Ranier Allan Ronda reports: The National Privacy Commission (NPC) has set a ceiling of P5 million on fines imposed on data privacy violators, following a revision of its penalty system based on public consultations. The NPC presented its revised schedule of administrative fines set under the updated Circular on Administrative Fines and the scope of…
Category: Federal
Africa Data Security and Privacy Guide
Janet MacKenzie, Anne-Marie Allgrove, Kellie Blyth, Elisabeth Dehareng, Ghada El Ehwany, Brian Hengesbaugh, Theo Ling, Paolo Sbuttoni, and Carlos Vela-Trevino of Baker McKenzie write: The pandemic drove home the high value of personal data to the global economy, while also highlighting its vulnerability to abuse and attack. In response, governments around the world, including those…
HIPAA’s Role in Setting Good Security
Matt Fisher writes: The Office for Civil Rights is promoting HIPAA as being able to prevent or substantially mitigate the impacts of a cyber attack. It is a bold statement from OCR and one that bears unpacking. Why is OCR asserting that HIPAA can prevent or substantially mitigate a cyber attack? The primary answer is…
President Biden Signs Critical Infrastructure Ransomware Payment and Cyber Incident Reporting into Law
Ashden Fein, Robert Huffman, Moriah Daugherty, and Hensey A. Fenton III of Covington and Burling write: On March 15, 2022, President Biden signed the Consolidated Appropriations Act 2022, a $1.5 trillion omnibus spending package to fund the government through September 2022. The omnibus spending package includes the Cyber Incident Reporting for Critical Infrastructure Act of…
Hidden privacy lessons in the FTC’s CafePress security enforcement
Cobun Zweifel-Keegan writes: In its most recent cybersecurity enforcement decision, the U.S. Federal Trade Commission announced a draft settlement agreement with the current and former operators of the customized merchandise website CafePress.com. Although the unanimous consent order focuses primarily on the company’s lax security practices, which allegedly led to multiple data breaches, there are also a few…
Comprehensive Health Services Pays False Claims Act Settlement Involving EMR Security
Marianne Kolbasuk McGee reports: A healthcare services contractor has agreed to pay a $933,000 settlement in a federal whistleblower case involving alleged false claims by the entity about the security of electronic medical records containing the information of military personnel, diplomats and contractors. The settlement is the first under the Department of Justice’s Civil Cyber-Fraud Initiative,…