On the eve of Data Privacy Day, the California Attorney General announced a new investigative focus for compliance with the California Consumer Privacy Act (CCPA) on mobile applications, specifically popular apps in the retail, travel, and food service industries. The Attorney General sent letters to businesses with mobile applications that have allegedly failed to
mobile device
NSA Releases Helpful Guidance for Limiting Location Data Exposure
The National Security Agency (NSA) recently released helpful guidance on how to effectively limit location data exposure for its staffers, which also can be helpful information for the general public. Businesses likely will have different perspectives about location data than the NSA, which is trying to protect its staffers and its vital national security missions.…
OCR Recognizes Insider Threats to HIPAA PHI, You Should Too
As we have observed here, news reports of security risks, hackings and breaches caused by individuals, terror groups or even countries around the world certainly are important and can be unsettling. But, for many organizations, including healthcare providers and business associates, a significant and perhaps more immediate area of data risk is malicious insiders.…
Cost and Benefit Analysis of Bring Your Own Device Programs
An increasing number of companies have adopted Bring Your Own Device (“BYOD”) programs. Under a BYOD program, companies permit employees to connect their personal devices (e.g. laptops, smartphones, and tablets) to the company’s networks and systems to complete work-related duties. In contrast, under Corporate Owned Personally Enabled (“COPE”) programs, companies purchase and provide devices and…
NIST Publishes Guide to Secure an Organization’s Mobile Devices
Just last month, the National Cybersecurity Center of Excellence (NCCoE), a part of the National Institute of Standards and Technology (NIST), published guidance for public and private companies to protect mobile devices and help prevent data breaches. The publication, titled “Mobile Device Security: Cloud and Hybrid Build,” is a how to guide for…
Health Apps: Convenience vs. Security Risks
The pace of innovation in healthcare today has produced an amazing increase in the number of available mobile apps for health-related information. More than 300,000 healthcare apps are available online. These apps are developed and designed to fit within the “connected health model” which attempts to provide flexible and efficient healthcare services by using connected…
$3.2M Fine for Failure to Protect Electronic Records
The Department of Health and Human Services Office of Civil Rights (“OCR”) fined a Texas hospital $3.2 million for its impermissible disclosure of unsecured electronic protected health information (ePHI) and non-compliance over many years with multiple standards of the HIPAA Security Rule.
Children’s Medical Center of Dallas filed breach reports with OCR in 2010 and…
The Bring Your Own Device (BYOD) Movement
Numerous companies are considering, or already transitioned to, a "bring your own device" (BYOD) model. Under a BYOD program, employees are permitted to connect their own personal devices (iPhone, iPad, Blackberry, PDA, etc.) to the employer’s networks and systems to complete job duties either in the office or working remotely. While a BYOD program has numerous benefits…
Privacy on the Go: California’s Recommendations for Mobile Device/App Privacy and Security
In 2012, California took significant steps to increase privacy protections for users of mobile applications (apps) which involved working with companies such as Amazon, Apple, Facebook, Google, Hewlett-Packard, and Microsoft. In July 2012, the Attorney General created the Privacy Enforcement and Protection Unit, with the mission of protecting the inalienable right to privacy conferred by the…