worlds of technology, regulation and customer needs? Potentially. PCI DSS v. 3.2 went into effect this fall, although many requirements are only “best practices” until February 2018.  Version 3.2 has been drafted to attempt to reconcile the challenges facing technology payments and ...

RESOURCES & UPDATES

slide50Webinar Recording: FCC’s New Privacy Rules (Part 2)

Notice, Choice, and Prospects in the New Administration The FCC adopted new privacy and security rules for telecommunications carriers—including ISPs—on October 27. In this second of two webinars in DWT’s series examining the rules, DWT experts analyzed the core Notice and Choice rules’ requirements, provided perspectives on differences with the FTC’s ...

sensitiveHIPAA Starter Pack

HIPAA stands for the Health Insurance Portability and Accountability Act of 1996, but there’s a more to it than that. Immerse yourself in an introduction to one of the most talked about and relevant laws today. Every American under the Affordable Care Act should be aware of HIPAA. Individuals or companies ...

Webinar Recording: FCC’s New Broadband Security Rules (Part 1)

Do you know what’s required to comply with the Federal Communications Commission’s new broadband security and data breach rules? DWT experts in the privacy and communications fields walked through the answers step-by-step in the first of two webinars examining the FCC’s privacy regime in-depth. We described the phase-in schedule for the rules examined ...

5 stepsHow Secure is Your Company?

Given all of the unknown variables that occur in a business, it’s important to see the potential threats right in front of you. Now’s the time to take inventory of risks that may face your business. A risk assessment is a standardized method of evaluating the potential risks that face your ...

data breachAre You Prepared For When Things Go Wrong?

If your company’s data suddenly becomes lost or stolen, or is accessed without authorization, can you handle what comes next? Every day, entities of all shapes and sizes experience some form of a security breach. Some are the result of system hacking, theft, or malware, but some are simply the ...
LexBlog