EU to Require Tech Firms to Provide Overseas Emails, Texts and Stored Data

New “e-Evidence Regulation” Gives Police Direct Access to Data Across EU Borders and Abroad
The European Union will require tech companies to provide data to European investigators stored in another EU country or even outside the EU under a new e-Evidence Regulation proposed by the European Commission on April

Federal Regulatory Agencies Advise on Cyber Insurance for Information Security Programs

Federal regulatory agencies, acting through the Federal Financial Institutions Examination Council (FFIEC), have issued guidance for financial institutions about the role of cyber insurance in risk management of information technology systems. See, e.g., FDIC FIL-16-2018 (April 10, 2018); OCC Bulletin 2018-8 (April 11, 2018).  The agencies—principally responsible for

Is OCR Moving the Goal Posts on Vendor Management?

Recent statements at the 27th National HIPAA Summit suggest that the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) may be changing its position and expecting a greater level of vendor due diligence under HIPAA. Although surprising to many, the HIPAA regulations do not specifically

ICYMI in Cybersecurity and Data Breach

Commerce Fighting Data Localization Efforts, Official Says
“The U.S. Department of Commerce has increasingly been working to find common ground on privacy issues with foreign governments in order to clamp down on calls for mandates that companies only store their data locally, an agency official said Tuesday,” according to

Briefing: D.C. Circuit Rules on FCC 2015 TCPA Omnibus Order: What Does It Mean?

Webcast: April 3, 2018
1:00 PM Eastern


The D.C. Circuit recently issued its long-awaited decision in ACA Int’l v. FCC , where it upheld certain FCC rulings from its 2015 Omnibus Ruling and Order and vacated others. The decision keeps intact the FCC’s ruling on the ability to revoke


ICYMI in Cybersecurity and Data Breach

Democrats Propose Tough Opt-In Privacy Law

Ed Markey and Richard Blumenthal proposed on Wednesday a “privacy bill of rights” that would prevent social media sites and other websites from sharing or selling sensitive information without a customer’s opt-in consent.

DOD Outlines New 2-Step Test For Cyber Vulnerabilities

As reported in

The Compliance, Governance and Oversight Council (CGOC)

The Compliance, Governance and Oversight Council (CGOC) annual New York City event brings together corporate leaders from legal, records and information management (RIM), privacy and security sectors. Join us for this one-day executive meeting on Data Privacy and Governance on May 1. This is your opportunity to gain insight, interaction,

ICYMI in Cybersecurity and Data Breach

FTC Names Former Official As New Acting GC
As reported in Law360 earlier this week, “The Federal Trade Commission on Monday named Alden F. Abbott as its new acting general counsel, a former official for the agency who most recently served as a deputy director at the conservative think

HCCA’s 22nd Annual Compliance Institute

Join Adam Greene and HCCA in Las Vegas, NV for the single most comprehensive healthcare compliance conference from April 15-18. The program is designed for compliance professionals from a variety of healthcare backgrounds, including compliance officers, billing and coding professionals, auditors, nurses, risk managers, ethics officers, privacy officers, health information

Webinar │DWT & RADAR: Navigating States and HIPAA Breach Notification Compliance, April 26

Join Adam Greene & RADAR on Thursday, April 26 for the FREE upcoming webinar: Navigating States and HIPAA Breach Notification Compliance and discover best practices for successfully navigating the growing regulatory complexities of compliance with breach laws and incident response management lifecycle. Learn ways to build an operational and compliant