HHS OCR’s October newsletter begins: Every October, in recognition of National Cybersecurity Awareness Month, the federal government and its partners work to educate stakeholders on cybersecurity awareness and how best to protect the privacy and security of confidential data. Within the health care industry, the HIPAA Security Rule1 applies to covered entities2 and their business associates3 (“regulated entities”)…
Category: Federal
FTC Takes Action Against Drizly and its CEO James Cory Rellas for Security Failures that Exposed Data of 2.5 Million Consumers
The Federal Trade Commission is taking action against the online alcohol marketplace Drizly and its CEO James Cory Rellas over allegations that the company’s security failures led to a data breach exposing the personal information of about 2.5 million consumers. Drizly and Rellas were alerted to security problems two years prior to the breach yet…
Australia to propose increased penalties for data breaches following major cyberattacks
Reuters reports: Australia will introduce laws to parliament to increase penalties for companies subject to major data breaches, Attorney-General Mark Dreyfus said, after high-profile cyberattacks hit millions of Australians in recent weeks. […] Dreyfus, in an official statement issued on Saturday, said the government would next week move to “significantly increase penalties for repeated or serious privacy…
CISA Requests Public Comment on Implementing Regulations for the Cyber Incident Reporting for Critical Infrastructure Act
Jim Garland, Micaela McMurrough, Ashden Fein, Caleb Skeath, and Matthew Harden of Covington and Burling write: On September 12, 2022, the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) published a Request for Information, seeking public comment on how to structure implementing regulations for reporting requirements under the Cyber Incident Reporting for Critical Infrastructure Act of 2022…
Indonesia finally passes personal data protection law
Eileen Yu reports: Indonesia finally has passed its personal data protection law that has been in discussions since 2016. The government believes the new Bill will be critical amidst a spate of data security breaches in the country. Indonesia’s House of Representatives earlier this month approved the Personal Data Protection (PDP) Bill, paving the way…
LEAK: European Commission to introduce cyber requirements for Internet of Things products
Luca Bertuzzi reports: The proposal for a Cyber Resilience Act that will be presented next week will mandate baseline cybersecurity standards for all connected devices and stricter conformity assessment procedures for critical products, according to a draft seen by EURACTIV. The proposal is trying to address the widespread vulnerabilities in the booming Internet of Things (IoT)…