A Proposed Rule by the Comptroller of the Currency, the Federal Reserve System, and the Federal Deposit Insurance Corporation on 01/12/2021 This document has a comment period that ends in 90 days. (04/12/2021). You can submit a formal comment on it. Summary: The OCC, Board, and FDIC (together, the agencies) invite comment on a notice of proposed rulemaking (proposed rule or…
Category: Breach Laws
OCR Releases Report Summarizing HIPAA Privacy and Security Compliance Failures
Joseph J. Lazzarotti and Maya Atrakchi of JacksonLewis write: In the final days of 2020, the Office for Civil Rights (OCR) at the U.S. Health and Human Service (HHS) released a HIPAA Audits Industry Report (“the Report”), that could be quite helpful to covered entities and business associates for tackling HIPAA compliance as we enter the new…
Australian Digital Health Agency sees ‘inconsequential’ My Health Record data breach notices eroding trust
Ry Crozier reports: The Australian Digital Health Agency, overseer of the My Health Record, has expressed concern at the number and type of “potential” data breaches it is being forced to disclose. In a submission to the Privacy Act review [pdf], the agency (ADHA) asks for changes to the My Health Records Act under which…
Post-Brexit Personal Data Breach Reporting – An End to the ICO’s Role as One-Stop-Shop Lead Supervisory Authority
Ffion Flockhart (UK) and Steven Hadwin (UK) write: The end of the Brexit implementation period on 31 December 2020 has brought with it significant changes to the data protection landscape for UK-based businesses. Amid headlines about data transfer issues and a potential adequacy decision for the UK in the coming months, businesses also need to…
FTC Announces Enforcement for Inadequate Third Party Risk Management Practices Under the GLBA’s Safeguards Rule
Hunton Andrews Kurth writes: On December 15, 2020, the Federal Trade Commission announced a proposed settlement with Ascension Data & Analytics, LLC, a Texas-based mortgage industry data analytics company (“Ascension”), to resolve allegations that the company failed to ensure one of its vendors was adequately securing personal information of mortgage holders. The FTC alleged that Ascension’s vendor, OpticsML,…
Federal Financial Agencies Propose Requirement for Computer Security Incident Notification
A press release from the FDIC on December 18: Federal financial regulatory agencies today announced a proposal that would require supervised banking organizations to promptly notify their primary federal regulator in the event of a computer security incident. In particular, alerts would be required for incidents that could result in a banking organization’s inability to…