Privacy, Cyber & Data Strategy Team

On November 26, 2012, the United States Department of Health and Human Services (HHS) Office of Civil Rights (OCR) published a guidance document discussing methods and approaches for de-identification of protected health information (PHI) as permitted under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The document, which is titled “Guidance Regarding Methods […]

On November 16th, 2012, the PCI Security Standards Council released an information supplement to the Payment Card Industry Data Security Standard (“PCI-DSS”) titled “PCI DSS Risk Assessment Guidelines” (the “Guidelines”). The Guidelines were authored by the Risk Assessment Special Interest Group (“SIG”) – a group of more than 60 organizations representing banks, merchants, security assessors […]

Today the European Commission’s Article 29 Working Party released Opinion 08/2012 providing further input on the EU’s revised Data Protection Regulation. The purpose of the Opinion is to provide “further guidance, notably on certain key data protection concepts and by analysing the need for and the effect of the proposed delegated acts and where necessary suggesting […]

In Curry v. AvMed Inc., No. 11-13694 (11th Cir. Sept. 5, 2012), the Eleventh Circuit found that the named plaintiffs sufficiently alleged injury and causation by including detailed allegations making it plausible, not merely possible, that their purported injuries resulted from the data breach. In AvMed, plaintiffs alleged that their identities were stolen as a […]

Chief executives of each of the Fortune 500 companies will soon receive a letter from Senator John D. Rockefeller IV  (D-W.Va.) asking them to describe how their companies address computer network security, or “cybersecurity.” In the letter, Senator Rockefeller explains that he is addressing Fortune 500 companies directly because of the recent stalling of the Cybersecurity Act […]