assessment

Virginia Becomes 2nd State to Enact a Comprehensive Consumer Privacy Law

By Joseph J. Lazzarotti, Jason C. Gavejian & Maya Atrakchi on March 3, 2021

Posted in California Consumer Privacy Act, Consumer Privacy, Data Security, Identity Theft, Information Risk, Monitoring, Online Privacy, Photos, Videos and Surveillance, Third Party Service Providers, Written Information Security Program

On Tuesday, March 2^nd, Virginia Governor Ralph Northam signed into law the Consumer Data Protection Act (CDPA), officially joining California as the second state with a comprehensive consumer privacy law, intended to enhance privacy rights and consumer protection for state residents. We provide an in-depth analysis of the CDPA here, along with…

ACC Launches Data Steward Program: An Approach to Assessing Law Firm Data Security

By Joseph J. Lazzarotti & Maya Atrakchi on January 21, 2021

Posted in Data Breach Notification, Data Security, Incident Response Planning, Information Management, Information Risk, Third Party Service Providers, Written Information Security Program

On December 8^th, the Association of Corporate Counsel (ACC), which represents over 45,000 in-house counsel across 85 countries, announced the launch of its Data Steward Program (DSP) to help organizations and their law firms assess and share information about information security relating to client data. The DSP is two years in the making,…

ONC and OCR Update HIPAA Security Risk Assessment Tool for National Cyber Security Awareness Month

By Valerie K. Jackson, Joseph J. Lazzarotti & Jason C. Gavejian on October 30, 2018

Posted in Data Security, Health Information Technology, HIPAA, Information Risk, Uncategorized

October 2018 marks the 15^th annual National Cyber Security Awareness Month. In honor of this occasion, the Office of the National Coordinator for Health Information Technology (ONC) and the HHS Office for Civil Rights (OCR) have jointly launched an updated HIPAA Security Risk Assessment (SRA) Tool to help covered entities and business associates…

Hurricane Florence – Another Reminder to Develop a Disaster Recovery Plan

By Joseph J. Lazzarotti on September 13, 2018

Posted in Data Security, Information Management, Information Risk, Written Information Security Program

As with prior hurricanes, Florence is a reminder to all organizations of the importance of disaster recovery planning. When a storm approaches, a business’s first concern is protecting its employees/customers, and then its physical property. However, we shouldn’t forget that a natural disaster can also destroy information and technology assets critical to its success and…

Lenovo-FTC Consent Order Calls For 20-Year Monitoring Period

By Jeffrey M. Schlossberg on September 27, 2017

Posted in Consumer Privacy, Data Security, Written Information Security Program

Laptop-maker Lenovo (United States), Inc. agreed to a no-fault settlement with the Federal Trade Commission and 32 states over allegations that it installed ad software that compromised customers’ web security and invaded users’ privacy.

As part of the Consent Order, Lenovo agreed that it would:

Not misrepresent any feature of installed software related to consumer

…

Report Says Russian Hackers Stole 1.2 Billion Usernames and Passwords, But Don’t Let “Breach Fatigue” Take Hold

By Joseph J. Lazzarotti on August 7, 2014

Posted in Data Security, Identity Theft, Information Management, Information Risk, Written Information Security Program

In what is believed to be the largest security breach to date, the Associated Press reported that Russian hackers have stolen 1.2 billion user names and passwords. According to the AP, Milwaukee security firm, Hold Security, learned of the breach, but has yet to provide details about the series of website hackings believed to have…

Workplace Privacy, Data Management & Security Report