Archives: Information Management

Subscribe to Information Management RSS Feed

Companies May Soon Have a New Defense Against Cyber-Attacks

Co-author: Devin Rauchwerger  The Active Cyber Defense Certainty Act is a new bill that is gaining positive bipartisan support and significant interest from business communities, lawmakers and academics. The proposed bill amends the Computer Fraud and Abuse Act which does not provide adequate deterrence for criminal hacking. The new bill is aimed at helping businesses … Continue Reading

At Last, the Final DFS Cybersecurity Regulations….

We wanted to keep you informed on the progress of the DFS cybersecurity regulations, as they complete their journey through the approval process. DFS has been working on the regulations since its 2013-2014 studies on cybersecurity risks to financial institutions. As reported in our article, Getting Prepared for the New York Department of Financial Services’ … Continue Reading

Top 10 for 2017 – Happy Data Privacy Day

In honor of Data Privacy Day, we provide the following “Top 10 for 2017.”  While the list is by no means exhaustive, it does provide some hot topics for organizations to consider in 2017. 1.  Phishing Attacks and Ransomware – Phishing, as the name implies, is the attempt, usually via email, to obtain sensitive or personal … Continue Reading

A New Kind of Employee Badge – Monitoring, Analytics and More

It is not uncommon for employers to assign badges to their employees to grant access to certain locations on the employer’s property and parking garages. Many employees have them, use them, lose them and think little of them. But, badges made by Humanyze are so much more, raising concerns from privacy advocates and others. According … Continue Reading

DFS’ Proposed Cybersecurity Regulation Edges Closer to Becoming Final Following Public Hearing

The New York State Assembly Committee on Banks held a public hearing on December 19, 2016, receiving testimony about both the benefits and challenges of a recently proposed regulation to address the growing threat posed by cyber-attacks on banks, insurance companies and most other entities which are regulated by the Department of Financial Services (DFS). The … Continue Reading

FTC Joins Other Agencies In Warning Organizations About Ransomware

Earlier this month, the Federal Trade Commission (FTC) blogged about How to defend against ransomware, and published Ransomware – A Closer Look in the “Tips and Advice” section of its website. This follows warnings from other federal agencies and law enforcement concerning this serious online threat to organizations, such as Dept. of Health and Human … Continue Reading

Cyber Security Awareness Needs To Last Beyond October

The U.S. Department of Homeland Security (DHS) has designed October as National Cyber Security Awareness Month. But as we leave October, remember that data security is an ongoing challenge that requires continued vigilance not just from information system hacking, but also from employee error and other threats. Setting up a comprehensive training and awareness program is … Continue Reading

HHS Issues Cloud Computing Guidance Which Is Helpful To All Users of Cloud Services

Last week, the Department of Health and Human Services’ Office for Civil Rights (OCR) provided guidance for HIPAA covered entities and business associates that use or want to use cloud computing services involving protected health information (PHI). Covered entities and business associates seeking cloud services often have many concerns regarding HIPAA compliance, and this guidance … Continue Reading

New York State Proposes Cybersecurity Regulation Impacting Banks, Insurance Companies & Other Financial Services Institutions

New York Governor Andrew M. Cuomo announced yesterday a new proposed regulation to address the growing threat posed by cyber-attacks. According to the State’s press release, the proposed regulation, which is subject to a 45-day notice and public comment period before final issuance, “aims to protect consumer data and financial systems from terrorist organizations and other … Continue Reading

Colorado Law Grants Employees Right to Access Personnel Files

Beginning January 1, 2017, employees in Colorado will now have a right to inspect and copy their personnel files.  Prior to this law, Colorado had no law granting private-sector employees access to their personnel records. Under the new law, upon a current employee’s request, an employer must allow that employee to inspect and obtain a copy … Continue Reading

5 Practice Tips for Law Firms as Data Breach Spotlight Swings Their Way

While data breach incidents affecting the entertainment, retail, healthcare, and financial industries have garnered more attention in past years, the data breach spotlight recently shifted to law firms. This shift was triggered by media coverage of the breach and leak of the Panama Papers, and by reports that, in 2015, hackers breached the networks of … Continue Reading

Nebraska Amends Data Breach Notification Law

On April 13, 2016, Nebraska’s breach notification statute was amended when Governor Pete Ricketts signed LB835 into law.  The Amendment included a variety of changes, including a regulator notification requirement and broadens the definition of “personal information” in the state data breach notification statute, Neb. Rev. Stat. §87-802 – 87-804. These amendments become effective on … Continue Reading

Employers Beware of Phishing Scams

On April 20, 2016, a class action lawsuit was filed in the United States District Court, Southern District of California against Sprouts Farmers Market, Inc. The lawsuit was initiated by a former employee whose W-2 was allegedly disclosed as part of a phishing scam that occurred in late March 2016 amid reports that Sprouts’ employees … Continue Reading

Tennessee Amends Breach Notification Statute

On March 24, 2016, Tennessee’s breach notification statute was amended when Governor Bill Haslam signed into law S.B. 2005. Under the amendment, notification of a data breach must now be provided to any affected Tennessee resident within 45-days after discovery of the breach (absent a delay request from law enforcement).  Previously, and like the vast majority of … Continue Reading

Check Your Spam Filter, You Might Have Been Selected for a HIPAA Audit!

Yesterday, the federal Office for Civil Rights (OCR) announced Phase 2 of its HIPAA Audit Program (Program). In its announcement, the OCR reports that the Program is underway and provides some helpful FAQs for covered entities and business associates about the Program. Preparation is critical and there are some key points covered entities and business … Continue Reading

Should We Train Our Employees About Good Data Privacy and Security Practices?

Yes! It is the law in more places and circumstances than you suspect. Check out our report to learn more, including suggestions for setting up a training program. Late last year, The Wall Street Journal reported on a survey by the Association of Corporate Counsel (“ACC”) that found “employee error” is the most common reason for a … Continue Reading

The Inexplicit Requirement and Definitive Necessity for Employers to Implement Privacy Policies

In the face of seemingly daily news reports of company data breaches and the mounting legislative concern and efforts on both the state and federal level to enact laws safeguarding personal information maintained by companies, employers should be questioning whether they should implement privacy policies to address the protection of personal information they maintain on … Continue Reading

Internet of Things Bill Introduced

Recognizing the growing number of connected and interconnected devices, a bipartisan group of Senators recently introduced a bill which would convene a working group of Federal stakeholders to provide recommendations to Congress on how to appropriately plan for and encourage the proliferation of the Internet of Things (IoT). The Developing Innovation and Growing the Internet of … Continue Reading

Dwolla Fined $100,000 by CFPB in First Data Security Enforcement Action

The Consumer Financial Protection Bureau (“CFPB”) gave the fintech online payment sector a “wake up call” with an enforcement action against a Des Moines start up digital payment provider, Dwolla, Inc. (“Dwolla”). The CFPB alleged that Dwolla misrepresented how it was protecting consumers’ data. Dwolla entered into a Consent Order to settle the CFPB charges … Continue Reading

Use Of Personal Cloud-Based Document Accounts Requires New Strategies By Employers

Whether Google Docs, Dropbox, or some other file sharing system, employees, especially millennials and other digital natives, are increasingly likely to set up personal cloud-based document sharing and storage accounts for work purposes, usually with well-meaning intentions, such as convenience and flexibility. Sometimes this is done with explicit company approval, sometimes it is done with … Continue Reading

European Commission Unveils EU-U.S. Privacy Shield (Update)

Earlier today, the European Commission (the Commission) issued a draft “adequacy decision” as well as the texts that will constitute the EU-U.S. Privacy Shield (the Privacy Shield). This includes the Privacy Shield Principles companies have to abide by, as well as written commitments by the U.S. Government on the enforcement of the arrangement, including assurance … Continue Reading

President Seeks $19 Billion and Creates a Commission to Address Cybersecurity

President Barack Obama requested $19 billion in his budget for 2017 to address cybersecurity in the United States, $5 billion more than was budgeted for the current year. Today, he issued an Executive Order that will create a commission within the Department of Commerce to be known as the “Commission on Enhancing National Cybersecurity.” So, … Continue Reading
LexBlog