Cobun Zweifel-Keegan writes: In its most recent cybersecurity enforcement decision, the U.S. Federal Trade Commission announced a draft settlement agreement with the current and former operators of the customized merchandise website CafePress.com. Although the unanimous consent order focuses primarily on the company’s lax security practices, which allegedly led to multiple data breaches, there are also a few…
Category: Federal
Comprehensive Health Services Pays False Claims Act Settlement Involving EMR Security
Marianne Kolbasuk McGee reports: A healthcare services contractor has agreed to pay a $933,000 settlement in a federal whistleblower case involving alleged false claims by the entity about the security of electronic medical records containing the information of military personnel, diplomats and contractors. The settlement is the first under the Department of Justice’s Civil Cyber-Fraud Initiative,…
SEC Proposes Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies
Washington D.C., March 9, 2022 — The Securities and Exchange Commission today proposed amendments to its rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies. “Over the years, our disclosure regime has evolved to reflect evolving risks and investor needs,” said SEC Chair Gary Gensler. “Today,…
U.S. Congress Passes Cyber Incident and Ransom Payment Reporting Requirement
Energy, financial services, food and agriculture, healthcare, information technology, defense industrial base, and other critical infrastructure entities in the United States will face new cyber incident reporting requirements as a result of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (the Act), enacted by the U.S. Congress on March 10, 2022. Read more…
Airline Sues to Stop Popular Web-Scraping Service–American Airlines v. The Points Guy
Kieran McCarthy writes: Those interested in web scraping legal issues had high hopes that the Supreme Court’s opinion in Van Buren v. United States last summer would provide clear guidelines on which types of online data access were permissible and which were not. And while most would agree that the Supreme Court avoided a worst-case scenario with its…
HIPAA: The Who: Plans, Providers, and Clearinghouses, and the First of the Rule of 3s.
With all the wildly erroneous claims made by people about what is covered by HIPAA, here’s a great explainer by attorney Jeff Drummond on exactly what kinds of entities ARE covered by HIPAA (Spoiler alert: yes, your local bar CAN ask you your vaccination status without violating HIPAA because they are not covered by HIPAA)….