Can Any Data Breach Investigation Report Deserve Protection? Part II
Last week’s Privilege Point described a data breach victim’s latest losing effort to claim privilege protection for its consultant’s investigation report. Leonard v. McMenamins Inc., Case No....
View ArticleDon’t Forget: It’s Time to Notify the FTC of Your Data Breach
This summer, the Federal Trade Commission (“FTC”) will once again tighten the belt on entities that offer financial products and services when another round of amendments to the Gramm-Leach-Bliley...
View ArticleCan Any Data Breach Investigation Report Deserve Protection? Part III
The last two Privilege Points have described yet another losing effort to protect a data breach investigation and related communications. In Leonard v. McMenamins Inc., Case No. C22-0094-KKE, 2023 U.S....
View ArticleOCR Continues Holding Healthcare Entities Accountable for Protected Health...
On Feb. 6, 2024, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) announced a $4.75 million settlement with New York non-profit health system Montefiore Medical...
View ArticleNavigating Cybersecurity and Data Privacy Regulations in the Insurance Industry
For over 100 years, the National Association of Insurance Commissioners (NAIC) has been developing model legislation to encourage uniformity among states for the regulation of insurance products. The...
View ArticleOunce of Prevention: Is It Time to Perform a Security Risk Assessment?
Applicable Provider Types: All Is Your Entity in Compliance? The Health Insurance Portability and Accountability Act of 1996, as modified by the Health Information Technology for Economic and Clinical...
View ArticleOunce of Prevention: Do You Have Business Associate Agreements With Every...
Applicable Provider Types: All Is Your Entity in Compliance? The Health Insurance Portability and Accountability Act of 1996, as modified by the Health Information Technology for Economic and Clinical...
View ArticleTakeaways for Nonprofit Healthcare Systems From SEC Cybersecurity Disclosure...
When dealing with a cybersecurity incident response, nonprofit healthcare systems have different constituents to consider. Patients and staff who risk having personal information exposed or procedures...
View ArticleDoD Issues Final CMMC Framework for Defense Contractors
After a nearly five-year rulemaking process, the U.S. Department of Defense (DoD) published the Final Cybersecurity Maturity Model Certification 2.0 (CMMC) program rule in the Federal Register on Oct....
View ArticleSEC Settles Charges for Alleged Misleading Disclosures, Shedding Light on...
On Oct. 22, 2024, the Securities and Exchange Commission (SEC) announced settled charges against four current and former public companies, Unisys, Avaya Holdings, Check Point Software Technologies and...
View Article