Latest Articles

CCPA At-A-Glance The new law gives consumers broad rights to access and control of their personal information and imposes technical, notice, and financial obligations on affected businesses. CCPA was enacted to protect the privacy of California consumers and has some similar characteristics to the EU’s General Data Protection Regulation (GDPR), including a new and very broad definition of what is included in protected personal information. Affected businesses are for-profit entities doing business in California that…
The data breach at the U.S. Office of Personnel Management was one of the most serious and possibly one of the top 10 largest data breaches of the 21st century, compromising background investigation records for some 22 million current and former federal employees.  But a class action lawsuit brought on behalf of those employees was recently dismissed for lack of Article III standing.  In that case, In re U.S. Office of Pers. Mgmt. Data Sec.…
The data breach at the U.S. Office of Personnel Management was one of the most serious and possibly one of the top ten largest data breaches of the 21st century, compromising background investigation records for some 22 million current and former federal employees.  But a class action lawsuit brought on behalf of those employees was recently dismissed for lack of Article III standing.  In that case, In re U.S. Office of Pers. Mgmt. Data Sec.…
A recent study by a well-known information security company captures one of the most common information security fallacies: that information security is a technology problem. Most manufacturers, along with many other businesses, view mitigating information security risks as falling squarely in the purview of their information technology department. However, this study reports that human error actually accounted for nearly two-thirds of security compromises, far exceeding causes like insecure websites and hacking. While technological measures (e.g.,…
A recent study by a well-known information security company captures one of the most common information security fallacies: that information security is a technology problem. Most businesses view mitigating information security risks as falling squarely in the purview of their information technology department. However, this study reports that human error actually accounted for nearly two-thirds of security compromises, far exceeding causes like insecure websites and hacking.1 While technological measures (such as anti-virus software, access controls,…
No health care organization or provider is safe from ransomware threats, and a slew of recent noteworthy attacks have driven the point home. The results of an attack can be devastating to the organization, and hundreds of millions of dollars in damages have already been reported. Health care providers, particularly senior executives, officers, and directors, have a legal obligation to adopt procedures and policies to proactively address these information security threats and protect patient data…