News & Analysis as of July 30, 2025

Compliance › Data Breach

+ Follow

Compliance programs typically refer to formalized institutional procedures within corporations and organizations to detect, prevent and respond to indvidual and widespread instances of regulatory violations. In response to many corporate scandals evidencing rampant unethical business practices, many nations, including the United States, began passing strict regulatory frameworks aimed at curbing these abuses. Notable pieces of legislation in this area include the U.S. Foreign Corrupt Practices Act (FCPA), Sarbanes-Oxley (SOX), and the U.K. Bribery Act, to name a few. The foregoing statutes and the severe penalties often associated with them form the basis of many modern institutional compliance programs. less -

EU-wide Breach Notification Template on the Horizon

Alston & Bird on 7/29/2025

Following their recent meeting in Finland, the EU Data Protection Authorities acting through the European Data Protection Board (EDPB) announced their intention to release new tools and ran EU-wide data breach notification...more

5 Challenges in Incident Management (and How to Stay Resilient)

Mitratech Holdings, Inc on 7/22/2025

A single outage can spiral into hours of downtime, frustrated customers, and significant revenue loss across your business....more

Federal Judge in Change Class Actions Juggling 90 Cases, Found ‘Misconduct’ by UnitedHealth

Health Care Compliance Association (HCCA) on 7/18/2025

In the 18 months since the Change Healthcare breach occurred, class action suits—filed by both patients and providers—continue to multiply, with no resolution yet in sight. In fact, in late June, the Minnesota judge presiding...more

Inside the SK Telecom Data Breach: What Happened and What Companies Can Learn

Alston & Bird on 7/17/2025

In April 2025, SK Telecom—South Korea’s largest mobile carrier—formally notified regulators of a significant data breach that compromised sensitive SIM card data belonging to nearly 27 million users. Following an...more

Why Dumping Sensitive Data on Network Shares is a Liability

Robinson+Cole Data Privacy + Security Insider on 6/23/2025

Are you storing sensitive data on a shared network drive? If so, your organization could be at serious risk of a data breach or privacy lawsuit. Shared drives, like the common “S:\ drive,” are often used to store documents,...more

From $5,000 to $800,000: Days Apart, OCR Security Settlements Show Puzzling Math

Health Care Compliance Association (HCCA) on 6/18/2025

A single incident that may have started as a personal vendetta or an extortion threat seven years ago has cost a Florida health care system $800,000, and comes on the heels of an unrelated breach suffered by a different...more

State Data Breach Notification Laws - June 2025

Foley & Lardner LLP on 6/10/2025

While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more

Data Governance: Practical Considerations for a Reasonable Security Program

BakerHostetler on 5/23/2025

Imagine receiving an email from an unknown actor claiming to have taken approximately 2 terabytes of data from your organization’s network. The threat actor provides a file tree and sample files to substantiate its claim....more

6 Overlooked Strategies That Strengthen ISO 22301 Compliance

Mitratech Holdings, Inc on 5/23/2025

When disruption strikes—be it a cyberattack, supply chain failure, or extreme weather—your systems and team’s ability to respond with speed, clarity, and confidence are tested....more

Former OCR Director Fontes Rainer Reflects On ‘Imperfect’ RSP Law, Urges Final Security Reg

Health Care Compliance Association (HCCA) on 5/12/2025

In October, the HHS Office for Civil Rights (OCR) fined Providence Medical Institute (PMI) $240,000, an amount that reflected a 20% discount for having “recognized security practices” (RSPs) in place. But many more covered...more

Adversarial Machine Learning in Focus: Novel Risks, Straightforward Legal Approaches

Ropes & Gray LLP on 5/6/2025

The Artificial Intelligence and Machine Learning (“AI/ML”) risk environment is in flux. One reason is that regulators are shifting from AI safety to AI innovation approaches, as a recent DataPhiles post examined. Another is...more

Florida Bar Passes Pioneering Cybersecurity Recommendation

Baker Botts L.L.P. on 5/5/2025

On March 28, 2025, the Florida Bar unanimously approved Recommendation 25-1, which was proposed by its Cybersecurity & Privacy Law Committee and encourages all Florida Bar members and their firms to adopt certain proactive...more

[Event] Healthcare Privacy Compliance Academy - June 9th - 12th, Pittsburgh, PA

Health Care Compliance Association (HCCA) on 4/22/2025

HCCA's Healthcare Privacy Compliance Academy is a three-and-a-half-day interactive education program with a focus on the vast body of privacy laws and regulations in place to help you protect PHI and other critical data. Our...more

HIPAA Security Risk Analysis – How should regulated entities prepare for the Office for Civil Rights (OCR) Risk Analysis Audit...

Ankura on 4/16/2025

Following the Office for Civil Rights (OCR) recent publication of four settlements as part of a new Risk Analysis Audit Initiative. We explore the current regulatory language for Risk Analysis, the proposed language for Risk...more

UK Government Publishes Cyber Governance Code of Practice for Boards and Directors

Alston & Bird on 4/11/2025

On April 8, 2025, the UK government published the Cyber Code of Practice (the “Code”) to support board directors in governing cybersecurity risks. The Code is available online. The UK’s data protection regulator is actively...more

Axinn Associates at the Spring Meeting: Considerations on Data Privacy and AI Usage for Healthcare Companies

Axinn, Veltrop & Harkrider LLP on 4/10/2025

The February 2024 ransomware attack on Change Healthcare was the largest healthcare data breach in U.S. history. The attack disrupted operations—impacting patient care and provider finances—and potentially exposed the...more

Privacy and Data Security in Community Associations: Navigating Risks and Compliance

Ward and Smith, P.A. on 3/28/2025

For community associations, this is especially important as these organizations often manage large amounts of PII of homeowners and residents (e.g., name, address, phone number, etc.), including certain categories of...more

NY Settles With Insurer on Data Breach Rooted in Security Deficiencies

Cozen O'Connor on 3/28/2025

New York AG Letitia James settled with Root Insurance Company to resolve allegations that the company’s data security deficiencies led to a 2021 data breach involving 72,000 people, in violation of state consumer protection...more

HHS OCR Settles HIPAA Security Rule Investigation with Health Fitness Corporation

Foley Hoag LLP - Security, Privacy and the... on 3/24/2025

On March 21, 2025, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement of HIPAA security rule claims involving Health Fitness Corporation (Health Fitness). Health Fitness...more

Health Fitness, OCR’s Risk Analysis Initiative, and the ERISA Fiduciary Duty to Select Plan Service Providers

Jackson Lewis P.C. on 3/24/2025

On Friday, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced the fifth enforcement action under its Risk Analysis Initiative. In this case, OCR reached a settlement with Health...more

Ninth Circuit Upholds Conviction of Former Uber Security Chief Joseph Sullivan in Connection with 2016 Uber Data Security Breach

Baker Botts L.L.P. on 3/20/2025

On March 13, 2025, a three-judge panel of the U.S. Court of Appeals for the Ninth Circuit unanimously upheld the conviction of former Uber Chief Security Officer Joseph Sullivan. The ruling affirms Sullivan’s 2022 conviction...more

379 Results

View per page

Page: of 16

Compliance › Data Breach

EU-wide Breach Notification Template on the Horizon

5 Challenges in Incident Management (and How to Stay Resilient)

Federal Judge in Change Class Actions Juggling 90 Cases, Found ‘Misconduct’ by UnitedHealth

Inside the SK Telecom Data Breach: What Happened and What Companies Can Learn

Why Dumping Sensitive Data on Network Shares is a Liability

From $5,000 to $800,000: Days Apart, OCR Security Settlements Show Puzzling Math

State Data Breach Notification Laws - June 2025

Data Governance: Practical Considerations for a Reasonable Security Program

6 Overlooked Strategies That Strengthen ISO 22301 Compliance

Former OCR Director Fontes Rainer Reflects On ‘Imperfect’ RSP Law, Urges Final Security Reg

Adversarial Machine Learning in Focus: Novel Risks, Straightforward Legal Approaches

Florida Bar Passes Pioneering Cybersecurity Recommendation

[Event] Healthcare Privacy Compliance Academy - June 9th - 12th, Pittsburgh, PA

HIPAA Security Risk Analysis – How should regulated entities prepare for the Office for Civil Rights (OCR) Risk Analysis Audit...

UK Government Publishes Cyber Governance Code of Practice for Boards and Directors

Axinn Associates at the Spring Meeting: Considerations on Data Privacy and AI Usage for Healthcare Companies

Privacy and Data Security in Community Associations: Navigating Risks and Compliance

NY Settles With Insurer on Data Breach Rooted in Security Deficiencies

HHS OCR Settles HIPAA Security Rule Investigation with Health Fitness Corporation

Health Fitness, OCR’s Risk Analysis Initiative, and the ERISA Fiduciary Duty to Select Plan Service Providers

Ninth Circuit Upholds Conviction of Former Uber Security Chief Joseph Sullivan in Connection with 2016 Uber Data Security Breach

[Webcast Transcript] Discovering Data Quickly in High-Stakes White-Collar Investigations

[Event] Healthcare Privacy Compliance Academy - March 24th - 27th, Chicago, IL

Chile brings its data privacy laws in line with global data privacy standards

HHS Proposal To Strengthen HIPAA Security Rule

Compliance › Data Breach

"My best business intelligence, in one easy email…"