Disclaimer

This Blog/Web Site ("Blog") does not provide specific legal advice. It is for educational purposes only. Use of the Blog does not create any attorney-client relationship between you and Holland & Knight LLP or the author(s) of any posts. The Blog does not constitute legal advice and is not a substitute for competent legal advice from a licensed attorney in your state. Any links from another site to the Blog are beyond the control of Holland & Knight LLP and do not convey their approval, support or any relationship to any site or organization.

Find News & Knowledge

Cybersecurity and Privacy Topics

Data Breach    COPPA    

    Mobile    Privacy    

Cybersecurity    HIPAA

Incident Response

FTC    Legislation

  

Cybersecurity and Privacy Videos

 
How to Choose the Right
Cybersecurity Firm

Cybersecurity and Privacy
Fast Facts



  

Data Flow Infographic

Data Privacy Day

Cybersecurity and Privacy Blog

Holland & Knight's Cybersecurity and Privacy Blog provides insights and analysis on privacy, information security, and information governance laws.

Showing 1-20 of 148 results
Sort By:
 
Next
A recent HIPAA enforcement action by the HHS Office for Civil Rights makes it clear that delaying or avoiding compliance efforts could result in significant fines.
Read more »
February 13, 2017
|
The Department of Health and Human Services' Office for Civil Rights (OCR), in January 2017, published a cyber newsletter regarding the importance of audit controls with respect to HIPAA compliance.
Read more »
The Department of Health and Human Services recently announced the first HIPAA settlement based on a late breach notice, reinforcing the importance of having a written incident response plan.
Read more »
The effective date for proposed cybersecurity regulation for financial services companies regulated by the New York Department of Financial Services (NYDFS) has been extended to permit regulated entities more time to come into compliance with the new requirements.
Read more »
On Friday, December 2, 2016, the White House Commission on Enhancing National Cybersecurity (the Commission) released its much anticipated report, detailing six major "imperatives," 16 recommendations and 53 action items.
Read more »
December 5, 2016
|
The Department of Defense issued a final rule following-up on the interim rules it issued in 2015 regarding safeguarding contractor networks and purchasing cloud computer services.
Read more »
October 24, 2016
|
Plaintiffs recently filed a putative class action complaint against a NFL team, a mobile app company, and an audio-beacon technology company, citing violations of the Electronic Communications Privacy Act. Plaintiffs contend that the NFL team's mobile app surreptitiously records end-users’ conversations to enable its beacon technologies.
Read more »
October 20, 2016
|
In recent guidance, OCR confirmed a number of positions it has taken informally over the years regarding how HIPAA affects cloud computing arrangements.
Read more »
On September 20, 2016, the U.S. Department of Transportation (DOT) issued its long awaited guidance on autonomous vehicles. At the same time, the National Highway Traffic Safety Administration (NHTSA) sent a Final Notice for Safety Defects and Automated Safety Technologies to the Federal Register, making it clear that safety issues that result from the use of automated technology, as well as cybersecurity, fit under its existing enforcement authorities.
Read more »
September 21, 2016
|
The state and federal banking and financial services sector continues its cybersecurity oversight with two important updates. First, the New York Department of Financial Services (NYDFS) has issued its "first-in-the-nation" cybersecurity regulations and second, the Office of the Comptroller of the Currency (OCC) Bank Supervision Plan lists cybersecurity as a primary objective.
Read more »
The U.S. Department of Health and Human Services (HHS), Centers for Medicare and Medicaid Services (CMS) released a Final Rule entitled "Medicare and Medicaid Programs: Emergency Preparedness Requirements for Medicare and Medicaid Participating Providers and Suppliers." The Final Rule "establishes national emergency preparedness requirements for Medicare- and Medicaid-participating providers and suppliers" and focuses on the need for greater preparedness for both natural and man-made disasters.
Read more »
In its recent blog post The NIST Cybersecurity Framework and the FTC, the Federal Trade Commission (FTC) shed light on how it views the NIST Cybersecurity Framework when evaluating the reasonableness of companies' data security practices. Addressing inquiries as to whether compliance with the Framework meets the FTC's "reasonableness" standard in data security enforcement actions, the FTC emphasized that the Framework is not a standard or checklist and does not include specific requirements or elements. Therefore, the FTC reasoned, there is no such thing as "complying with the Framework" for FTC purposes.
Read more »
On August 5, 2016, the Centers for Medicare & Medicaid Services released a memorandum indicating that survey teams will begin requesting and reviewing nursing home policies and procedures regarding photographing residents in a manner that would demean or humiliate them.
Read more »
The Republic National Committee and Democratic National Committee have both released versions of their 2016 Platform with sections focused on pertinent cybersecurity, data privacy and protection, technology and innovation issues.
Read more »
July 20, 2016
|
On July 12, 2016, the European Commission formally adopted the EU-U.S. Privacy Shield, replacing the former Safe Harbor Framework, as an adequate mechanism for data transfers to the U.S. The Privacy Shield has been hailed as a milestone for privacy and a sign of a smooth transition into the new EU-U.S. data transfer arrangement.
Read more »
Senior Policy Advisor Norma Krayem discusses how the sophistication of the U.S. and international smart grids may increase their vulnerability to cyber attacks.
Read more »
June 30, 2016
|
The White House Cybersecurity "Commission on Enhancing National Security" holds its third meeting today to discuss key IoT issues and research developments.
Read more »
June 21, 2016
|
On June 15, 2016, the House Homeland Security Committee held a hearing on the status of implementation of the new cyber information-sharing law from the vantage point of the private sector.
Read more »
June 20, 2016
|
On June 15, 2016, the U.S. Department of Homeland Security (DHS) and U.S. Department of Justice (DOJ) issued final guidance on implementation of the Cyber Security Information Sharing Act (CISA) which was signed into law in December 2015 as part of the Cyber Security Act of 2015. Among other issues, the guidance documents clarify that liability protections under CISA apply to the sharing of information between private entities (this information may be found in Annex 1 of the non-federal entity guidance).
Read more »
On June 2, 2016, the Office of Inspector General (OIG) of the Securities and Exchange Commission (SEC) issued Report No. 535 highlighting data security risks. In its executive summary, the OIG observed that the SEC stores significant amounts of data that is personally sensitive, has commercial value, or is market-sensitive.
Read more »
Next