Search

Search form

Joseph J. LazzarottiBlog Posts

See all

House of Representatives Passes the Data Accountability and Trust Act

As passed by the House of Representatives on December 8, 2009, the Data Accountability and Trust Act would create federal data security standards, a national breach notification requirement, data destruction mandates, and special requirements for "information brokers."  The Act will now move to the Senate, where it likely will be considered together with recent bills from various … Continue reading House of Representatives Passes the Data Accountability and Trust Act
December 9, 2009

Data Breach Affects Climate Change Debate

Based on recent events, the University of East Anglia likely will agree that data privacy and security requires a comprehensive approach, as data breaches are not limited to incidents involving personal information and identity theft. In fact, the effects of a breach to an organization’s information systems involving confidential company information can be far worse on the … Continue reading Data Breach Affects Climate Change Debate
November 24, 2009

“Friending” Employees – The Risks of Employer Participation In Online Social Networking

More companies are becoming a part of the social networking community – setting up Facebook pages, “friending” their employees and customers, and so on. Businesses use these sites for a variety of purposes including marketing; client, employee and government relations; and community involvement. With lawmaking bodies and courts just beginning to struggle with the range … Continue reading “Friending” Employees – The Risks of Employer Participation In Online Social Networking
November 22, 2009

GINA Effective November 21, 2009, But EEOC Final Regulations Remain Under Review

The Genetic Information Nondiscrimination Act (GINA) [pdf], signed into law in May 2008, prohibits discrimination by health insurers and employers based on individuals’ genetic information. Genetic information includes the results of genetic tests to determine whether someone is at increased risk of acquiring a condition (such as some forms of breast cancer) in the future, … Continue reading GINA Effective November 21, 2009, But EEOC Final Regulations Remain Under Review
November 20, 2009

Cloud Computing – Did the City of Los Angeles Make the Right Move?

“Cloud computing” takes many forms, but, fundamentally, it is a computer network system that allows consumers, businesses, and other entities to store data off-site and manage it with third-party-owned software accessed through the Internet. Files and software are stored centrally on a network to which end users can connect to access their files using computers … Continue reading Cloud Computing – Did the City of Los Angeles Make the Right Move?
November 17, 2009

The Final, Final Massachusetts Data Security Regulations and a Checklist for Compliance

The Massachusetts Office of Consumer Affairs and Business Regulations (OCABR) announced on November 4, 2009, the filing of final regulations (pdf) with the Secretary of State’s office, the final step before the regulations take effect March 1, 2010. The final regulations differ slightly from the version of the regulations issued in August 2009, which made significant revisions to … Continue reading The Final, Final Massachusetts Data Security Regulations and a Checklist for Compliance
November 15, 2009

Blue Cross Blue Shield Data Breach Highlights Need for Employee Training/Awareness

Today, Connecticut Attorney General Richard Blumenthal announced his office will investigate a data breach that occurred in late August that affected approximately 18,817 Connecticut health care professionals. The American Medical Association reported earlier that this breach involved the personal information, including Social Security numbers, of an estimated 850,000 physicians nationwide. What is most troubling about this … Continue reading Blue Cross Blue Shield Data Breach Highlights Need for Employee Training/Awareness
November 9, 2009

Senate Judiciary Committee Approves Data Security and Breach Notification Measures

Yesterday, the U.S. Senate Judiciary Committee again approved two pieces of legislation that would require certain entities to safeguard personal information and notify individuals of breaches of that information. Over the last few years, similar legislation made it out of various Committees, but failed to go any further. Could this time be different? The Committee voted … Continue reading Senate Judiciary Committee Approves Data Security and Breach Notification Measures
November 6, 2009

Employers Go Green: Electronic On-Boarding – Personal Information and Other Challenges

In good and not-so-good economic times, the on-boarding process – recruiting, application, hiring and orientation – is critical for employers to attract and welcome new talent. In recent years, technology has enabled employers to perform all or a part of this process on-line, significantly increasing efficiency and reducing costs. Moving to a web-based on-boarding system, … Continue reading Employers Go Green: Electronic On-Boarding – Personal Information and Other Challenges
November 5, 2009

HIPAA Enforcement Regulations Updated for Penalty Increases and Enhancements under the HITECH Act

The Department of Health and Human Services (HHS) published interim final regulations on October 30, 2009, to update existing enforcement regulations under HIPAA for statutory revisions made by the Health Information Technology for Economic and Clinical Health (HITECH) Act. These regulations become effective November 30, 2009, and only address the provisions of the HITECH Act already … Continue reading HIPAA Enforcement Regulations Updated for Penalty Increases and Enhancements under the HITECH Act
November 2, 2009

Pages