Privacy, Data and CybersecurityBlog Posts
Biden Administration Issues Memo Focused on Critical Infrastructure CybersecurityFollowing a series of major ransomware attacks, including against Colonial Pipeline, which provides the East Coast with 45 percent of its gasoline, jet fuel and diesel, President Biden issued a National Security Memorandum (“the Memorandum”) last week intent on improving cybersecurity for critical infrastructure systems. The Memorandum comes in follow up to the Biden Administration’s...… Continue ReadingAugust 4, 2021 |
As Facial Recognition Technology Surges, Organizations Face Privacy and Cybersecurity Concerns, and FraudFacial recognition technology has become increasingly popular in recent years in the employment and consumer space (e.g. employee access, passport check-in systems, payments on smartphones), and in particular during the COVID-19 pandemic. As the need arose to screen persons entering a facility for symptoms of the virus, including temperature, thermal cameras, kiosks, and other devices...… Continue ReadingJuly 28, 2021 |
Information Blocking and HIPAA’s Right to Access – Is Your Practice Compliant?Patient record requests can be a significant administrative burden for health care providers. An OCR enforcement initiative and a new federal law give providers more reason to get this process right. We summarize these rules here. Since the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule became effective in 2003, it generally...… Continue ReadingJuly 26, 2021 |
Connecticut Enacts Safe Harbor from Punitive Damages in Data Breach CasesEffective October 1, 2021, Connecticut becomes the third state with a data breach litigation “safe harbor” law (Public Act No. 21-119), joining Utah and Ohio. In short, the Connecticut law prohibits courts in the state from assessing punitive damages in data breach litigation against a covered defendant that created, maintained, and complied with a cybersecurity...… Continue ReadingJuly 23, 2021 |
Musings of Retirement Plan Fiduciaries: Episode TwoIndividuals who serve as a fiduciaries to their company’s retirement plan often feel they may not be sufficiently informed or qualified to make prudent decisions for the plan. They might ask themselves: “How do I know which are prudent investments?” or “What amount of plan fees are ‘reasonable’”? Now, the DOL is requiring plan fiduciaries...… Continue ReadingJuly 21, 2021 |
DOL Has Started to Audit Compliance with Its Cybersecurity GuidelinesIn April, we posted about the U.S. Department of Labor’s (DOL) Employee Benefits Security Administration (EBSA) issuing cybersecurity guidance for employee retirement plans. That is, April 14, 2021. Shortly thereafter, the DOL updated its audit inquiries to include probing questions for plan fiduciaries about their compliance with “hot off the press” agency guidelines. So, what do...… Continue ReadingJuly 15, 2021 |
Colorado Becomes Third State To Enact a Comprehensive Privacy LawColorado is officially the third U.S. state to enact comprehensive privacy legislation, following California and Virginia. The Colorado General Assembly passed the Colorado Privacy Act (CPA), Senate Bill 21-109, on June 8, 2021, and Governor Jared Polis signed it into law on July 7, 2021. The Colorado Privacy Act takes effect July 1, 2023, six...… Continue ReadingJuly 9, 2021 |
The “New” EU Standard Contractual Clauses: FAQs for U.S. OrganizationsGlobalization, compliance, and the growth in outsourcing have created a myriad of cross-border data transfer scenarios. These scenarios include marketing to and servicing customers, assessing global compliance with diversity and including goals, and outsourcing back office business functions. However, the emergence of far reaching data privacy regulation, such as the EU General Data Protection Regulation...… Continue ReadingJuly 6, 2021 |
Supreme Court Weighs in on School Regulation of Students’ Social Media SpeechLast week, the U.S. Supreme Court held that a Pennsylvania school district went too far when it suspended a student from participation in the school’s cheerleading squad based on “vulgar” comments made about the coach on the student’s personal social media account. In an 8-1 decision, the high court emphasized that while schools have some...… Continue ReadingJuly 5, 2021 |
NIST Preliminary Draft Cybersecurity Framework Profile for Ransomware Risk Management Provides Risk Management StrategiesThe National Institute of Standards and Technology (NIST) recently released a preliminary draft of its Cybersecurity Framework Profile for Ransomware Risk Management. The public comment period for this draft runs through July 9, 2021. NIST says “The profile can be used as a guide to managing the risk of ransomware events. That includes helping to...… Continue ReadingJuly 2, 2021 |