Archives: Data Protection

Subscribe to Data Protection RSS Feed

ICYMI in Cybersecurity and Data Breach

Google Faces New Privacy Suits For Non-User Email Scanning

Law360 reported this week, “A California law firm said Thursday it has filed the first of what it hopes will be thousands of individual state court damages claims over Google’s allegedly illegal email scanning for advertising purposes, which has already resulted in a $2.2 million federal cou… Continue Reading

ICYMI in Cybersecurity and Data Breach

DOJ Will Form Cybersecurity Task Force
Law 360 reports, “In the wake of numerous high profile hacks, the U.S. Department of Justice announced Tuesday that it will form a Cyber-Digital Task Force aimed at combating a global cyber threat.” The task force will be chaired by a senior DOJ official and include members from across various agencies.

U.S. CustoContinue Reading

HIPAA Small Breach Notifications Due March 1

March 1, 2018 is the date by which HIPAA covered entities must notify the U.S. Department of Health and Human Services Office for Civil Rights (OCR) of “small” breaches of unsecured protected health information that were discovered in calendar-year 2017. A small breach involves fewer than 500 individuals.

HIPAA Notification Requirements. HIPAA re… Continue Reading

ICYMI in Cybersecurity and Data Breach

South Dakota Senate Panel Approves Data Breach Legislation

US News reports: “A legislative panel has approved a bill that would require companies to inform South Dakota residents whose personal information was taken in a data breach,” and that “the state needs a fair reporting law that requires consumers to be notified about the loss of their infor… Continue Reading

ICYMI in Cybersecurity and Data Breach

NC Data Breach Legislation Accounts for Ransomware Attacks

“Following an increase in reported state data breaches in 2017, North Carolina’s attorney general and a state representative introduced data breach legislation to better protect individuals,” HealthIT Security reports.


World Economic Forum: Cyber-Attacks Third Most Likely Continue Reading

Don’t Miss Out: The Health Care Cloud Coalition Monthly Meeting With Guest Speaker Linda Sanches From the Office for Civil Rights

The Health Care Cloud Coalition is kicking off it’s 2018 Monthly Meeting Series next Thursday, January 18th at 1:00 p.m. Eastern with a presentation from Linda Sanches, the Senior Advisor for Health IT and Privacy Policy from the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”).

Ms. Sanches will provide an update on OCR ac… Continue Reading

2018 Predictions in Privacy & Security

GDPR – all year, all the time

Next year will be full of growing pains as both the public and private sector interpret, implement, and refine their efforts to comply with the GDPR. Large, multinational companies with a presence in the EU (and who are at the greatest risk of EU enforcement actions) will put pressure on their vendors across the globe to adopt pra… Continue Reading

PrivSec Blog Year in Review: Top 10 PrivSec Blog Posts in 2017

As we close out 2017, check out our most read privacy & security blogs of the year!


1. 42 C.F.R. Part 2 Final Rule Is Officially Delayed … Can Comments to HHS and OMB Fix It?

On January 18, 2017, the U.S. Department of Health and Human Services (HHS) published a final rule amending the Confidentiality of Substance Use Disorder Patient Records rule a… Continue Reading

ICYMI: PrivSec’s Weekly News Picks

Interactive Advertising Bureau Releases Technical Standard to Facilitate Disclosure and Consent in Digital Advertising

IAB Europe reported that it “presented a new technical standard to support the digital advertising ecosystem in meeting requirements relating to user consent under the General Data Protection Regulation (GDPR).”


WorContinue Reading

ACA’s Nondiscrimination Taglines and Notices Require Updating Your Notice of Privacy Practices

There has been confusion as to whether the Affordable Care Act’s nondiscrimination provision (“ACA”) affects a covered entity’s notice of privacy practices (“NPP”) or data breach notifications. OCR has issued guidance indicating that ACA does indeed impact NPPs. Moreover, breach notifications also likely are affected. Accordingly, i… Continue Reading

Employer-Sponsored Health Plan HIPAA Compliance Checklist

The administrative simplification provision of the Health Insurance Portability and Accountability Act and its implementing regulations (HIPAA) impose obligations on employer-sponsored group health plans. Given recent high-profile HIPAA enforcement actions, employers should understand their compliance obligations. This checklist is inten… Continue Reading

Time to Update Your Privacy Statement for GDPR

Although the EU General Data Protection Regulation comes into force in May 2018, European regulators are still producing guidance and member states are still adopting legislation to accommodate national differences. Put simply, it is unclear how to prepare for the GDPR in relation to some issues. For other issues, however, companies can confidently ac… Continue Reading

Draft Cybersecurity Legislation Would Impose Substantial New Obligations on Vendors Selling Interconnected Devices to the U.S. Government

On Tuesday, August 1, 2017, a bipartisan group of four Senators from the Senate Cybersecurity Caucus introduced legislation designed to improve the cybersecurity of devices purchased by the U.S. government and – albeit indirectly – sold anywhere in the U.S. or the world.

The legislation – the “Internet of Things (IoT) Cybersecurity Improvemen… Continue Reading

How to Use the GDPR as Your Competitive Advantage: Focus on the Carrot, Not the Stick

How to use the GDPR as Your Competitive Advantage: Focus on the Carrot, Not the Stick

Ample bandwidth has been eaten by panicky commentary over the fines possible under the EU’s upcoming General Data Protection Regulation (GDPR). Sure, the GDPR arms EU data protection authorities with a hefty compliance stick. Yet the focus on exorbitant fines seems a bi… Continue Reading

The Chinese Government Issues Draft Cybersecurity Regulations to Protect Critical Information Infrastructure

On June 10, 2017, the Cyberspace Administration of China (the “CAC”) released the Draft Regulations on the Security Protection of Critical Information Infrastructure (the “Draft Regulations” 《关键信息基础设施安全保护条例(征求意见稿)》). The CAC is seeking public comments with a deadline of August 10, 201… Continue Reading

Washington’s New Biometric Privacy Law: What Businesses Need to Know

With the rise in hackings and data breaches, companies and government agencies are looking for ways to protect their data that offer more security than passwords. Because passwords are easily lost, stolen, guessed, and cracked by hackers, companies are shifting to the use of biological characteristics that uniquely identify you, called biometric iden… Continue Reading

(Connected) Toy Story: The FTC Updates the COPPA Compliance Plan

The Federal Trade Commission (“FTC”) recently issued an updated “Six-Step Compliance Plan for Businesses” (“Compliance Plan”) for entities subject to the Federal Children’s Online Privacy Protection Act (“COPPA”), 15 U.S.C. §§ 6501-6506, to “reflect developments in the marketplace—for example, the introduction of int… Continue Reading

Data-Driven Marketing and the GDPR: the Data Brokers’ Conundrum

The digital marketing industry is powered by information about individuals (“personal data”) that pulses through a supply web. As this FTC infographic shows, some industries such as retail, energy, financial services, and health care, have direct relationships with those individuals. Other industries, such as data marketing, generally are at l… Continue Reading

Tick Tock Tick Tock, When a Breach Occurs, You’re on the Clock!

As a reminder that state attorneys general have enforcement authority over breach notifications, the New York Attorney General recently announced a $130,000 settlement for a failing to provide breach notification in a reasonable time. Organizations should ensure that they are prepared to quickly provide required notifications in the event of a breac… Continue Reading

Webinar Recording: New Guidance on HIPAA: Nine Changes to Make

New Guidance on HIPAA: Nine Changes to Make

While there have not been significant regulatory changes to HIPAA since 2013, that doesn’t mean that compliance can be static. The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has issued guidance in several areas, ranging from an individual’s right of access to ransomware to vi… Continue Reading

GDPR matchup: The Health Insurance Portability and Accountability Act

This article first published in the IAPP’s Privacy Tracker blog.

In this Privacy Tracker series, we look at laws from across the globe and match them up against the EU General Data Protection Regulation. The aim is to help you determine how much duplication of operational effort you might avoid as you move toward GDPR compliance and help you focus your effo… Continue Reading