As we’ve discussed previously, medical identity information is worth more than ten (10) times that of financial information on the black market. This gives hackers a financial incentive to obtain such information that is maintained not only by medical providers and pharmacies but also by employers who provide medical insurance coverage to their employees. Employers
FCC Issues First Data Security Fine
On October 24, 2014, the Federal Communications Commission (FCC) announced its intention to fine two telecom companies $10 million for several violations of laws protecting the privacy of phone customers’ personal information. This marks the FCC’s first data security case and the largest privacy action in the FCC’s history.
According to the FCC, TerraCom, Inc.
NY Department of Financial Services Proposes Virtual Currency Rule
The New York Department of Financial Services recently published proposed regulations which would require virtual currency businesses operating in New York State to safeguard data and protect customer privacy.
Notably, the proposed regulations include requirements for virtual currency business to maintain cyber security programs and business continuity and disaster recovery plans.
Virtual currencies under the
Florida Legislature Seeks to Overhaul Existing Data Security Law
On the heels of recent nationwide data breaches of consumer personal information, the Florida State Senate has proposed SB 1524, which if adopted will become effective on July 1, 2014, to revamp and replace existing state data security law and, in particular, impose a statutory requirement to safeguard personal information, reporting a breach to
Top 14 for 2014
In honor of National Data Privacy Day, we provide the following “Top 14 for 2014.” While the list is by no means exhaustive, it does provide critical areas businesses will need to consider in 2014.
- Location Based Tracking. As the utilization of GPS enable devices becomes more and more prevalent, employers are often faced
CMS Seeks Emergency Review and Approval of its One-Hour Breach Notification Rule for Exchanges
Today, the Centers for Medicare and Medicaid Services (CMS) requested an "emergency review" of its recently proposed rule that "[Federally-facilitated Exchanges or FFEs], non-Exchange entities associated with FFEs, and State Exchanges must report all privacy and security incidents and breaches to HHS within one hour of discovering the incident or breach."
Check Out Our Webinar Addressing the HIPAA, HITECH Omnibus Regulations
Click on the link in this post for high-level compliance roadmap concerning the Omnibus Privacy Rule under HIPAA and HITECH for covered plans, providers and business associates.
Continue Reading Check Out Our Webinar Addressing the HIPAA, HITECH Omnibus Regulations
Thinking About Cyber, Data Breach Insurance? Have You Assessed Your Needs/Risks?
It seems more companies are considering whether to purchase or enhance their cyber or data breach insurance coverage. In recent years, these offerings have expanded giving businesses more choice, and perhaps so has the need for such coverage given the explosion of access to and transmission of confidential data. What is interesting about this development is the different
Wellpoint pays $1.7 Million to Settle Potential HIPAA Violations
Breach involving software upgrade to online application system leads to allegations of HIPAA privacy and security failures, and a $1.7 million settlement payment to HHS.
Continue Reading Wellpoint pays $1.7 Million to Settle Potential HIPAA Violations
Texas Amends the Effects of its Data Breach Law on Out-of-State Residents
Texas amends its data breach notification statute and the law’s effects on persons out of state.
Continue Reading Texas Amends the Effects of its Data Breach Law on Out-of-State Residents