Pursuant to legislation passed in 2021, covered entities and business associates subject to HIPAA and facing potential regulatory enforcement may receive some credit lessening to reduce enforcement penalties if they had implemented Recognized Security Practices (RSPs) within the prior 12 months. However, what may constitute RSPs and how a covered entity or business associate can demonstrate implementation of RSPs to receive such credit had not been clear. Now, the Department of Health and Human Services is seeking to provide clarity. (more…)
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Colleen Theresa Brownhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngColleen Theresa Brown2022-11-02 14:33:512023-09-06 15:45:14HHS Office for Civil Rights Releases Webinar on Recognized Security Practices: Provides Guidance on Mitigating Potential Violations of HIPAA
Recently, several developments have been proposed or announced to help identify and mitigate cyber risk for United States critical infrastructure operators and software in an effort to further bolster the cybersecurity posture of the federal government. (more…)
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/10/MN-18359_Data-Matters_833x606-04-1.jpg607833Alan Charles Raulhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngAlan Charles Raul2022-10-28 11:12:262024-11-15 14:10:29Developments to Improve the Cybersecurity of Federal Government Agencies, Critical Infrastructure
Recently, the U.S. Food and Drug Administration (FDA) published a suite of guidance documents relating to software, automation, and artificial intelligence. One guidance document in particular, addressing clinical decision support (CDS) software, may signal a tightening in FDA’s oversight on software tools with artificial intelligence and machine learning (AI/ML) that could introduce confusion and frustrate innovation in this important, fast-developing area. On October 18, 2022, FDA held a webinar to provide additional clarifications on this final guidance.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Coleen Klasmeierhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngColeen Klasmeier2022-10-26 16:47:292024-11-15 14:14:29One Step Forward, Two Steps Back: FDA’s Final Guidance on Clinical Decision Software Raises More Questions Than Answers
On October 4, 2022, the White House Office of Science and Technology Policy published TheBlueprint for an AI Bill of Rights: Making Automated Systems Work for the American People (the “AI Blueprint”). The AI Blueprint outlines non-binding guidelines for the development and deployment of automated systems and is the culmination of a year-long process of public engagement and deliberation.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Alan Charles Raulhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngAlan Charles Raul2022-10-21 11:36:042023-09-06 15:46:49White House Publishes In-Depth Guidance on the Use of Automated Systems and Recognizes Privacy as Foundational Principle of Framework
The U.S. Treasury Department is seeking public comment on the need and scope for a potential federal insurance response to catastrophic cyber incidents, akin to the one put in place for terrorism insurance after the attacks of September 11, 2001.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Thomas D. Cunninghamhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngThomas D. Cunningham2022-10-20 15:52:202023-09-06 15:47:33U.S. Treasury Department Seeks Public Comment On Potential Federal Cyber Insurance Program
*This article first appeared on Law360 on October 14, 2022
A series of coordinated announcements on Oct. 7 lifted the veil on a new trans-Atlantic data transfer mechanism.
This announcement has been hotly anticipated since a joint declaration from the U.S. and European Union governments on March 25, that there was an agreement in principle for a new EU-U.S. Data Privacy Framework.
The key document in the framework process is Executive Order No. 14086 on enhancing safeguards for U.S. signals intelligence activities, accompanied by a detailed fact sheet on the executive order.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/10/MN-18359_Data-Matters_833x606-10.jpg607834Alan Charles Raulhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngAlan Charles Raul2022-10-14 17:43:162023-09-06 15:48:03U.S.-EU Data Transfer Framework Signals Strengthened Collaboration
On October 5, 2022, a federal jury in the Northern District of California convicted former Uber Chief Security Officer Joseph Sullivan of obstructing a federal proceeding and misprision of a felony for his role in deceiving management and the federal government to cover up a 2016 data breach that exposed personally identifiable information (“PII”) of approximately 57 million users, including approximately 600,000 drivers’ license numbers, of the ride-hailing service. Sullivan, a former federal prosecutor, appears to be the first corporate executive criminally prosecuted—let alone convicted—for his response to a data security incident perpetrated by criminals. Sullivan faces a maximum of five years in prison for the obstruction charge, and a maximum three years in prison for the misprision charge.
On 7 September 2022, the Information Commissioner’s Office (“ICO”) published draft guidance (“Guidance”) on privacy-enhancing technologies (“PETs”). It is hoped that the Guidance will help organizations have the confidence to utilize PETs to develop innovative applications without compromising on privacy concerns, or trust. The Guidance is divided into two sections: (i) how can PETs help with data protection compliance; and (ii) what are PETs. We consider the key learning points from the Guidance below. (more…)
HHS Office for Civil Rights Releases Webinar on Recognized Security Practices: Provides Guidance on Mitigating Potential Violations of HIPAA
Pursuant to legislation passed in 2021, covered entities and business associates subject to HIPAA and facing potential regulatory enforcement may receive some credit lessening to reduce enforcement penalties if they had implemented Recognized Security Practices (RSPs) within the prior 12 months. However, what may constitute RSPs and how a covered entity or business associate can demonstrate implementation of RSPs to receive such credit had not been clear. Now, the Department of Health and Human Services is seeking to provide clarity. (more…)
Colleen Theresa Brown
Washington, D.C.
cbrown@sidley.com
Sasha Hondagneu-Messner
New York
shondagneumessner@sidley.com
Developments to Improve the Cybersecurity of Federal Government Agencies, Critical Infrastructure
Recently, several developments have been proposed or announced to help identify and mitigate cyber risk for United States critical infrastructure operators and software in an effort to further bolster the cybersecurity posture of the federal government. (more…)
Alan Charles Raul
Washington, D.C., New York
araul@sidley.com
Stephen W. McInerney
Chicago
smcinerney@sidley.com
Vishnu Tirumala
Washington, D.C.
vtirumala@sidley.com
One Step Forward, Two Steps Back: FDA’s Final Guidance on Clinical Decision Software Raises More Questions Than Answers
Recently, the U.S. Food and Drug Administration (FDA) published a suite of guidance documents relating to software, automation, and artificial intelligence. One guidance document in particular, addressing clinical decision support (CDS) software, may signal a tightening in FDA’s oversight on software tools with artificial intelligence and machine learning (AI/ML) that could introduce confusion and frustrate innovation in this important, fast-developing area. On October 18, 2022, FDA held a webinar to provide additional clarifications on this final guidance.
Coleen Klasmeier
Jeffrey M. Singer
Jaclyn G. Fonteyne
Washington, D.C.
jaclyn.fonteyne@sidley.com
Yuzhi Hu
White House Publishes In-Depth Guidance on the Use of Automated Systems and Recognizes Privacy as Foundational Principle of Framework
On October 4, 2022, the White House Office of Science and Technology Policy published The Blueprint for an AI Bill of Rights: Making Automated Systems Work for the American People (the “AI Blueprint”). The AI Blueprint outlines non-binding guidelines for the development and deployment of automated systems and is the culmination of a year-long process of public engagement and deliberation.
(more…)
Alan Charles Raul
Washington, D.C., New York
araul@sidley.com
Lauren Kitces
Washington, D.C.
lkitces@sidley.com
Alexandra T. Mushka
Washington, D.C.
amushka@sidley.com
U.S. Treasury Department Seeks Public Comment On Potential Federal Cyber Insurance Program
The U.S. Treasury Department is seeking public comment on the need and scope for a potential federal insurance response to catastrophic cyber incidents, akin to the one put in place for terrorism insurance after the attacks of September 11, 2001.
(more…)
Thomas D. Cunningham
Chicago
tcunningham@sidley.com
Sasha Hondagneu-Messner
New York
shondagneumessner@sidley.com
U.S.-EU Data Transfer Framework Signals Strengthened Collaboration
*This article first appeared on Law360 on October 14, 2022
A series of coordinated announcements on Oct. 7 lifted the veil on a new trans-Atlantic data transfer mechanism.
This announcement has been hotly anticipated since a joint declaration from the U.S. and European Union governments on March 25, that there was an agreement in principle for a new EU-U.S. Data Privacy Framework.
The key document in the framework process is Executive Order No. 14086 on enhancing safeguards for U.S. signals intelligence activities, accompanied by a detailed fact sheet on the executive order.
(more…)
Alan Charles Raul
Washington, D.C., New York
araul@sidley.com
Lauren Kitces
Washington, D.C.
lkitces@sidley.com
Uber Data Breach Results in Corporate Cooperation and Executive Conviction
On October 5, 2022, a federal jury in the Northern District of California convicted former Uber Chief Security Officer Joseph Sullivan of obstructing a federal proceeding and misprision of a felony for his role in deceiving management and the federal government to cover up a 2016 data breach that exposed personally identifiable information (“PII”) of approximately 57 million users, including approximately 600,000 drivers’ license numbers, of the ride-hailing service. Sullivan, a former federal prosecutor, appears to be the first corporate executive criminally prosecuted—let alone convicted—for his response to a data security incident perpetrated by criminals. Sullivan faces a maximum of five years in prison for the obstruction charge, and a maximum three years in prison for the misprision charge.
(more…)
Colleen Theresa Brown
Washington, D.C.
cbrown@sidley.com
Alan Charles Raul
Washington, D.C., New York
araul@sidley.com
Jeffrey T. Green
Sheila A.G. Armbrust
San Francisco
sarmbrust@sidley.com
Alexander J. Kellermann
Connor G. Boehm
ICO Publishes Draft New Guidance on PETs
On 7 September 2022, the Information Commissioner’s Office (“ICO”) published draft guidance (“Guidance”) on privacy-enhancing technologies (“PETs”). It is hoped that the Guidance will help organizations have the confidence to utilize PETs to develop innovative applications without compromising on privacy concerns, or trust. The Guidance is divided into two sections: (i) how can PETs help with data protection compliance; and (ii) what are PETs. We consider the key learning points from the Guidance below. (more…)
William RM Long
London
wlong@sidley.com
Subhalakshmi Kumar
Eleanor Oates
London
eoates@sidley.com
Upcoming Events
Resources
Meet the Team
Kwaku A. Akowuah
kakowuah@sidley.com
Sheila A.G. Armbrust
sarmbrust@sidley.com
Francesca Blythe
fblythe@sidley.com
Colleen Theresa Brown
ctbrown@sidley.com
Thomas D. Cunningham
tcunningham@sidley.com
Sharon R. Flanagan
sflanagan@sidley.com
David A. Gordon
dgordon@sidley.com
Tomoki Ishiara
tishiara@sidley.com
Amy P. Lally
alally@sidley.com
David C. Lashway
dlashway@sidley.com
William RM Long
wlong@sidley.com
Joan M. Loughnane
jloughnane@sidley.com
Geeta Malhotra
gmalhotra@sidley.com
Rollin A. Ransom
rransom@sidley.com
Alan Charles Raul
araul@sidley.com
Jennifer B. Seale
jseale@sidley.com
Yuet Ming Tham
ytham@sidley.com
Jonathan M. Wilan
jwilan@sidley.com
John W. Woods Jr.
jwoods@sidley.com