HHS Requests Feedback on HIPAA Changes Designed to Improve Care Coordination

On December 14, 2018, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published in the Federal Register a request for information (RFI) titled “Modifying HIPAA Rules to Improve Coordinated Care.” The RFI seeks public input on a broad range of potential reforms to Health Insurance Portability and Accountability Act (HIPAA) regulations with a focus on enhancing care coordination. Though only a preliminary step on the path to potential regulatory reform, the RFI’s scope is significant, as is the opportunity it affords stakeholders interested in sharing early input as HHS considers reforms to key health information privacy requirements.

Read More

EmailShare

Monetary Authority of Singapore Consults on Cyber Hygiene Notice

*This article was originally published by DataGuidance in October 2018.

On 6 September 2018, the Monetary Authority of Singapore (‘MAS’) issued a consultation paper on its draft notice on cyber hygiene (‘the Notice’) which will require financial institutions operating in Singapore to implement a set of fundamental controls to raise their overall level of cyber resilience. Han Ming Ho and Yuet Ming Tham, partners at Sidley, discuss and focus on the key features of the draft Notice.

Read More

EmailShare

Privacy Legislation Could Provide Common Ground for the Newly Divided Congress

*This article first appeared in the Hill.com on November 19, 2018

With the House having now flipped, policy consensus in Congress is not likely to get any easier. But there is one subject around which countries, companies, consumers and, yes, even Congress is increasingly converging. That issue is privacy. The new privacy zeitgeist follows years of data breaches as well as new concerns about invisible data collection, political micro-targeting and manipulation, the proliferation of internet-connected devices, and a potential lack of transparency in the decisions that machines increasingly make about us.

Read More

EmailShare

EDPB Issues Long-Awaited Guidance on Territorial Scope of the GDPR

On November 23, 2018, the European Data Protection Board (“EDPB”) published draft guidelines seeking to clarify the territorial scope of the GDPR (“Guidelines”).  The Guidelines have been eagerly awaited, particularly by controllers and processors outside of the EU looking for confirmation as to whether or not the EU data protection rules apply to them.  The Guidelines largely reaffirm prior interpretations of the GDPR’s territorial application under Article (3)(1), and offer essential guidance with respect to the GDPR’s – heavily debated – extraterritorial application under Article (3)(2).  The GDPR applies to companies established in the EU as well as companies outside of the EU that are “targeting” individuals in the EU (by offering them products or services) or monitoring their behavior (as far as that behavior takes place in the EU).

The proposed Guidelines are open for public consultation until January 18, 2019.  It remains to be seen whether and how any outstanding issues will have been addressed upon conclusion of the consultation.

Read More

EmailShare

The Fifth Edition of The Privacy, Data Protection and Cybersecurity Law Review is Available

The fifth edition of The Privacy, Data Protection and Cybersecurity Law Review takes a look at the evolving global privacy, data protection and cybersecurity landscape in a time when mega breaches are becoming more common, significant new data protection legislation is coming into effect, and businesses are coming under increased scrutiny from regulators, Boards of Directors and their customers. Several lawyers from Sidley’s global Privacy and Cybersecurity practice have contributed to this publication.

Read More

EmailShare

The Security Token Story: SEC Reveals Act III — Registered Digital Assets — and Reminds Market Actors of Acts I (Investment Vehicles) & II (Secondary Trading)

On November 16, the U.S. Securities and Exchange Commission (SEC) announced its first enforcement actions against issuers of initial coin offerings solely for failing to register the offerings in violation of the federal securities laws since Munchee (i.e., without allegations of fraud). Unlike the Munchee order, these settlements impose penalties against the issuers and require certain undertakings, such as registering the digital assets as securities under the Exchange Act. The same day, the SEC’s Divisions of Corporation Finance, Investment Management and Trading and Markets released a joint statement reiterating the SEC’s lessons from recent enforcement actions related to digital assets.

Read More

EmailShare
1 2 3 62
EmailShare
XSLT Plugin by BMI Calculator