Catherine R. TucciarelloBlog Posts
NYDFS Files First Enforcement Action Under Reg 500On July 21, 2020, the New York Department of Financial Services (“DFS”) filed its first enforcement action under New York’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R. Part 500 (“Reg 500”). Reg 500, which took effect in March 2017, imposes wide-ranging and rigorous requirements on subject organizations and their service providers, which are summarized...… Continue ReadingAugust 17, 2020 |
OCR’s Relaxed Enforcement of HIPAA During COVID-19 Paves The Way For Increase in Telehealth ServicesAs the COVID-19 pandemic continues to spread across the country, doctors, dentists, therapists and other healthcare providers have turned to telehealth use with their patients by way of videoconferencing applications such as Zoom, Skype and WebEx. The Office of Civil Rights and the Department of Health and Human Services (“OCR”) defines telehealth as “the use...… Continue ReadingJune 11, 2020 |
OCR’s Relaxed Enforcement of HIPAA During COVID-19 Paves The Way For Increase in Telehealth ServicesAs the COVID-19 pandemic continues to spread across the country, doctors, dentists, therapists and other healthcare providers have turned to telehealth use with their patients by way of videoconferencing applications such as Zoom, Skype and WebEx. The Office of Civil Rights and the Department of Health and Human Services (“OCR”) defines telehealth as “the use... Continue Reading…June 11, 2020 |
CCPA: Expansive Array of Consumer Rights Imposes Rigorous Compliance BurdenFor years now, state laws have required subject organizations to provide notification to affected data subjects and, in some instances, to state agencies, consumer reporting agencies, and the media, when they experience a “breach” of certain categories of information. And a growing number of states – including California, Colorado, Connecticut, Maryland, Massachusetts, Texas, and, most...… Continue ReadingSeptember 18, 2019 |
“Help Me, Help You”: Defense Department Advises Contractors That Cybersecurity Is An Allowable CostDuring a presentation at the Professional Services Council Federal Acquisition Conference on June 13, 2019, a high-ranking Department of Defense (“DoD”) official announced, with dramatic flair, that cybersecurity is an allowable cost: “I need you all now to get out your pens and you better write this down and tell your teams: Hear it from...… Continue ReadingJune 24, 2019 |
High-end Job Recruitment Site Exposes at least 13.7 million Users with Unprotected ServerA security lapse has exposed the data of at least 13.7 million user records of the high-end job recruitment site, Ladders. The company left a cloud-hosted search database exposed without a password. Ladders took the database offline less than an hour after the news website TechCrunch alerted the company after learning about the potential breach...… Continue ReadingMay 10, 2019 |
Rapid Increase in Biometric Data in Airports Raises Privacy ConcernsIn 2018, Delta paved the way in airport terminal development, by introducing the first biometric terminal at the Hartsfield-Jackson Atlanta International Airport where passengers can use facial recognition technology from curb to gate. Delta now offers members of its Sky Club airport lounges to enter using fingerprints rather than a membership card or boarding pass....… Continue ReadingMarch 1, 2019 |