On December 14, 2022, the U.S. Department of Health and Human Services Office of Civil Rights published a notice of a settlement with a dental practice over disclosures of patients’ protected health information over social media. Here is the full…

Shawn Tuma provided the Texas Bar Journal’s 2022: The Year In Review – Cybersecurity & Data Privacy Update which addressed the following issues: updated Texas cyber event notification requirements for Texas state banks Texas AG enforcement of data protection laws…

Hopefully you saw my recent post “Data is the hot potato!” and data minimization lessons from the FTC’s Drizly case and it reinforced in your mind just how important it is to focus on the data when we are talking…

On October 31, 2022, the U.S. Department of Health and Human Services Office of Civil Rights provided guidance titled OCR Releases New Recognized Security Practices Video. This guidance is not only a must-read for all healthcare “covered entities,” especially small…

Thank you, Jamie Sorley! I have a few sayings about cybersecurity and data privacy but one of my favorites is “data is the hot potato!” When doing presentations, I love to have the attendees chant over and over in unison,…

On October 25, 2022, the U.S. Department of Health and Human Services Office of Civil Rights in its October 2022 OCR Cybersecurity Newsletter provided guidance titled HIPAA Security Rule Security Incident Procedures. This guidance is not only a must-read for…

On May 19, 2022, the U.S. Department of Justice directed prosecutors to not charge security researchers who report cybersecurity vulnerabilities in “good faith” with violations of the federal Computer Fraud and Abuse Act (CFAA). The DOJ’s press release titled Department…