Barbara Li and Bohua Yao report: On November 30, 2018 the Cyber Security Protection Bureau, under the auspices of the PRC Ministry of Public Security (the “MPS”), issued a draft Guideline for Internet Personal Information Security Protection (the “Guideline”) along with a request for public comments. Even though, upon reaching final form and taking effect, the…
Category: Federal
FTC Calls For Data Breach Law To ‘Clarify’ Its Authority
Ben Kochman reports: The Federal Trade Commission has called on Congress to “clarify” its authority to regulate data breaches, while responding to the White House’s request for advice on how the administration should handle consumer privacy. In comments posted last week to the U.S. Department of Commerce‘s National Telecommunications and Information Administration, the FTC said…
Canadian Regulator Issues Final Guidance on New Data Breach Reporting Requirements
Hunton writes: On October 29, 2018, the Office of the Privacy Commissioner of Canada (the “OPC”) released final guidance (“Final Guidance”) regarding how businesses may satisfy the reporting and record-keeping obligations under Canada’s new data breach reporting law. The law, effective November 1, 2018, requires organizations subject to the federal Personal Information Protection and Electronic…
Is Your e-PHI Secure? ONC and OCR Update HIPAA Security Risk Assessment Tool
Valerie K. Jackson of Jackson Lewis writes: October 2018 marks the 15th annual National Cyber Security Awareness Month. In honor of this occasion, the Office of the National Coordinator for Health Information Technology (ONC) and the HHS Office for Civil Rights (OCR) have jointly launched an updated HIPAA Security Risk Assessment (SRA) Tool to help covered entities and…
House Financial Services Committee passes R.6743
Aaron Lancaster of BakerHostetler has a great privacy rewind for the week that includes action in Congress. He writes: House Committee Passes Federal Data Breach Notification Bill for Financial Institutions The House Financial Services Committee passed R. 6743, the Consumer Information Notification Requirement Act, which would require financial institutions to notify affected customers of a data…
FDA aims to strengthen cybersecurity of medical devices
Danielle Brown reports: The Food and Drug Administration (FDA) is working to strengthen the cybersecurity of medical devices in the wake of computer-hacking threats, according to a report by the Star Tribune. According to the report, FDA staff members are examining companies’ “preparations for potential computer-hacking threats to devices that millions of Americans depend on.”…