Data Privacy & Cybersecurity PracticeOn November 3, 2020, California voters approved Proposition 24, otherwise known as the California Privacy Rights Act (CPRA), a ballot measure that will expand the privacy protections for California residents under the existing California Consumer Privacy Act (CCPA). Effective January 1, 2023, the CPRA significantly amends the CCPA by expanding consumer rights, heightening privacy protections, and establishing an enforcement agency dedicated to protecting consumers through vigorous enforcement of the law.
Read more »Data Privacy & Cybersecurity
-
California Voters Make CCPA 2.0 a Reality – California Privacy Rights Act Ballot Measure Passes Posted on: November 10, 2020 In: Data Privacy & Cybersecurity
-
FBI Healthcare Alert - Imminent Threat Of Widespread Ryuk Attack Posted on: October 29, 2020 In: Data Privacy & Cybersecurity, COVID-19 ResponseThe FBI and DHS-CISA issued a warning on October 28, 2020 about an imminent threat to hospitals and healthcare providers. They represent that they have credible information to suggest there will be a widespread Ryuk ransomware attack this weekend (October 30 - November 1), and the FBI, DHS and the NSA's Cybersecurity Threat Operations Center are currently investigating the matter. It is recommended that hospitals and healthcare providers implement the following measures as soon as possible.
Read more »
-
California Seeks to Heal HIPAA & CCPA Divisions with AB 713 Posted on: October 19, 2020 In: Data Privacy & CybersecurityOn September 5, 2020 the California legislature passed AB 713, amending the California Consumer Privacy Act (CCPA). The bill alleviates some of the burdens imposed on medical research and healthcare operations by the CCPA, and imposes new requirements and restrictions on businesses that sell or disclose de-identified health data. The bill also contains an emergency clause enabling it to take effect immediately upon the governor's approval.
Read more »
-
The Next Major Public Health Crisis Posted on: October 15, 2020 In: Data Privacy & Cybersecurity, COVID-19 ResponseIn 2014, a business associate of a healthcare entity was notified by law enforcement that it had suffered a cyberattack to the company's information system. The hackers were able to access and exfiltrate the health information of more than 6 million people from numerous entities served by the business associate. In addition to a fine issued by OCR, a related covered entity was sued and a multimillion-dollar settlement was reached. OCR placed the covered entity under a very detailed corrective action plan.
Read more »
-
Legislative Alert: California Passes Genetic Information Privacy Act Posted on: September 24, 2020 In: Data Privacy & CybersecurityOn August 31, 2020, the California Senate passed SB 980, establishing the Genetic Information Privacy Act, which would require direct-to-consumer genetic testing companies to comply with certain privacy and data security provisions. Whether the Act is ultimately signed into law and made a part of the California privacy landscape remains to be seen. Yet it is the latest effort by The Golden State to impose additional data privacy restrictions and extend rights to consumers concerning personal information.
Read more »
-
California Legislature Extends CCPA Exemptions for Employees’ Personal Information & “Business-to-Business” Exchanges to 2022 Posted on: September 24, 2020 In: Data Privacy & CybersecurityBut for limited exemptions added to the California Consumer Privacy Act (CCPA) last year, personal information exchanged in the employment context, and personal information collected through “business-to-business” exchanges, would be subject to all requirements of the CCPA. Those exemptions were set to expire next year. However, the California legislature has recently voted, through Assembly Bill 1281, to extend the exemptions until January 1, 2022.
Read more »
-
CMS Guidance For Compliance With Interoperability and Patient Access Final Rule Posted on: August 27, 2020 In: Data Privacy & CybersecurityIn a guidance document published on August 14, 2020, the Centers for Medicare & Medicaid Services (CMS) provided enforcement deadlines and implementation guidance regarding the long awaited CMS Interoperability and Patient Access final rule. The final rule was published on May 1 of this year and includes several new requirements applicable to Medicaid and the Children’s Health Insurance Program (CHIP).
Read more »
-
Healthcare Providers Beware: HIPAA Applies When Complying With Subpoenas Posted on: August 18, 2020 In: Data Privacy & Cybersecurity, COVID-19 ResponseMuch scrutiny has been given to the treatment for COVID-19 and the use of funds in fighting it. In time, the local, state, and federal governments will be investigating or prosecuting organizations accepting COVID-19 funds or treating those with the coronavirus. Covered entities, such as healthcare providers and health plans, might be served with subpoenas and discovery requests. It is important to know how to manage the release or disclosure of patient information subject to these requests.
Read more »
-
ECJ Invalidates the EU-US Privacy Shield as Adequate Transfer Mechanism Posted on: July 16, 2020 In: Data Privacy & CybersecurityIn a ruling issued on July 16, 2020, the European Court of Justice (ECJ) invalidated the EU-U.S. Privacy Shield – a primary mechanism available to companies exporting personal data from the European Economic Area (EEA) to the United States.
Read more »
-
A Time for Reflection: Advisen’s 2020 Cyber Law Firm of the Year Award Posted on: July 15, 2020 In: Data Privacy & CybersecurityLewis Brisbois' Data Privacy & Cybersecurity Team recently received Advisen’s 2020 “Cyber Law Firm of the Year” award for the second year in a row. We are proud of this accomplishment and grateful for Advisen’s recognition, as well as the dedication of our attorneys and industry partners. Receiving this honor provides us with more than simply a reason to celebrate. It also gives us a chance to reflect upon the work that we performed last year and to determine how best to serve our clients in the future.
Read more »
-
Accounting Firms: Confirming Security of Client Information After Reports of Tax Fraud Posted on: July 14, 2020 In: Data Privacy & CybersecurityThe July 15, 2020 extended tax-filing deadline is upon us. Accounting and tax preparation firms are squarely in the crosshairs of opportunistic cyber criminals looking to obtain and exploit sensitive information for the purposes of committing tax fraud. Unfortunately, thousands of Americans will see fraudulent tax returns filed in their names this year, and the accounting firm that files the client’s taxes is often the most obvious target for blame, but the source of the tax exploit may not be as obvious.
Read more »
-
Business Email Compromise Attacks on the Rise in 2020 Posted on: June 18, 2020 In: Data Privacy & Cybersecurity, COVID-19 ResponseA business email compromise (BEC) is a cyber crime that utilizes access to an organization’s email to defraud that organization and its employees, customers, or partners. In 2020, COVID-19 has provided attackers with a new source for BEC exploits. Attackers are taking advantage of the need for communications surrounding COVID-19 and increased remote work connections from employee home networks to their employers’ corporate networks.
Read more »
Blog Search
Featured Posts
- September 24, 2020 Legislative Alert: California Passes Genetic Information Privacy Act
- July 15, 2020 A Time for Reflection: Advisen’s 2020 Cyber Law Firm of the Year Award
- July 14, 2020 Accounting Firms: Confirming Security of Client Information After Reports of Tax Fraud
- June 18, 2020 Business Email Compromise Attacks on the Rise in 2020
- June 03, 2020 California AG Submits CCPA Regulations for Final Approval, Paving the Way Toward Enforcement
Blog Tags
alabama
arkansas
audit
biometric data
breach notification
california
ccpa
checklist
client notification
colorado
congress
consumer notification
coronavirus
covid-19
cpra
cryptocurrency
cybersecurity
cyber threat
data breach
data privacy
data privacy directive
data protection officer
data security
delaware
department of commerce
dhs
district of columbia
email
employment
equifax
ethereum
ethics
eu
eu-u.s. privacy shield
european union
fbi
fcra
federal trade commission
financial fraud kill chain
fincen
forensics
fraud
gdpr
hacking
healthcare
hhsocr
hipaa
holiday season
hospitals
human resources
identity theft
illinois
incidence response plan
incident response planning
information security
internet crime
irs
legislative alert
malware
managed service providers
manufacturing
maryland
medicaid
medicare
microsoft office 365
multi-factor identification
net neutrality
new jersey
new mexico
new york
ninth circuit
nist security controls
nydfs
ocabr
patching
personal data
personal information
phishing
protected health information
ransomware
rdp
regulations
remote desktop protocol
security posture assessment
service provider agreement
social engineering
social media
statute
supreme court
tax return
tax returns
tennessee
utah
video-teleconferencing
virginia
w2
washington
websites
workplace policy
zoom