NIST requests comments on cybersecurity in the digital economy to inform CENC recommendations

On August 10, 2016, the National Institute of Standards and Technology (“NIST”) issued a notice requesting public comment on the current and future state of cybersecurity in the digital economy.  The Request for Information (“RFI”) will serve to facilitate the work of the Commission on Enhancing National Cybersecurity (“CENC”) in delivering detailed cybersecurity recommendations for the public and private sectors pursuant to Executive Order 13718.  The February 2016 Executive Order created CENC to develop a plan of action for the next decade to strengthen cybersecurity in the public and private sectors and reinforce partnerships between federal, state and local governments and the private sector. The Executive Order directs the Commission and the Secretary of Commerce to work with NIST to carry out its mission.

Read More

SHARE
EmailPrintShare

Advocate Health to Pay Largest Ever HIPAA Settlement; HHS Flags Failure to Conduct Comprehensive, Organization-wide Risk Assessment

On Thursday, August 4, 2016, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced that Advocate Health Care Center (Advocate Health) agreed to pay  $5.55 million to settle multiple violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This is the largest HIPAA settlement to date against a single entity, and according to OCR, is due to the severity of the HIPAA violations and the length of time that those violations were allowed to persist. OCR alleged that in some instances, the purported violations date back to the effective date of the HIPAA Security Rule.

Read More

SHARE
EmailPrintShare

Singapore Parliament to Bring Up Cybersecurity Bill in 2017

The Singapore government has renewed its emphasis on cybersecurity due to the increase in incidents affecting the private and public sectors both domestically and around the world. As a result, Singapore set up its Cyber Security Agency (CSA) on April 1, 2015, to oversee strategy, education, outreach and industry development. On April 11, 2016, Dr. Yaacob Ibrahim, Minister for Communications and Information, announced that the government would develop a Cybersecurity Act (Cybersecurity Bill), which is expected to be tabled in Parliament next year.

Read More

SHARE
EmailPrintShare

Second Circuit Microsoft Ruling: A Please for Congressional Action

*This article originally appeared in Law360 on August 1, 2016.

On July 14, 2016, the U.S. Court of Appeals for the Second Circuit issued a long-awaited decision that — to the surprise of many observers — rejected the government’s construction of the Stored Communications Act and instead embraced a more restrictive view that Microsoft Corp. had advanced, backed by much of the tech industry and many privacy groups. The decision holds that electronic communications that are stored exclusively on foreign servers cannot be reached by U.S. prosecutors under the SCA’s warrant provisions — not even where the warrant is served on a U.S. provider that can access the foreign-stored information, and deliver it to U.S. officials, entirely by using computers and personnel based here in the United States. Microsoft Corp. v. USA, In the Matter of a Warrant to Search a Certain E‐Mail Account Controlled and Maintained by Microsoft Corporation (2d Cir. July 14, 2016)( Docket No. 14‐2985).

Read More

SHARE
EmailPrintShare

HHS Office for Civil Rights Updates Its Website with Guidance on HIPAA Audits and Unique Device Identifiers (UDIs)

HHS-OCR has updated its website with guidance on two important and current issues: ongoing HIPAA audits and deidentification.  After officially launching phase two of its audit program earlier this month, sending notification letters to 167 covered entities, HHS-OCR has posted updated guidance on its website regarding the audits.  Unrelated to the audits, OCR also posted guidance on the treatment of unique device identifiers (UDIs) under HIPAA’s standards for de-identification and limited data sets.

Read More

SHARE
EmailPrintShare

Russia announces new laws requiring telecoms, internet service providers retain personal data and increasing penalties for online hate speech

On July 7, Russian President Vladimir Putin signed a law amending existing anti-terrorism legislation that could affect U.S. telecom and internet service companies operating in Russia.  It will require that telecommunications operators and internet service providers (“ISPs”) retain up to 6 months of data, including personal data and communications content, as well as metadata, for periods up to 3 years.  Further, if any encryption is used to protect the data, the telecommunication or internet service provider must provide the Russian authorities the decryption technology.

Read More

SHARE
EmailPrintShare

Privacy Shield Now Available for Certification

From Monday August 1, 2016, companies will be able to self-certify under the EU-US Privacy Shield (www.privacyshield.gov). The Privacy Shield was adopted on July 12, 2016 and is intended as a replacement to the now invalidated Safe Harbor framework. Companies preparing to self-certify their adherence to the Privacy Shield Principles should carefully review the associated documentation to understand the new requirements and consider carrying out a gap analysis against their existing privacy program. This is particularly important given the potential for increased enforcement action from the US Federal Trade Commission against participating companies that fail to comply with the Principles.

Read More

SHARE
EmailPrintShare
1 2 3 30
SHARE
EmailPrintShare
XSLT Plugin by BMI Calculator