Category

Cybersecurity

25 April 2014

OCR Levies Nearly $2 Million in HIPAA Fines for Stolen Unencrypted Laptops

On Tuesday, April 22, 2014, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) announced that Concentra Health Services Inc. (“CHS”) and QCA Health Plan Inc. (“QCA”) have agreed to pay a total of $1,975,220, collectively, to resolve potential violations of the Health Insurance Portability and Accountability Act (“HIPAA”) Privacy and Security Rules stemming from the theft of unencrypted laptops. Specifically, CHS has agreed to pay $1,725,220, and QCA has agreed to pay $250,000, to OCR to settle potential HIPAA violations and will adopt corrective action plans to evidence their remediation of the potential violations. The clear message from both settlements is that OCR expects covered entities to encrypt mobile devices that store electronic Protected Health Information (“ePHI”).

(more…)

EmailShare
24 April 2014

Cybersecurity Developments: SEC, FINRA, NIST, DOJ/FTC

SEC Launches Cybersecurity Examination Initiative – Promoting Cyber Preparedness

On April 15, 2014 the Securities and Exchange Commission (SEC) Office of Compliance Inspections and Examinations (OCIE) released a Risk Alert announcing that the agency will be examining 50 registered broker-dealers and investment advisers in order to assess cybersecurity preparedness in the securities industry.1 The announcement was accompanied by a sample request for information and documents. According to OCIE, the examinations will focus on “cybersecurity governance, identification and assessment of cybersecurity risks, protection of networks and information, risks associated with remote customer access and funds transfer requests, risks associated with vendors and other third parties, detection of unauthorized activity, and experiences with certain cybersecurity threats.”

(more…)

EmailShare
20 February 2014

Broker-Dealers Need to Respond to Recent Focus on Cybersecurity Threats

Recent data breaches at retailers like Target have increased awareness about growing cybersecurity threats. Broker-dealers in particular need to reevaluate their own cybersecurity preparedness in light of several recent events:

  1. FINRA’s launch of a cybersecurity sweep, publicly announced on the FINRA website on February 6, 2014;
  2. The inclusion of cybersecurity as a priority in the SEC’s National Examination Program for 2014 and FINRA’s 2014 Annual Regulatory and Examination Priorities Letter;
  3. The White House’s February 12, 2014 release of the much-anticipated Framework for Improving Critical Infrastructure Cybersecurity; and
  4. An upcoming SEC public roundtable on cybersecurity issues, to be held in Washington, DC on March 26, 2014.

(more…)

EmailShare
13 February 2014

White House Releases NIST Cybersecurity Framework

On February 12, the White House released the widely anticipated Framework for Improving Critical Infrastructure Cybersecurity (“the Framework”). Developed pursuant to Executive Order 13636 (issued in February 2013), the Framework strongly encourages companies across the financial, communications, chemical, transportation, healthcare, energy, water, defense, food, agriculture, and other critical infrastructure sectors to implement and comply with its voluntary standards. The provisions set forth in the Framework may establish a new baseline for industry standard practices, and may impact or guide FTC enforcement actions and plaintiff data breach lawsuits.

(more…)

EmailShare
30 December 2013

Heads Up for Privacy, Data Protection and Cybersecurity in 2014

The new year will ring in significant privacy, data protection and cybersecurity changes in the U.S., Europe, Asia and elsewhere around the world. Below are some key developments and possible concrete action items for General Counsels, Chief Privacy Officers and Chief Information Officers:

(more…)

EmailShare
13 November 2003

Privacy and Data Protection Alert

This client alert describes legislation which Congress is considering introducing to require all publicly traded companies in the United States to certify to the SEC their compliance with minimum computer security standards. Prior to the introduction of the legislation within the next three months, Congress is soliciting comments and alternative proposals from the business community. The business community has been put on notice, however, that even if it formulates a strong alternative, legislation may still be required, if only to codify industry’s ideas.

View Alert

EmailShare
22 October 2003

California’s Office of Privacy Protection Issues – Recommendations on Notification of Security Breaches Involving Personal Information

The recent release of new guidelines on responding to computer security breaches offer important guidance for all companies with valuable electronic information. On October 10, 2003, the Office of Privacy Protection within the State of California’s Department of Consumer Affairs issued its “Recommended Practices on Notification of Security Breach Involving Personal Information.” The Office of Privacy Protection is tasked with recommending policies and practices that protect California consumers’ privacy.

View Alert

EmailShare
XSLT Plugin by BMI Calculator