Federal – Page 39 – DataBreaches.Net

HIPAA Enforcement by State Attorneys General

Posted on January 22, 2021 by Dissent

HIPAA Journal has a nice recap of of HIPAA enforcement actions by states attorney general. You can read it here.

An Overview of Cybersecurity Law in Taiwan

Posted on January 21, 2021 by Dissent

John Eastwood, Nathan Snyder, Wendy Chu, David Rosenthal and Lloyd G. Roberts III of Eiger write: 1. GOVERNING TEXTS In Taiwan, there are two main branches of legislation pertaining to information security: legislation on cybersecurity and legislation protecting personal data. While the information security aspects of personal data protection legislation (mainly the PDPA) only apply…

M.D. Anderson’s $4.3 Million Fine for Patient Data Loss Vacated

Posted on January 14, 2021 by Dissent

This is huge. Mary Anne Pazanowski reports: The University of Texas’s M.D. Anderson Cancer Center dodged a $4.3 million fine for losing over 35,000 people’s protected health information after the Fifth Circuit ruled Thursday that HHS acted arbitrarily and capriciously in finding that the provider violated two information security regulations. You can read more on…

Data Analytics Company Settles with FTC Over Alleged Data Security Violations

Posted on January 7, 2021 by Dissent

Sheila A. Millar and Tracy P. Marshall of Keller & Heckman write: Third-party service providers are vital to many companies and they handle a wide range of business activities essential for companies to deliver their own offerings. But a company is not adequately protecting consumers if it fails to perform proper due diligence on service…

IoT Devices to See New Security Guidelines in 2021

Posted on December 28, 2020 by Dissent

Joseph Lazzarotti writes: Setting up that new IoT device you received for Christmas? Maybe you’ve been derelict in feeding the dog and found a smart dog feeder under the tree, one that will alert you that Luna has been fed or that you have to refill the feeder. Smart gizmos are not just for the home, approximately 25%…

FTC Announces Enforcement for Inadequate Third Party Risk Management Practices Under the GLBA’s Safeguards Rule

Posted on December 27, 2020 by Dissent

Hunton Andrews Kurth writes: On December 15, 2020, the Federal Trade Commission announced a proposed settlement with Ascension Data & Analytics, LLC, a Texas-based mortgage industry data analytics company (“Ascension”), to resolve allegations that the company failed to ensure one of its vendors was adequately securing personal information of mortgage holders. The FTC alleged that Ascension’s vendor, OpticsML,…