Jenina P. Ibañez reports: Victims of personal data breaches may request cease-and-desist orders from the National Privacy Commission (NPC) if the breach violates their privacy rights and causes “irreparable injury.” The NPC, in circular no. 20-02 signed on Oct. 6, said that it may issue such orders in the event of violations or threats to…
Category: Legislation
Pennsylvania bill requiring state agencies to notify individuals of breaches within seven day approved
Times Observer reports: The Senate Communications & Technology Committee approved a bill requiring timely public notification when a security breach compromises personal information, according to Senator Dan Laughlin, prime sponsor of the bill. Senate Bill 487 updates the Breach of Personal Information Notification Act to require state agencies victimized by a breach involving personally identifiable…
HIPAA Covered Entities and Business Associates Need an IT Asset Inventory List, OCR Recommends
Joseph J. Lazzarotti and Maya Atrakchi of JacksonLewis write: Last week, in its Cybersecurity Summer Newsletter, the Office of Civil Rights (OCR) published best practices for creating an IT asset inventory list to assist healthcare providers and business associates in understanding where electronic protected health information (ePHI) is located within their organization, and improve HIPAA Security Rule compliance. OCR investigations often…
Ad Industry Opposes FTC’s Proposed Security Regulations For Financial Institutions
Wendy Davis reports: The Federal Trade Commission’s proposed changes to security regulations for financial institutions could also affect a broad swath of non-financial companies — including ad agencies, social networks, lead generators and ad-tech companies — according to the Association of National Advertisers. The organization is urging the FTC to refrain from imposing a slate…
Germany Prepares New Law for Patient Data Protection and Increased Digitalisation in Healthcare and for “Data Donations” for Research Purposes
Dr. Adem Koyuncu and Valerie Mei of Covington & Burling write: On 3 July 2020, the German parliament passed a draft bill (German language) for patient data protection and for more digitalisation in the German healthcare system (Patientendaten-Schutz-Gesetz). The draft bill is currently in the legislative procedure and is expected to enter into force in…
Atlassian says encryption-busting law has damaged Australia’s tech reputation
Asha Barbaschow reports: Atlassian believes Australia’s encryption-busting legislation continues to have a negative impact on the country’s technology sector, both from the perspective of partnering with an Australian company and attracting tech talent down under. “The Act’s passage has significantly degraded the global reputation of the Australian tech sector, as local companies and multinationals alike…