Disclaimer

This Blog/Web Site ("Blog") does not provide specific legal advice. It is for educational purposes only. Use of the Blog does not create any attorney-client relationship between you and Holland & Knight LLP or the author(s) of any posts. The Blog does not constitute legal advice and is not a substitute for competent legal advice from a licensed attorney in your state. Any links from another site to the Blog are beyond the control of Holland & Knight LLP and do not convey their approval, support or any relationship to any site or organization.

Find News & Knowledge

Cybersecurity and Privacy Topics

Data Breach    COPPA    

    Mobile    Privacy    

Cybersecurity    HIPAA

Incident Response

FTC    Legislation

  

Cybersecurity and Privacy Videos

 
How to Choose the Right
Cybersecurity Firm

Cybersecurity and Privacy
Fast Facts


Data Privacy Day

Cybersecurity and Privacy Blog

Holland & Knight's Cybersecurity and Privacy Blog provides insights and analysis on privacy, information security, and information governance laws.

Showing 1-20 of 152 results
Sort By:
 
Next
The Usable Security & Privacy Group at Berkeley has published a website entitled AppCensus which purports to give a privacy health check for Android mobile apps. However, the Washington Post just featured the AppCensus site in a story about (alleged) COPPA non-compliance.
Read more »
July 28, 2017
|
The Department of Health and Human Services’ Office for Civil Rights, on July 25, 2017, announced an updated online tool that can be used to learn about breaches currently under investigation.
Read more »
Last week’s ransomware attack was one of the most widespread attacks we have seen, with (so far) more than 200,000 machines hit across more than 150 countries.
Read more »
On May 11, 2017, President Trump signed the long anticipated Cybersecurity Executive Order (EO), entitled "Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure." The Executive Order is broken down into three sections (1) Cybersecurity of Federal Networks; (2) Cybersecurity of Critical Infrastructure; and (3) Cybersecurity for the Nation.
Read more »
May 12, 2017
|
As the HHS Office for Civil Rights continues to issue press releases about HIPAA settlements and enforcement actions, now is a good time to re-examine HIPAA and data privacy compliance efforts. Healthcare Partner Shannon Salimone discusses three things covered entities and business associates can do to help reduce the chances of coming to the attention of OCR.
Read more »
A recent HHS OCR resolution agreement further emphasizes the importance of conducting risk analyses and addressing them appropriately.
Read more »
A recent HIPAA enforcement action by the HHS Office for Civil Rights makes it clear that delaying or avoiding compliance efforts could result in significant fines.
Read more »
February 13, 2017
|
The Department of Health and Human Services' Office for Civil Rights (OCR), in January 2017, published a cyber newsletter regarding the importance of audit controls with respect to HIPAA compliance.
Read more »
The Department of Health and Human Services recently announced the first HIPAA settlement based on a late breach notice, reinforcing the importance of having a written incident response plan.
Read more »
The effective date for proposed cybersecurity regulation for financial services companies regulated by the New York Department of Financial Services (NYDFS) has been extended to permit regulated entities more time to come into compliance with the new requirements.
Read more »
On Friday, December 2, 2016, the White House Commission on Enhancing National Cybersecurity (the Commission) released its much anticipated report, detailing six major "imperatives," 16 recommendations and 53 action items.
Read more »
December 5, 2016
|
The Department of Defense issued a final rule following-up on the interim rules it issued in 2015 regarding safeguarding contractor networks and purchasing cloud computer services.
Read more »
October 24, 2016
|
Plaintiffs recently filed a putative class action complaint against a NFL team, a mobile app company, and an audio-beacon technology company, citing violations of the Electronic Communications Privacy Act. Plaintiffs contend that the NFL team's mobile app surreptitiously records end-users’ conversations to enable its beacon technologies.
Read more »
October 20, 2016
|
In recent guidance, OCR confirmed a number of positions it has taken informally over the years regarding how HIPAA affects cloud computing arrangements.
Read more »
On September 20, 2016, the U.S. Department of Transportation (DOT) issued its long awaited guidance on autonomous vehicles. At the same time, the National Highway Traffic Safety Administration (NHTSA) sent a Final Notice for Safety Defects and Automated Safety Technologies to the Federal Register, making it clear that safety issues that result from the use of automated technology, as well as cybersecurity, fit under its existing enforcement authorities.
Read more »
September 21, 2016
|
The state and federal banking and financial services sector continues its cybersecurity oversight with two important updates. First, the New York Department of Financial Services (NYDFS) has issued its "first-in-the-nation" cybersecurity regulations and second, the Office of the Comptroller of the Currency (OCC) Bank Supervision Plan lists cybersecurity as a primary objective.
Read more »
The U.S. Department of Health and Human Services (HHS), Centers for Medicare and Medicaid Services (CMS) released a Final Rule entitled "Medicare and Medicaid Programs: Emergency Preparedness Requirements for Medicare and Medicaid Participating Providers and Suppliers." The Final Rule "establishes national emergency preparedness requirements for Medicare- and Medicaid-participating providers and suppliers" and focuses on the need for greater preparedness for both natural and man-made disasters.
Read more »
In its recent blog post The NIST Cybersecurity Framework and the FTC, the Federal Trade Commission (FTC) shed light on how it views the NIST Cybersecurity Framework when evaluating the reasonableness of companies' data security practices. Addressing inquiries as to whether compliance with the Framework meets the FTC's "reasonableness" standard in data security enforcement actions, the FTC emphasized that the Framework is not a standard or checklist and does not include specific requirements or elements. Therefore, the FTC reasoned, there is no such thing as "complying with the Framework" for FTC purposes.
Read more »
On August 5, 2016, the Centers for Medicare & Medicaid Services released a memorandum indicating that survey teams will begin requesting and reviewing nursing home policies and procedures regarding photographing residents in a manner that would demean or humiliate them.
Read more »
The Republic National Committee and Democratic National Committee have both released versions of their 2016 Platform with sections focused on pertinent cybersecurity, data privacy and protection, technology and innovation issues.
Read more »
July 20, 2016
|
Next