Tag Archives: Compliance

Unsecured PHI Leads to OCR Settlement with Closed Business

On February 13, 2018, the U.S. Department of Health and Human Services’ Office for Civil Rights announced that it had entered into a resolution agreement with the receiver appointed to liquidate the assets of Filefax, Inc. in order to settle potential violations of HIPAA. … Continue Reading

CFTC Brings Cybersecurity Enforcement Action

On February 12, 2018, in a settled enforcement action, the U.S. Commodity Futures Trading Commission charged a registered futures commission merchant with violations of CFTC regulations relating to an ongoing data breach.… Continue Reading

GSA to Upgrade Cybersecurity Requirements

Recently, the General Services Administration announced its plan to upgrade its cybersecurity requirements in an effort to build upon the Department of Defense’s new cybersecurity requirements that became effective on December 31, 2017.… Continue Reading

Belgium Adopts Law Reforming the Belgian Privacy Commission

On January 10, 2018, the Law of 3 December 2017 creating the Data Protection Authority was published in the Belgian Official Gazette. It replaces the Belgian Privacy Commission with the Belgian Data Protection Authority, since the current Belgian Privacy Commission has limited prosecutorial powers and no direct sanctioning powers.… Continue Reading

French DPA Publishes a Compliance Pack Regarding Connected Vehicles

On October 17, 2017, the French Data Protection Authority, after a consultation with multiple industry participants that was launched on March 23, 2016, published its compliance pack on connected vehicles in line with its report of October 3, 2016. The pack applies to connected vehicles for private use only, and describes the main principles data controllers must adhere to under both the current French legislation and the EU GDPR.… Continue Reading

OCR Releases Guidance on HIPAA Compliance During Emergencies

On September 7, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights issued an announcement containing disaster preparedness and recovery guidance in advance of Hurricane Irma. The announcement underscores key privacy and security issues for entities covered by HIPAA to help them protect individuals’ health information before, during and after emergency situations.… Continue Reading

Delaware Amends Data Breach Notification Law

On August 17, 2017, as reported in BNA Privacy Law Watch, Delaware amended its data breach notification law, effective April 14, 2018. The amendments include expansion of the definition of personal information, timing of notification, changes to the harm threshold and credit monitoring service changes. … Continue Reading

Uber Settles FTC Data Privacy and Security Allegations

On August 15, 2017, the FTC announced that it had reached a settlement with Uber, Inc., over allegations that the ride-sharing company had made deceptive data privacy and security representations to its consumers. Under the terms of the settlement, Uber has agreed to implement a comprehensive privacy program and to undergo regular, independent privacy audits for the next 20 years.… Continue Reading

First Enforcement Actions Brought Pursuant to China’s Cybersecurity Law

In the wake of China's Cybersecurity Law coming into effect at the beginning of June, local authorities in Shantou and Chongqing have brought enforcement actions against information technology companies for violations of the Cybersecurity Law. These are, reportedly, the first enforcement actions brought pursuant to the Cybersecurity Law.… Continue Reading

Nevada Enacts Website Privacy Notice Law

Recently, Nevada enacted an online privacy policy law which will require operators of websites and online services to post a notice on their website regarding their privacy practices. Nevada is the third state to enact legislation requiring website operators to post a public privacy notice, following California (enacted in 2004) and Delaware (enacted in 2016). … Continue Reading
LexBlog