Matt Fisher has a post on a topic near and dear to DataBreaches’ heart: how much detail to include in a brief notification. Matt covers the minimum requirements, as mandated by HIPAA, but then starts to consider more complex situations. He writes, in part: Without being able to cover every scenario or nuance, there are…
Category: Legislation
NY: DFS Superintendent Adrienne A. Harris Announces Updated Cybersecurity Regulation
Amends First-In-The-Nation Cybersecurity Regulation Created in 2017 in Response to Increasingly Sophisticated Technologies and Threats The Department Seeks Comments on the Proposed Regulation During the Next 60 Days Superintendent of Financial Services Adrienne A. Harris announced today that the New York State Department of Financial Services (DFS) proposed an updated cybersecurity regulation. DFS’s original regulation, which…
Bug Bounties and Ransomware Demands: Storm Clouds Ahead for In-House Counsel
Michael Ward, Matthew Baker, and Jessica Wu of Baker Botts write about the conviction of Uber’s former security chief for felony violations of obstructing a Federal Trade Commission investigation and “misprision of felony” for failing to disclose a 2016 data breach. They then discuss issues for in-house counsel that the case raises, beginning with: Action…
LinkedIn Scores Partial Win in Long-Running Data Scraping Feud
Andrea Vittorio reports: A workforce analytics firm breached LinkedIn Corp.‘s user agreement by scraping data and using fake accounts to fuel its now-defunct business, a federal court in San Francisco ruled in a lengthy dispute that’s on a path to trial. The ruling, made public Friday, represents a partial win for LinkedIn in a case that…
CT: Brookfield admits ‘blackout pen’ error led to sharing of special education students’ information
Trevor Ballantyne reports: School officials this week acknowledged a failure to properly redact personally identifiable information linked to students receiving special education services from the school district. According to emails obtained by The News-Times, parents accused the district of violating privacy protections laid out under the U.S. Family Education Rights and Privacy Act, or FERPA,…
OCR Releases New Recognized Security Practices Video
In recognition of National Cybersecurity Awareness Month, OCR has produced a new video this October for organizations covered under the HIPAA Rules on Recognized Security Practices. Recommended security practices can help organizations improve their ability to safeguard patient information from cyberattacks and better safeguard the health care services we all rely upon. Section 13412 of…