Odia Kagan of Fox Rothschild writes: The Office of the Privacy Commissioner for Bermuda has issued a helpful guide on the various types of harm that could be caused by a data breach. The office also referred to the Future of Privacy Forum research on potential harms. Read more here, In their guidance, the Bermuda privacy…
Category: Legislation
FTC Warns Health Apps and Connected Device Companies to Comply With Health Breach Notification Rule
The Federal Trade Commission today issued a policy statement affirming that health apps and connected devices that collect or use consumers’ health information must comply with the Health Breach Notification Rule, which requires that they notify consumers and others when their health data is breached. In a policy statement adopted during an open meeting, the Commission noted…
Education Department Updates Rules and Criminal Penalties for Accessing Agency Data
Aaron Boyd reports: The Education Department is rolling out new rules for accessing and handling agency data by third parties—including students, parents and loan companies—with updated criminal penalties for anyone not following the new statutes. The new rules intend to bring the department into compliance with the 2019 Stop Student Debt Relief Scams Act and…
SEC fines three companies over hacked employee email accounts
Catalin Cimpanu reports: The US Securities and Exchange Commission has fined three brokerage firms on Monday for neglecting to secure employee accounts, incidents that led to the exposure of their customers’ data. Cetera Advisor Networks LLC, Cetera Investment Services LLC, Cetera Financial Specialists LLC, Cetera Advisors LLC, and Cetera Investment Advisers LLC (collectively, the Cetera entities); Cambridge…
Industry lobbies Congress to extend notification timeline after cybersecurity incidents
Maggie Miller reports: Key industry groups on Wednesday pushed to give organizations at least three days to report cybersecurity incidents to the federal government, effectively opposing Senate legislation that would give them 24 hours to report breaches. Read more on The Hill.
California DOJ Must Be Notified About Breaches of the Health Data of 500 or More California Residents
HIPAA Journal reminds us all that states can require notification to the state of breaches that are also covered by HIPAA and can take enforcement action if they are not reported: Recently, there have been several instances where the California DOJ has not been notified about ransomware attacks on California healthcare facilities, even though the…