Data Privacy & Cybersecurity PracticeThe United States Department of Treasury’s Office of Foreign Assets Control (OFAC) is broadly tasked with administering and enforcing economic trade sanctions based on United States foreign policy and national security goals. On October 1, 2020, OFAC issued an “Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments” to companies providing services to victims of ransomware attacks.
Read more »Data Privacy & Cybersecurity
-
Office of Foreign Assets Control Guidance on Ransomware Payments Posted on: January 21, 2021 In: Data Privacy & Cybersecurity
-
CCPA 2.0 and the Changing Privacy Landscape, Part III: Notice Obligations & Right to Opt Out Posted on: January 15, 2021 In: Data Privacy & CybersecurityThis third installment in our ongoing series about changes to the California Consumer Privacy Act (CCPA) focuses on the new consumer opt-out rights and business disclosure obligations created by the California Privacy Rights Act (CPRA), which was approved by voters last November. Part I of this series looked at the CPRA’s definition and treatment of “sensitive personal information.” Part II discussed covered “businesses” and exemptions.
Read more »
-
CCPA 2.0 and the Changing Privacy Landscape, Part II: CPRA’s Covered “Businesses” & Exemptions Posted on: December 29, 2020 In: Data Privacy & CybersecurityCalifornia voters’ approval of the California Privacy Rights Act (CPRA), a privacy ballot initiative that amends and expands the California Consumer Privacy Act (CCPA), is a significant development in the U.S. privacy world. In this second installment of our Digital Insights series on the major changes effected by the CPRA, we discuss what qualifies as a regulated "business" under the Act, and what data exemptions exist.
Read more »
-
CCPA 2.0 and the Changing Privacy Landscape: CPRA’s Definition and Treatment of “Sensitive Personal Information” Posted on: December 23, 2020 In: Data Privacy & CybersecurityOn November 3, 2020, Californians approved Proposition 24, a ballot measure creating the California Privacy Rights Act (CPRA), which amends and expands the provisions and requirements of the California Consumer Privacy Act (CCPA). In this Digital Insights series on the CPRA, we will highlight and detail some of the most substantive and important modifications the new law will impose on the CCPA, and what those changes mean to businesses subject to California’s ever-evolving privacy regime.
Read more »
-
California Voters Make CCPA 2.0 a Reality – California Privacy Rights Act Ballot Measure Passes Posted on: November 10, 2020 In: Data Privacy & CybersecurityOn November 3, 2020, California voters approved Proposition 24, otherwise known as the California Privacy Rights Act (CPRA), a ballot measure that will expand the privacy protections for California residents under the existing California Consumer Privacy Act (CCPA). Effective January 1, 2023, the CPRA significantly amends the CCPA by expanding consumer rights, heightening privacy protections, and establishing an enforcement agency dedicated to protecting consumers through vigorous enforcement of the law.
Read more »
-
FBI Healthcare Alert - Imminent Threat Of Widespread Ryuk Attack Posted on: October 29, 2020 In: Data Privacy & Cybersecurity, COVID-19 ResponseThe FBI and DHS-CISA issued a warning on October 28, 2020 about an imminent threat to hospitals and healthcare providers. They represent that they have credible information to suggest there will be a widespread Ryuk ransomware attack this weekend (October 30 - November 1), and the FBI, DHS and the NSA's Cybersecurity Threat Operations Center are currently investigating the matter. It is recommended that hospitals and healthcare providers implement the following measures as soon as possible.
Read more »
-
California Seeks to Heal HIPAA & CCPA Divisions with AB 713 Posted on: October 19, 2020 In: Data Privacy & CybersecurityOn September 5, 2020 the California legislature passed AB 713, amending the California Consumer Privacy Act (CCPA). The bill alleviates some of the burdens imposed on medical research and healthcare operations by the CCPA, and imposes new requirements and restrictions on businesses that sell or disclose de-identified health data. The bill also contains an emergency clause enabling it to take effect immediately upon the governor's approval.
Read more »
-
The Next Major Public Health Crisis Posted on: October 15, 2020 In: Data Privacy & Cybersecurity, COVID-19 ResponseIn 2014, a business associate of a healthcare entity was notified by law enforcement that it had suffered a cyberattack to the company's information system. The hackers were able to access and exfiltrate the health information of more than 6 million people from numerous entities served by the business associate. In addition to a fine issued by OCR, a related covered entity was sued and a multimillion-dollar settlement was reached. OCR placed the covered entity under a very detailed corrective action plan.
Read more »
-
Legislative Alert: California Passes Genetic Information Privacy Act Posted on: September 24, 2020 In: Data Privacy & CybersecurityOn August 31, 2020, the California Senate passed SB 980, establishing the Genetic Information Privacy Act, which would require direct-to-consumer genetic testing companies to comply with certain privacy and data security provisions. Whether the Act is ultimately signed into law and made a part of the California privacy landscape remains to be seen. Yet it is the latest effort by The Golden State to impose additional data privacy restrictions and extend rights to consumers concerning personal information.
Read more »
-
California Legislature Extends CCPA Exemptions for Employees’ Personal Information & “Business-to-Business” Exchanges to 2022 Posted on: September 24, 2020 In: Data Privacy & CybersecurityBut for limited exemptions added to the California Consumer Privacy Act (CCPA) last year, personal information exchanged in the employment context, and personal information collected through “business-to-business” exchanges, would be subject to all requirements of the CCPA. Those exemptions were set to expire next year. However, the California legislature has recently voted, through Assembly Bill 1281, to extend the exemptions until January 1, 2022.
Read more »
-
CMS Guidance For Compliance With Interoperability and Patient Access Final Rule Posted on: August 27, 2020 In: Data Privacy & CybersecurityIn a guidance document published on August 14, 2020, the Centers for Medicare & Medicaid Services (CMS) provided enforcement deadlines and implementation guidance regarding the long awaited CMS Interoperability and Patient Access final rule. The final rule was published on May 1 of this year and includes several new requirements applicable to Medicaid and the Children’s Health Insurance Program (CHIP).
Read more »
-
Healthcare Providers Beware: HIPAA Applies When Complying With Subpoenas Posted on: August 18, 2020 In: Data Privacy & Cybersecurity, COVID-19 ResponseMuch scrutiny has been given to the treatment for COVID-19 and the use of funds in fighting it. In time, the local, state, and federal governments will be investigating or prosecuting organizations accepting COVID-19 funds or treating those with the coronavirus. Covered entities, such as healthcare providers and health plans, might be served with subpoenas and discovery requests. It is important to know how to manage the release or disclosure of patient information subject to these requests.
Read more »
Blog Search
Featured Posts
Blog Tags
alabama
anti-money laundering
arkansas
audit
banks
bank secrecy act
biometric data
blockchain
breach notification
california
canada
ccpa
client notification
colorado
congress
consumer notification
consumer rights
coronavirus
covid-19
cpra
cryptocurrency
cybersecurity
cyber threat
data breach
data privacy
dataprivacy
data security
delaware
department of health and human services
department of state
department of transportation
electronic benefit transfer
email
employment
equifax
eu
eu-u.s. privacy shield
european union
executive order
fbi
fcc
fcra
federal trade commission
fincen
forensic investigation
fraud
gdpr
genetic testing
hacking
healthcare
hhsocr
hipaa
holiday season
homeland security
human resources
identity fraud
identity theft
illinois
incident response
information security
irs
legislation
legislative alert
malware
managed service providers
maryland
microsoft exchange servers
microsoft office 365
multi-factor authentication
multi-factor identification
new jersey
new mexico
new york
ninth circuit
nist security controls
office of foreign assets control
opt out
personal data
personal information
phishing
pre-breach services
privacy
privacy notification
protected health information
ransomware
regulations
scareware
social engineering
social media
statute
supreme court
tax returns
utah
video-teleconferencing
virginia
w2
washington
websites
workplace policy
zoom