On September 17, 2020, four Republican Senators (Roger Wicker – Mississippi, Chairman, John Thune – South Dakota, Deb Fischer – Nebraska, and Marsha Blackburn – Tennessee) introduced sweeping federal privacy legislation entitled: Setting an American Framework to Ensure Data Access, Transparency, and Accountability (“SAFE DATA”) Act. This proposed comprehensive national privacy law has three main
Latest from Password Protected - Page 11
Hacked Patient Records Land Athens Orthopedic Clinic in Hot Water with OCR
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) reached a settlement for $1,500,000 and entered into a substantial corrective action plan with Athens Orthopedic Clinic (AOC) as a result of AOC’s alleged systemic noncompliance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. AOC, located in
NYDFS State of Mind: Regulator Focus and Enforcement Trends
On July 21, the New York Department of Financial Services (NYDFS) filed charges against First American Title Insurance Company (First American) for violating multiple sections of the New York Cybersecurity Regulation, 23 NYCRR 500.00, et seq. The significance of the NYDFS enforcement action cannot be overemphasized. This is the first action filed under the Cybersecurity
Subject Access Requests and Cross-Border Privilege: Tips for In-House Counsel
The EU’s General Data Protection Regulation (“GDPR”) contains the much-publicised right of subject access, which gives an individual the right to access a copy of all the personal data a controller holds in relation to him or her.
Under the GDPR, anything that can identify a living individual is personal data. Obvious examples include names,
Blackbaud Data Breach: Do You Need to Notify Affected Individuals or EU Data Protection Authorities?
On July 16, 2020, Blackbaud, a U.S. based cloud computing provider and one of the world’s largest providers of education administration, fundraising, and financial management software, notified users of its services that it had suffered a ransomware attack in May 2020 in relation to personal data stored on their servers. Numerous colleges, universities, foundations, and
A Day Late, but Will it Fall Short? CPRA Ballot Initiative May Not Appear on Fall Ballot
On May 14, California Secretary of State Alex Padilla announced that the California Privacy Rights Act of 2020 (the “CPRA”) had obtained sufficient raw signatures to qualify for the November 3, 2020 ballot. Those signatures are currently being verified by the counties in which they were obtained. However, based on a complaint filed June 8
AG Submits Final CCPA Regulations—Is Enforcement Still on Track for July 1, 2020?
On June 1, 2020, the California Attorney General submitted the final text of the CCPA Regulations to the California Office of Administrative Law (the “OAL”). This was the last step the AG needed to take before the Regulations become enforceable. But whether enforcement will still start on July 1, 2020 as set forth in the
Privacy vs. Containment, Part 2: The Democratic Answer to a Framework for Federal Privacy Legislation on COVID-19
Two weeks ago we wrote about proposed legislation, The COVID-19 Consumer Data Protection Act of 2020 (“CCDPA”), introduced by a group of senior Republican senators, which was designed to address privacy issues arising in the wake of the COVID-19 pandemic. In response, senior Democratic members of the Senate and House of Representatives introduced their own
OCR Warns Providers and Media: Patient Privacy Remains Protected Despite Pandemic
Since the outbreak of COVID-19, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has issued various notifications of enforcement discretion related to compliance with the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations, discussed previously. However, OCR issued guidance on May 5, 2020, reminding covered
The Virginia Insurance Data Security Act – What You Need to Know
On March 11th, 2020, Virginia Governor Northam signed the Insurance Data Security Act (the “Act”) — HB 1334 — imposing requirements on all entities regulated by the Virginia Bureau of Insurance (“BOI” or the “Bureau”) to:
- maintain an information security program,
- investigate all cybersecurity events,
- notify the Commissioner of Insurance of cybersecurity events,