Data Security

Subscribe to Data Security via RSS

Government contractors have a wide range of unique challenges (find out more about these here), not the least of which is data security. A good example is the interim rule the Department of Defense (DoD) issued last month that implements sections of the National Defense Authorization Act for Fiscal Years 2013 and 2015.

On September 2, the Office for Civil Rights (OCR) reported that it agreed to settle potential violations of the HIPAA privacy and security regulations with Cancer Care Group, Inc. The dollar amount of the settlement, $750,000, is significant, and the agreement to adopt a robust, multi-year corrective action plan under the watchful eye of the

When an employer is responding to a breach of their employees’ personal information, one of the last things they may think about is whether the value of the credit monitoring or other identity protection services they make available to affected employees should be considered taxable to the employees and reported as such. In Announcement 2015-22

When businesses set out to safeguard “personal information,” a fundamental consideration is what that term means. Likewise, when negotiating a third-party vendor agreement, it typically is not enough to rely on the standard definition for “confidential information.” Recently, Nevada and other states have updated their definitions of personal information in connection data breaches notification and

The saying – never let them see you sweat – soon may be more difficult to accomplish with Microsoft’s Hololens. Like Google Glass, the Hololens is worn as a headset. But this device has a “plurality” of sensors that gather a range of biometrics parameters (heart rate, perspiration, etc.) which determine along with other

In June, Connecticut’s governor signed into law Senate Bill 949 which amended the State’s breach notification statute. The requirement that covered businesses must provide one year of identity theft protection services for certain breaches, easily the most popular aspect of the legislation, may have diverted attention from some significant aspects of this new law.

UPDATE:  The Federal Communications Commission (FCC) has reached a settlement with two telecom companies in connection with allegations the telecom companies violated the law regarding the privacy of phone customers’ personal information.

As we previously reported and discussed, in October 2014 the FCC initiated its first data security case against TerraCom, Inc. and

In the wake of recent, large-scale data breaches, one being the breach at the Office of Personnel Management (OPM) affecting millions of federal employees, a number of bills have been battling their way through Congress to address breach notification and data security requirements at the federal level. There has been an ongoing pattern for years

Senate Bill 949 is now law in Connecticut, after being signed by Governor Malloy on June 11. As we reported, this law amends the state’s current breach notification mandate to require that for breaches of certain personal information covered business must provide one year of free identity-theft protection for affected persons. So, beginning October

Following a string of states across the country that have strengthened their data breach notification laws in recent months, Connecticut is about to amend its law to require, among other things, that businesses provide one year of identity-theft protection for persons affected by the breach. Many businesses already extend such services to breach victims, but,