Small businesses may be discouraged from investing in preventive cybersecurity measures due to the expense involved and the mistaken belief that only larger companies are the target of cybercrimes. But that is not the case. The FBI’s Internet Crime Report
Workplace Privacy, Data Management & Security Report
Latest from Workplace Privacy, Data Management & Security Report - Page 3
Sanction Policies Can Help Drive Cybersecurity and HIPAA Compliance, OCR Says
Many HIPAA covered entities and business associates struggle with developing and implementing a sanctions policy. What should it say, is zero-tolerance required, do we have to impose discipline in every case, etc. These are examples of frequent and thorny questions…
Delaware’s Governor Signed the Delaware Personal Data Privacy Act
On September 11, 2023, Delaware’s Governor signed House Bill 154 which enacts the state’s comprehensive consumer data privacy statute. Delaware joins California, Colorado, Connecticut, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, …
Cybersecurity Awareness Month: FDA Guidance on Cybersecurity in Medical Devices
Cyber incidents are on the rise with no signs of slowing down, particularly in the healthcare industry. To combat this trend, on September 27, 2023, the U.S. Food and Drug Administration (FDA) released guidance on cybersecurity in medical devices for…
Cybersecurity Awareness Month Series: The California Consumer Privacy Act and Cybersecurity
There are numerous cybersecurity regulations and requirements for businesses to worry about but they may not be considering their cybersecurity regulations under privacy statutes. California was at the forefront of privacy regulations with the passage of the California Consumer Privacy…
Immigration and Citizenship Status Add to Definition of Sensitive Information under California’s Consumer Privacy Act
On October 8, 2023, Governor Newsom signed Assembly Bill (AB) 947. Effective January 1, 2024, the bill will revise the California Consumer Privacy Act (CCPA) definition of “sensitive personal information” to include personal information that reveals a consumer’s citizenship…
Cybersecurity Awareness Month Series: Cybersecurity in the Hoosier State
This year, Indiana joined several other states to pass a comprehensive consumer privacy law, that becomes operative on January 1, 2026. Like other consumer privacy laws, Indiana’s law requires businesses to establish reasonable administrative, technical, and physical security practices…
Cybersecurity Awareness Month Series: FBI Director Asks for Help to Fight Cyber Attacks
When hit with a cybersecurity attack, organizations are often not inclined to bring in federal law enforcement. Recent comments by FBI Director Christopher Wray at Mandiant’s annual mWISE 2023 conference seek to encourage the private sector to reconsider, as reported…
Transatlantic Transfers of Personal Data: Transferring a Privacy Shield Certification to the New EU-U.S. Data Privacy Framework
Effective July 10, 2023, the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”) replaced the invalidated EU-U.S. Privacy Shield framework (“Privacy Shield”). Participating U.S. organizations can now receive personal data transferred from the European Economic Area in compliance with the EU General…
CPPA Mulls Draft Cybersecurity Audit Regulations Under CPRA
When the California Privacy Rights Act (CPRA) was enacted, it created the California Privacy Protection Agency (CPPA) and delegated to the CPPA significant regulatory authority. One of the areas of that authority is cybersecurity, which includes performing cybersecurity audits annually.…