Archives: Enforcement

Subscribe to Enforcement RSS Feed

Unsecured PHI Leads to OCR Settlement with Closed Business

On February 13, 2018, the U.S. Department of Health and Human Services’ Office for Civil Rights announced that it had entered into a resolution agreement with the receiver appointed to liquidate the assets of Filefax, Inc. in order to settle potential violations of HIPAA. … Continue Reading

CFTC Brings Cybersecurity Enforcement Action

On February 12, 2018, in a settled enforcement action, the U.S. Commodity Futures Trading Commission charged a registered futures commission merchant with violations of CFTC regulations relating to an ongoing data breach.… Continue Reading

GSA to Upgrade Cybersecurity Requirements

Recently, the General Services Administration announced its plan to upgrade its cybersecurity requirements in an effort to build upon the Department of Defense’s new cybersecurity requirements that became effective on December 31, 2017.… Continue Reading

Belgium Adopts Law Reforming the Belgian Privacy Commission

On January 10, 2018, the Law of 3 December 2017 creating the Data Protection Authority was published in the Belgian Official Gazette. It replaces the Belgian Privacy Commission with the Belgian Data Protection Authority, since the current Belgian Privacy Commission has limited prosecutorial powers and no direct sanctioning powers.… Continue Reading

First Enforcement Actions Brought Pursuant to China’s Cybersecurity Law

In the wake of China's Cybersecurity Law coming into effect at the beginning of June, local authorities in Shantou and Chongqing have brought enforcement actions against information technology companies for violations of the Cybersecurity Law. These are, reportedly, the first enforcement actions brought pursuant to the Cybersecurity Law.… Continue Reading

New Jersey Shopper Privacy Bill Signed into Law

On July 21, 2017, New Jersey Governor Chris Christie signed a bill that places new restrictions on the collection and use of personal information by retail establishments for certain purposes. The statute, which is called the Personal Information and Privacy Protection Act, permits retail establishments in New Jersey to scan a person’s driver’s license or other state-issued identification card only for eight purposes. … Continue Reading

Cybersecurity Law Goes Into Effect in China

On June 1, 2017, the new Cybersecurity Law went into effect in China. This post takes stock of (1) which measures have been passed so far, (2) which ones go into effect on June 1 and (3) which ones are in progress but have yet to be promulgated.… Continue Reading

UK ICO Stresses Importance of Preparing for the GDPR and Addresses the ICO’s Role Post-Brexit

With just under one year to go before the EU General Data Protection Regulation becomes law across the European Union, the UK Information Commissioner’s Office has continued its efforts to help businesses prepare for the new law, including by issuing updated guidance and its Information Rights Strategic Plan 2017-2021. The ICO also has taken steps to address its own role post-Brexit.… Continue Reading
LexBlog