With 2017 having drawn to a close, it is once again time for HIPAA covered entities to complete their annual breach reporting obligations to the U.S. Department of Health & Human Services Office for Civil Rights (“OCR”). Whereas covered entities … Continue Reading
On October 18, 2017, the Consumer Financial Protection Bureau (CFPB) issued a set of Consumer Protection Principles regarding the sharing and aggregation of consumers’ financial data. The timing of the announcement in light of last month’s disclosure of the Equifax … Continue Reading
“A significant data breach is likely to cost the company materially, and costs could drag on for a number of years,” analyst Shlomo Rosenbaum, commenting on the Equifax breach.
Organizations increasingly rely on third-party service providers for data collection, processing, … Continue Reading
Privacy professionals have long lamented the myriad of approaches each state takes when it comes to data breach notification requirements. According to the National Conference of State Legislatures, 48 states, the District of Columbia, Guam, Puerto Rico and the Virgin … Continue Reading
State attorneys general play an active role in data privacy and security matters. Their involvement is increasing as they grapple with changing technologies and threats, rapidly evolving state laws and their relatively broad consumer protection authority to engage private sector … Continue Reading
Yesterday the Federal Communications Commission (FCC) revealed its revamped broadband privacy regulations. In March, the FCC initially proposed privacy rules which were highly criticized by everyone from the Federal Trade Commission (FTC) to small business owners. The new rules … Continue Reading
This April 13, the Article 29 Working Party (WP 29, which includes the EU national data protection authorities) expressed its concerns regarding the Privacy Shield during a press conference. The WP 29 will publish its detailed written position at … Continue Reading
In 2015, a number of high-profile media and political events and several legal cases raised questions about personal data protection in the European Union. 2016 looks to be a pivotal year for reforms in personal data protection, including issues related … Continue Reading
On December 15, the EU Commission, Parliament and the EU Council reached an agreement, via the “trilogue” meetings on EU data protection reform. The reform consists of two legal instruments:
- The General Data Protection Regulation (GDPR)
- The Data Protection Directive
Recently, Republican attorneys general from across the nation gathered in Scottsdale, Arizona, for their association’s annual fall conference. The purpose of the conference was to discuss a variety of issues facing the state attorneys general and businesses in their states. … Continue Reading
As part of a growing trend in state legislatures across the country, the Florida Information Protection Act of 2014 (FIPA), § 501.171, expanded the requirements on covered entities that acquire, maintain, store or use personal information of Floridians. Effective … Continue Reading
The Article 29 Working Party has recently adopted an Opinion, providing good practice guidance for data controllers on when to notify data subjects of a personal data breach.
Notification of data breaches to data protection authorities is already a … Continue Reading