Ransomware is a scary term for many business leaders and CISOs who dread being hit with a malware attack that locks up their data and could shut down operations. They expect to find that oddly-worded ransom note advising how they could recover access to their data, for a sizable fee of course. For a variety
data breach
New York AG Releases Guide for Businesses on Effective Data Security
As noted in a prior post, New York’s Attorney General (“NYAG”) has made enforcement of the New York SHIELD Act an enforcement priority. The SHIELD Act requires organizations handling personal information related to New York residents to maintain reasonable safeguards to protect that information. Maintaining its focus on this area, the NYAG recently released…
Stolen Databases Obtained In Transaction Leads to $400K Settlement with PA and OH Attorneys General
This post deals with another data breach, yes, hackers were able to compromise the organization’s systems and exfiltrate personal information relating to over 45,000 Pennsylvania and Ohio residents. However, there are several important takeaways from this case, including cybersecurity in corporate transactions, data retention and destruction, and incident response planning.
According to the Assurance of…
Top Ten for 2023 – Happy Data Privacy Day!
To celebrate Data Privacy Day, we present our top ten data privacy and cybersecurity predictions for 2023.
1. Healthcare and Medical Data Security and Tracking
The healthcare industry has been facing increased scrutiny for the protection of healthcare information both online and on apps.
2023 will see a significant increase in the number of lawsuits…
Getting Healthcare in 2023 and Beyond…Virtually…and Securely
Much is being written about “remote work” – is it productive, will demand for it continue or be curtailed in a recession, is cybersecurity compromised, does it inhibit workplace culture, collaboration, etc. Lots of questions, few clear answers. The discussion seems largely centered on office workers, professional services providers like me, who generally can perform…
2023 New Year’s Resolution: Don’t Get “Whacked” By A State AG for Cybersecurity Compliance
It usually happens after a reported data breach. The organization experiencing the breach sends notifications to affected individuals, as well as federal and or state agencies where appropriate and perhaps other parties. Not long thereafter, the organization receives an inquiry from one or more government agencies. These inquiries typically seek more information about the breach…
Top 10 Blog Posts for the Workplace Privacy, Data Management & Security Report for 2022
As the year comes to a close here are some of the highlights from the Workplace Privacy, Data Management & Security Report with our Top 10 most popular posts of 2022:
1. California Consumer Privacy Act FAQs: Employment Information
As the California Privacy Rights Act moves toward taking effect and exceptions applying to employment-related data…
Virginia’s Consumer Data Protection Act is not the only Privacy and Data Protection Law in the Commonwealth
On January 1, 2023, Virginia’s Consumer Data Protection Act (CPDA) takes effect. Key features of the CPDA include expansive consumer privacy rights (right to access, right of rectification, right to delete, right to opt-out, right of portability, right against automatic decision making), a broad definition of “personal information”, the inclusion of a “sensitive data” category…
OCR Reminds Healthcare Providers and Their Business Associates – You Need an Incident Response Plan!
We have been quite busy this October, which happens to be National Cybersecurity Awareness Month. But, we did not want to let the month go by without some recognition; and we are grateful to the HHS Office for Civil Rights (OCR) for this always timely reminder for HIPAA covered entities and business associates – have…
New York State Bar Adds Cybersecurity, Privacy, and Data Protection as New CLE Category
On August 17, 2022, New York announced an amendment to the Continuing Legal Education (CLE) Program Rules, which adds a requirement for attorneys to complete at least one CLE credit hour in Cybersecurity, Privacy, and Data Protection as part of fulfilling their CLE requirements.
New York barred attorneys will be required to comply starting July …