Today, the U.S. Department of Health & Human Services’s (HHS) Office for Civil Rights (OCR) announced the launch of Phase 2 of its HIPAA Compliance Audit Program. (OCR’s announcement can be accessed at Audit Phase 2 Announcement and further information about Phase 2 can be accessed at Audit Phase 2 Information.) In this phase, OCR will […]
Security Breach
FTC Announces Study of PCI-DSS Assessment Companies
On Monday, March 7 the Federal Trade Commission (FTC) issued a press release announcing that it had issued Orders to nine Qualified Security Assessor (QSA) companies, which are certified to assess whether or not entities involved in payment card processing, such as merchants, are compliant with the Payment Card Industry Data Security Standards (PCI DSS). […]
IBM and Alston & Bird Webinar: Cybersecurity Preparedness and Incident Response – On a Global Basis – March 29
IBM and Alston & Bird will host a webinar on Tuesday, March 29. Security incidents are increasingly taking on a global flavor, as multi-national companies continue to expand their data footprint across the globe. At the same time, a number of countries are passing new laws and regulations regarding cybersecurity preparedness and breach notification. The […]
FTC and Wyndham Settle Data Security Allegations
On December 9, 2015, the Federal Trade Commission announced that Wyndham Worldwide Corp., Wyndham Hotel Group LLC, Wyndham Hotels and Resorts, LLC, and Wyndham Hotel Management, Inc. (“Wyndham”) had agreed to settle FTC charges that the company’s security practices unfairly exposed the payment card information of consumers to hackers in three separate data breaches between […]
FTC’s Ability to Regulate Data Security Potentially Limited in FTC v. LabMD
A November 13, 2015 decision from the Federal Trade Commission’s Chief Administrative Law Judge, D. Michael Chappell, calls into question FTC enforcement in the data privacy space. The case began when the FTC filed a complaint on August 28, 2013 after an employee of LabMD, a cancer detection laboratory, downloaded peer-to-peer (“P2P”) software that exposed patient […]