Ry Crozier reports: The Australian Digital Health Agency, overseer of the My Health Record, has expressed concern at the number and type of “potential” data breaches it is being forced to disclose. In a submission to the Privacy Act review [pdf], the agency (ADHA) asks for changes to the My Health Records Act under which…
Category: Breach Laws
Post-Brexit Personal Data Breach Reporting – An End to the ICO’s Role as One-Stop-Shop Lead Supervisory Authority
Ffion Flockhart (UK) and Steven Hadwin (UK) write: The end of the Brexit implementation period on 31 December 2020 has brought with it significant changes to the data protection landscape for UK-based businesses. Amid headlines about data transfer issues and a potential adequacy decision for the UK in the coming months, businesses also need to…
FTC Announces Enforcement for Inadequate Third Party Risk Management Practices Under the GLBA’s Safeguards Rule
Hunton Andrews Kurth writes: On December 15, 2020, the Federal Trade Commission announced a proposed settlement with Ascension Data & Analytics, LLC, a Texas-based mortgage industry data analytics company (“Ascension”), to resolve allegations that the company failed to ensure one of its vendors was adequately securing personal information of mortgage holders. The FTC alleged that Ascension’s vendor, OpticsML,…
Federal Financial Agencies Propose Requirement for Computer Security Incident Notification
A press release from the FDIC on December 18: Federal financial regulatory agencies today announced a proposal that would require supervised banking organizations to promptly notify their primary federal regulator in the event of a computer security incident. In particular, alerts would be required for incidents that could result in a banking organization’s inability to…
Survey: To Report or Not Report Health Care Data Breaches
To Report or Not Report Health Care Data Breaches December 11, 2020 Amanda Walden, PhD, RHIA, CHDA , Kendall Cortelyou-Ward, PhD , Meghan Hufstader Gabriel, PhD , Alice Noblin, PhD, RHIA, CCS, PMP The American Journal of Managed Care, December 2020, Volume 26, Issue 12 This study presents information regarding the decisions that health care privacy officers make about reporting a data breach, including…
Michigan Considers Enhanced Data Breach Notification Law
Joseph Lazzarotti and Maya Atrakchi of JacksonLewis write: Privacy and security continue to be at the forefront for legislatures across the nation, despite (or perhaps because of) the COVID-19 pandemic. In late May, with back-to-back amendments, Washington D.C. and Vermont significantly overhauled their data breach notification laws, including expansion of the definition of personal information,…