Last month saw early buzz in the privacy community with the first US companies electing to self-certify under the new European Union - United States Privacy Shield framework.Read more
Ransomware. This term has gained notoriety beyond compliance and privacy officers, becoming a household word thanks to the proliferation of news stories surrounding ransomware attacks in the media.Read more
It’s time for covered entities and their business associates to get their respective houses in order. During phase 2 of the HIPAA Audit program, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) will be paying attention to the relationships between HIPAA covered entities and their business associates (BAs).Read more
In our final installment of data breach notification law trends, we’ll look at one of the fastest growing trends to date: notification of state attorneys general.Read more
It took a while, but phase 2 of the the HIPAA Audit Program, conducted by the Health and Human Services’ Office for Civil Rights (OCR), is here. Healthcare related organizations from the smallest business associate to the largest covered entity are eligible for this phase of audits—no one is immune.Read more
On June 26, 2016, Rhode Island’s Identity Theft Protection Act of 2015 went into effect, repealing and replacing the state’s 2005 breach notification law.Read more
Responding to privacy and security events naturally brings up a whole host of questions. What happened? What technology, people or data elements were involved? Was regulated data exposed? How? What has been done to mitigate the security risk? What must be done to remain compliant with privacy laws?Read more
In today’s threat-filled world, sensitive customer information is constantly at risk for exposure. Cyber attacks, ransomware, spear phishing, malware, system & process failure, employee negligence, lost or stolen devices—the list of dangers goes on.Read more
At any given time, the RADAR regulatory team is busy monitoring, tracking, and preparing for proposed and pending changes to data breach notification law.
As a RADAR product manager specializing in regulatory content, I have a front row view of the work that goes into ensuring RADAR is kept up-to-date with the latest advances in data breach notification law. As part of that work, the regulatory team has identified a number of trends that we expect to continue through 2016. Last week we covered an overarching trend towards increased stringency and specificity.
This week, we will dive a bit deeper into one aspect of this increased stringency as it relates to personal information and incident assessment.Read more
My role as a RADAR product manager specializing in regulatory content means I live and breathe data breach notification laws – exciting, nuanced, and incredibly complex work.
Navigating the intricacies of federal and state regulations can be like solving a puzzle: you work to align the right information, look for patterns, and plan several steps ahead so that when the last piece finally clicks into place you have a simple, clear picture of what the law requires.Read more