Ask any chief information security officer (CISO), cyber underwriter or risk manager, or cybersecurity attorney about what controls are critical for protecting an organization’s information systems, you’ll likely find multifactor authentication (MFA) at or near the top of every list. Government agencies responsible for helping to protect the U.S. and its information systems and assets
Patient’s Request for Records Uncovers Dental Practice’s Ransomware Attack, Leading to $350K Settlement
The Indiana Attorney General Office (OAG) filed a detailed complaint on December 23, 2024 (Complaint) which arose out of the following patient complaint:
The OAG received a consumer complaint stating that the consumer had contacted Arlington Westend Dental on multiple occasions to receive copies of their x-rays, but Arlington Westend Dental stated it no longer
What is Automated Decisionmaking Technology (ADMT) under CCPA proposed regulations?
On November 8, 2024, the California Privacy Protection Agency (CPPA) voted to advance proposed regulations concerning automated decisionmaking technology. While the comment period is ongoing and we do not have final rules, we are taking a look at some key provisions to help businesses begin to assess the potential effects of these rules if made
New York Enacts Immediate Updates to Breach Notification Law
Governor Kathy Hochul signed several bills last month designed to strengthen protections for the personal data of consumers. One of those bills (S2659B) makes important changes to the notification timing requirements under the Empire State’s breach notification law, Section 899-aa of the New York General Business Law. The bill was effective immediately
OCR Proposed Tighter Security Rules for HIPAA Regulated Entities, including Business Associates and Group Health Plans
As the healthcare sector continues to be a top target for cyber criminals, the Office for Civil Rights (OCR) issued proposed updates to the HIPAA Security Rule (scheduled to be published in the Federal Register January 6). It looks like substantial changes are in store for covered entities and business associates alike, including healthcare providers
2024 Wrap-Up of the Workplace Privacy, Data Management & Security Report
As the year comes to a close here are some of the highlights from the Workplace Privacy, Data Management & Security Report with our most popular topics and posts from 2024.
Expanding State Privacy Laws
This year saw a further expansion of state comprehensive consumer data privacy laws. These legislative measures aim to enhance the
Privacy Blizzard Expected in January as Five State Laws Take Effect
Around the country, the weather is turning wintery, but in the privacy arena, there will be a blizzard as five state comprehensive privacy laws become effective.
Here is an overview of businesses needing to prepare.
1. Delaware Personal Data Privacy Act (DPDPA)
The DPDPA takes effect on January 1, 2025. It applies to entities doing
Florida Healthcare Provider Faces $1.19M HIPAA Penalty Following Independent Contractor Breach
A healthcare provider delivering pain management services in Florida and other states faces a $1.19 million civil monetary penalty from the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR). The OCR investigation stems from a data breach, but not the type of breach we are used to seeing in
Tips for Vacation Rental, Property Mgmt. Businesses Facing Vendor Cybersecurity Risk
No organization can eliminate data breach risks altogether, regardless of industry, size, or even if the organization has taken significant steps to safeguard their systems and train employees to avoid phishing attacks. Perhaps the most significant reason these risks remain: third-party service providers or vendors.
For most businesses, particularly small to medium-sized businesses, service providers
Litigation Under Wiretap Law and What Website Owners Need to Know
Massachusetts’ highest court recently issued an opinion that delves into the complex intersection of privacy law and modern technology. The case centers around whether the collection and transmission of users’ web browsing activities to third parties without their consent constitutes a violation of the Massachusetts Wiretap Act.
However, the claim is not unique to Massachusetts.