Blog
Data Privacy & Cybersecurity Blog Posts From March 2020
-
Blog: Legislative Alert: Virginia Expands Insurance Data Security Requirements
Date: March 31, 2020
Title: Legislative Alert: Virginia Expands Insurance Data Security Requirements
Summary: On February 25, 2020, the Virginia State Legislature passed House Bill 1334, the Insurance Data Security Act, which establishes data security requirements applicable to persons licensed by the insurance laws of the Commonwealth. Following on other state laws that have created data security regimes applicable to the insurance industry, the Virginia law requires licensees to maintain the security of information systems and nonpublic information. ...
-
Blog: OCR Announces HIPAA Telehealth Security Waiver in Response to COVID-19 Pandemic
Date: March 20, 2020
Title: OCR Announces HIPAA Telehealth Security Waiver in Response to COVID-19 Pandemic
Summary: The Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS), which is the body responsible for enforcing certain regulations pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), is exercising its enforcement discretion to meet the needs of health care providers and patients during the COVID-19 (Coronavirus) public health emergency. ...
-
Blog: Legislative Alert: Vermont Expands Definition of Personal Information and Enacts Protections for Student Privacy and Automatic Subscription Renewals
Date: March 19, 2020
Title: Legislative Alert: Vermont Expands Definition of Personal Information and Enacts Protections for Student Privacy and Automatic Subscription Renewals
Summary: On March 5, 2020, Vermont Governor Phil Scott signed into law Senate Bill 110, which amends sections of Chapter 62 of the Vermont Statutes Annotated - “Protection of Personal Information” - including Sections 2430, 2435, and 2454. The bill also adds Section 2443 to the chapter, which governs the privacy of student information belonging to preschool, kindergarten, elementary, and secondary school students....
-
Blog: Washington State Data Breach Notification Statute Updates Go Into Effect, Imposing New Requirements on Businesses
Date: March 17, 2020
Title: Washington State Data Breach Notification Statute Updates Go Into Effect, Imposing New Requirements on Businesses
Summary: Effective March 1, 2020, amendments to the Washington State data breach notification statute made the law significantly more onerous for companies dealing with data security incidents. The amendments, which we first covered in May 2019, expanded the definition of personal information, shortened the deadlines for notification, and imposed additional requirements for notice contents....
-
Blog: ALERT: COVID-19 / Coronavirus-Related Ransomware and Phishing Attacks
Date: March 13, 2020
Title: ALERT: COVID-19 / Coronavirus-Related Ransomware and Phishing Attacks
Summary: With the advent of the Coronavirus, criminals have begun to take advantage of what consumers expect to receive via email to conduct phishing attacks. Criminals are also expected to take advantage of millions of vulnerable remote connections from employee home networks to their corporate networks....
-
Blog: Ransomware and the Paramount Importance of Evidence Preservation for Healthcare Entities
Date: March 10, 2020
Title: Ransomware and the Paramount Importance of Evidence Preservation for Healthcare Entities
Summary: Organizations regulated by the Healthcare Information Privacy and Accountability Act (HIPAA) must take special care to preserve valuable forensic artifacts at the outset of a ransomware or other cybersecurity event. The HIPAA Breach Notification Rule presumes a cybersecurity incident has resulted in unauthorized access to unsecured protected health information and the burden shifts to the organization to show a low probability of the compromise of the health information it maintains....