The NAIC’s privacy protections and cybersecurity working groups have continued their building efforts....more
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) appears to have made cybersecurity its New Year’s resolution. The first few weeks of 2025 have already brought with them proposed amendments to...more
1/21/2025
/ Cybersecurity ,
Data Breach ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Security Rule ,
OCR ,
Patient Privacy Rights ,
Risk Assessment
The California Privacy Protection Agency (CPPA), at its board meeting on November 8, 2024, voted 4–1 to advance proposed regulations to a formal rulemaking. As currently drafted, these regulations would, among other things...more
11/11/2024
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Data Protection ,
Personal Information ,
Regulatory Requirements ,
Risk Management ,
State Privacy Laws
Keeping the season spooky for data brokers, the enforcement division of the California Privacy Protection Agency announced on October 30, 2024, that it is conducting a public investigative sweep of data broker registration...more
After years of development work, the National Association of Insurance Commissioners’ Privacy Protections Working Group’s efforts are again caught in a windstorm. ...more
On September 4, the California Privacy Protection Agency issued an enforcement advisory regarding “choice architectures that have the substantial effect of subverting or impairing a consumer’s autonomy, decision-making, or...more
On April 26, the Federal Trade Commission announced its final rule updating the health breach notification rule. According to the FTC, the update seeks to “clarify” the scope of the rule by adding new definitions and revising...more
Employers are gathering more and more data on job applicants and employees. From using artificial intelligence (”AI”) and credit scores for pre-employment screenings, biometrics for clocking-in and out, and digital...more
As the health care industry continues reeling from the recent Change Healthcare ransomware attack that crippled large portions of the U.S. health care system, health care providers are naturally reminded of the importance of...more
3/12/2024
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Personally Identifiable Information ,
Popular
Step right up as we discuss some of 2023’s most notable cybersecurity and privacy regulatory and litigation developments and tips for keeping your program flying high. Regulatory Activity New regulatory requirements now in...more
1/18/2024
/ Class Action ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Employee Benefits ,
Insurance Brokers ,
Investment Adviser ,
NAIC ,
Popular ,
Retirement Plan ,
Securities and Exchange Commission (SEC)
Generative AI has captured the public’s attention and promises to transform the way we live and work. The technology, however, implicates a number of important cybersecurity and privacy considerations for organizations. This...more
In April and May, the NAIC Privacy Protections Working Group held the first three of its biweekly calls to discuss its recipe for a new privacy model, “Insurance Consumer Privacy Protection Model Law #674.” During the...more
On June 6, 2023, Gov. Ron DeSantis signed S.B. 262 into law, adding Florida to the list of states passing new privacy laws this year. While much of S.B. 262 will only impact companies with annual revenues of more than $1...more
Website tracking technologies have become ubiquitous as a means for companies to monitor traffic to their websites and enhance the user experience. Class actions alleging insufficient notice and consent related to those same...more
On February 9, 2022, U.S. Sens. Tammy Baldwin (D-Wis.) and Bill Cassidy (R-La.) introduced the “Health Data Use and Privacy Commission Act.” The bipartisan act, intended to modernize the Health Insurance Portability and...more
On July 7, Colorado joined California and Virginia as the third state to pass comprehensive consumer privacy legislation. All three states have new privacy laws with effective dates in 2023 (though California’s Privacy Rights...more
It’s a hot spring for state privacy legislation. Privacy bills are pending in roughly 20 states, and while Gramm-Leach-Bliley Act (GLBA) exemptions may act as a cool breeze in some, issues remain...more
Florida recently joined a small but growing number of states considering sweeping reforms to their data privacy and protection laws. House bill 969, titled “Consumer Data Privacy,” in many ways mirrors the California Consumer...more
The California Consumer Privacy Act (CCPA) took effect on January 1, 2020, and brought with it a panoply of new legal obligations for many companies doing business with California residents. ...more
6/19/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Office of Administrative Law ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
State and Local Government
COVID-19 has challenged health care providers to change the way they offer services — from shifting to an increasingly remote workforce to diving into telehealth. These adjustments have privacy implications. The following are...more
6/18/2020
/ California Consumer Privacy Act (CCPA) ,
Data Privacy ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
PHI ,
Remote Working ,
Risk Assessment ,
Telecommuting ,
Telehealth
There has been no lack of new guidance regarding health care cybersecurity in recent weeks. But the American Medical Association’s (AMA) newly released “Privacy Principles” is unique in its aim at entities involved in health...more
After a brief hiatus due to COVID-19, the NAIC’s Privacy Working Group returned to work on May 5 discussing comments received on the working group’s markup of the NAIC Insurance Information and Privacy Protection Model Act...more
Last week, the American Medical Association (AMA) and the American Hospital Association (AHA), recognizing the increased cybersecurity threats facing health care providers, issued joint guidance for physicians working from...more
4/23/2020
/ Coronavirus/COVID-19 ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Hackers ,
Health Care Providers ,
Information Governance ,
PHI ,
Phishing Scams ,
Popular ,
Risk Management ,
Vulnerability Assessments
The level of attention that the SEC’s Office of Compliance Inspections and Examinations has been giving to cybersecurity issues can hardly be overstated. ...more
For many people and organizations, COVID-19 caused a rapid transition to remote learning and working; for hackers and other bad actors, it has created new opportunities. Whether by virtue of a remote and distracted workforce,...more