This morning, Alston & Bird partner Jim Harvey issued an Advisory on the EU’s forthcoming Network Information Security Directive (“NIS Directive”). National laws passed to implement the NIS Directive will impose substantial new compliance responsibilities on providers of “essential services,” as well as on a broad range of “digital service providers”—potentially even if a digital […]
Data Breach
Tennessee Updates Data Breach Statute
On March 24, 2016, Tennessee Governor Bill Haslam signed SB 2005 into law. The bill makes three principal updates to Tennessee’s data breach statute. First, the statute will now require organizations that have experienced a data breach to notify individuals within 45 days from the discovery or notification of the breach, unless a longer period of time […]
HHS/OCR Announces Launch of HIPAA Audit Program Phase 2
Today, the U.S. Department of Health & Human Services’s (HHS) Office for Civil Rights (OCR) announced the launch of Phase 2 of its HIPAA Compliance Audit Program. (OCR’s announcement can be accessed at Audit Phase 2 Announcement and further information about Phase 2 can be accessed at Audit Phase 2 Information.) In this phase, OCR will […]
FTC Updates IdentityTheft.gov Website
The Federal Trade Commission (FTC) has announced updates to the IdentityTheft.gov website aimed at making the site more useful to victims of identity theft. The changes will enable consumers to quickly file complaints and develop a personalized recovery plan after answering a number of questions on the site. “Our hope is that this is going […]
The Importance of Strategic Vendors in Breach Response
Alston & Bird recently issued an Advisory, co-authored by Jim Harvey and Karen Sanzaro, on the complexities of managing a data breach that implicates strategic third party vendor relationships. Cybercrime and data security incidents are on the rise. Security breaches and the ensuing investigation and remediation process can be costly and complex. The process is […]