The Senate Education Committee approved the Student Data Privacy and Protection Act, according to the measure’s sponsor Sen. Kristin Phillips-Hill (R-York). Senate Bill 565 modernizes Pennsylvania law to accommodate student information being stored online, as well as students learning and attending school online. As is currently stands, student-related data is being generated, collected, and stored within…
Category: Legislation
HHS OCR settles charges against Manasa Health Center for disclosing PHI in response to a negative online review
New Jersey psychiatry practice pays $30,000 to settle complaint about impermissible disclosure of protected health information by disclosing this information in online review Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announces a settlement with Manasa Health Center, LLC, a health care provider in New Jersey that provides…
Update on GLBA Safeguards Rule in Higher Education
Benjamin Wanger and Pierce T. Cox of BakerHostetler write: On February 9, 2023, the Department of Education Office of Federal Student Aid (“FSA”) issued an electronic notice regarding the Federal Trade Commission’s Final Rule amending the Standards for Safeguarding Customer Information (“Safeguards Rule”) under the Gramm-Leach-Bliley Act (“GLBA”). The amendments to the Safeguards Rule, which go into…
NYSDFS Fines Lender and Mortgage Servicer $4.25M for Cybersecurity Failures Including Vendor Management
Joseph Lazzarotti of JacksonLewis writes: Yesterday, New York’s Department of Financial Services (“DFS”) announced another enforcement action under the state’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R. Part 500 (“Reg 500”). According to the press release, OneMain Financial Group LLC (“OneMain”) will pay a $4.25 million penalty to New York State for alleged violations of Reg 500. In…
Pennsylvania Breach of Personal Information Notification Act (BPINA)
John F. Lushis, Jr. of Norris McLaughlin P.A. writes: In December 2005, Pennsylvania enacted the Breach of Personal Information Notification Act (the “2005 BPINA”). Known as the 2005 BPINA Act, its purpose is to provide “for security of computerized data and for the notification of residents whose personal information data was or may have been disclosed…
Health Breach Notification Rule: FTC wants your insights into proposed changes
From the FTC: The Health Breach Notification Rule has been in place since 2009. Given the pace of innovation, that seems like a century in tech years. Since then, we’ve seen an explosion in the popularity of health apps, fitness trackers, and other health-related monitors. To keep up with technological developments and evolving business practices, the…