Trends in Data Breach Notification Law: Attorney General Requirements

In our final installment of data breach notification law trends, we’ll look at one of the fastest growing trends to date: notification of state attorneys general.

Read more

The REAL Cost of Failing the OCR Audits

It took a while, but phase 2 of the the HIPAA Audit Program, conducted by the Health and Human Services’ Office for Civil Rights (OCR), is here. Healthcare related organizations from the smallest business associate to the largest covered entity are eligible for this phase of audits—no one is immune.

Read more

Now in Effect: Rhode Island's New Data Breach Notification Law

On June 26, 2016, Rhode Island’s Identity Theft Protection Act of 2015 went into effect, repealing and replacing the state’s 2005 breach notification law.

Trends in Data Breach Notification Laws: What Will 2017 Bring?

Read more

OCR Audits: Ready with RADAR

Are you concerned about the next round of OCR Audits? 

Read more

Trends in Data Breach Notification Law: Content, Format, Font Size, and More

Today we continue our weekly blog series focused on 2016 trends in data breach notification law. Click below to catch up on previous installments:

Read more

Decisions, Decisions...The Incident Response Process Illustrated

Responding to privacy and security events naturally brings up a whole host of questions. What happened? What technology, people or data elements were involved? Was regulated data exposed? How? What has been done to mitigate the security risk? What must be done to remain compliant with privacy laws?

Read more

Trends in Data Breach Notification Law: Timely Notifications

Today we’re continuing our series of data breach notification law trends. If you missed the first part of the series, check out our discussion of the biggest trend in 2016, as well as our post focused on the expanding scope of personal information.

Read more

Everyday Events, Inevitable Incidents, and Data Breach Disasters

The Four Categories of Data Occurrences

In today’s threat-filled world, sensitive customer information is constantly at risk for exposure. Cyber attacks, ransomware, spear phishing, malware, system & process failure, employee negligence, lost or stolen devicesthe list of dangers goes on.

Read more

Trends in Data Breach Notification Law: Getting Personal (Information)

At any given time, the RADAR regulatory team is busy monitoring, tracking, and preparing for proposed and pending changes to data breach notification law.

As a RADAR product manager specializing in regulatory content, I have a front row view of the work that goes into ensuring RADAR is kept up-to-date with the latest advances in data breach notification law. As part of that work, the regulatory team has identified a number of trends that we expect to continue through 2016. Last week we covered an overarching trend towards increased stringency and specificity.

This week, we will dive a bit deeper into one aspect of this increased stringency as it relates to personal information and incident assessment.

Read more

2016 Trends in Data Breach Notification Law

My role as a RADAR product manager specializing in regulatory content means I live and breathe data breach notification laws – exciting, nuanced, and incredibly complex work.

Navigating the intricacies of federal and state regulations can be like solving a puzzle: you work to align the right information, look for patterns, and plan several steps ahead so that when the last piece finally clicks into place you have a simple, clear picture of what the law requires.

Read more

Cost of Medical Identity Theft

This interview originally aired on the Nightly Business Report, February 2016. Click here to view the full segment.

Read more

Montana and Connecticut Amend Data Breach Notification Statutes

In a continued trend of states extending their data breach laws to better protect residents, Montana and Connecticut passed legislation earlier this year that went into effect October 1, 2015. Both Montana’s H.B. 74 and Connecticut’s S.B. 949 increase the stringency of data breach notification obligations for businesses that own, license, or maintain computerized data that includes personally identifiable information (PII). Montana and Connecticut are two of the most recent states to pass or modify such legislation (see recent changes in Wyoming as well), which to date extends to nearly all U.S. states and territories.

Read more

Wyoming Expands Data Breach Law With New PII and Notice Requirements

July is set to start with a bang in Wyoming when two new bills go into effect that significantly amend the state’s data breach notification law. 

Read more