Search

Search form

Biden Administration Issues Memo Focused on Critical Infrastructure Cybersecurity

Following a series of major ransomware attacks, including against Colonial Pipeline, which provides the East Coast with 45 percent of its gasoline, jet fuel and diesel, President Biden issued a National Security Memorandum (“the Memorandum”) last week intent on improving cybersecurity for critical infrastructure systems. The Memorandum comes in follow up to the Biden Administration’s...… Continue Reading
August 4, 2021

As Facial Recognition Technology Surges, Organizations Face Privacy and Cybersecurity Concerns, and Fraud

Facial recognition technology has become increasingly popular in recent years in the employment and consumer space (e.g. employee access, passport check-in systems, payments on smartphones), and in particular during the COVID-19 pandemic. As the need arose to screen persons entering a facility for symptoms of the virus, including temperature, thermal cameras, kiosks, and other devices...… Continue Reading
July 28, 2021

Information Blocking and HIPAA’s Right to Access – Is Your Practice Compliant?

Patient record requests can be a significant administrative burden for health care providers. An OCR enforcement initiative and a new federal law give providers more reason to get this process right.  We summarize these rules here. Since the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule became effective in 2003, it generally...… Continue Reading
July 26, 2021

Connecticut Enacts Safe Harbor from Punitive Damages in Data Breach Cases

Effective October 1, 2021, Connecticut becomes the third state with a data breach litigation “safe harbor” law (Public Act No. 21-119), joining Utah and Ohio. In short, the Connecticut law prohibits courts in the state from assessing punitive damages in data breach litigation against a covered defendant that created, maintained, and complied with a cybersecurity...… Continue Reading
July 23, 2021

Musings of Retirement Plan Fiduciaries: Episode Two

Individuals who serve as a fiduciaries to their company’s retirement plan often feel they may not be sufficiently informed or qualified to make prudent decisions for the plan. They might ask themselves: “How do I know which are prudent investments?” or “What amount of plan fees are ‘reasonable’”? Now, the DOL is requiring plan fiduciaries...… Continue Reading
July 21, 2021

DOL Has Started to Audit Compliance with Its Cybersecurity Guidelines

In April, we posted about the U.S. Department of Labor’s (DOL) Employee Benefits Security Administration (EBSA) issuing cybersecurity guidance for employee retirement plans. That is, April 14, 2021. Shortly thereafter, the DOL updated its audit inquiries to include probing questions for plan fiduciaries about their compliance with “hot off the press” agency guidelines. So, what do...… Continue Reading
July 15, 2021

Colorado Becomes Third State To Enact a Comprehensive Privacy Law

Colorado is officially the third U.S. state to enact comprehensive privacy legislation, following California and Virginia. The Colorado General Assembly passed the Colorado Privacy Act (CPA), Senate Bill 21-109, on June 8, 2021, and Governor Jared Polis signed it into law on July 7, 2021. The Colorado Privacy Act takes effect July 1, 2023, six...… Continue Reading
July 9, 2021

The “New” EU Standard Contractual Clauses: FAQs for U.S. Organizations

Globalization, compliance, and the growth in outsourcing have created a myriad of cross-border data transfer scenarios. These scenarios include marketing to and servicing customers, assessing global compliance with diversity and including goals, and outsourcing back office business functions. However, the emergence of far reaching data privacy regulation, such as the EU General Data Protection Regulation...… Continue Reading
July 6, 2021

Supreme Court Weighs in on School Regulation of Students’ Social Media Speech

Last week, the U.S. Supreme Court held that a Pennsylvania school district went too far when it suspended a student from participation in the school’s cheerleading squad based on “vulgar” comments made about the coach on the student’s personal social media account. In an 8-1 decision, the high court emphasized that while schools have some...… Continue Reading
July 5, 2021

NIST Preliminary Draft Cybersecurity Framework Profile for Ransomware Risk Management Provides Risk Management Strategies

The National Institute of Standards and Technology (NIST) recently released a preliminary draft of its Cybersecurity Framework Profile for Ransomware Risk Management. The public comment period for this draft runs through July 9, 2021. NIST says “The profile can be used as a guide to managing the risk of ransomware events. That includes helping to...… Continue Reading
July 2, 2021

Pages