The pilot phase of the HHS Office for Civil Rights (OCR) HIPAA Privacy and Security Audit Program is now underway through December 2012. Background. Under HITECH Act § 13411, 42 USC § 17940, HHS is required to provide for periodic audits to ensure that HIPAA covered entities and their business associates are complying with the […]
Uncategorized
First Circuit Rules that Plaintiffs May Recover Certain Damages for a Data Breach
In a departure from most other courts, the United States Court of Appeals for the First Circuit has concluded that Maine law allows plaintiffs to recover certain damages arising from a data breach. Anderson v. Hannaford Bros. Co., — F.3d —-, 2011 WL 5007175 (1st Cir. Oct. 20, 2011). Hannaford’s holding regarding damages, as described […]
SEC Issues Guidance on Cybersecurity Risks and Incidents
In response to various political pressures, including a letter dated May 11, 2011, from Senator Jay Rockefeller (D-WV) and four other senators to SEC Chairman Mary Schapiro, the Staff of the Security and Exchange Commission’s (SEC) Division of Corporation Finance issued guidance on October 13, 2011 regarding its views on disclosure obligations relating to cybersecurity […]
House Republican Cybersecurity Task Force Releases Recommendations
This afternoon the House Republican Cybersecurity Task Force announced a report containing its recommendations on federal cybersecurity legislation pursuant to a request by the House Republican leadership to examine four critical areas: critical infrastructure and incentives, information sharing and public-private partnerships, existing cybersecurity laws, and legal authorities. The Task Force recommends actions which could be accomplished in […]
FTC Proposes Revisions to the Children’s Online Privacy Protection Rule
In light of changes in technology, particularly in the mobile, interactive gaming and social networking space, this past week the FTC formally requested comments to its proposed changes to the Children’s Online Privacy Protection Rule (“COPPA”). Comments on the proposed changes are due November 28, 2011. The changes focus on five substantive sections of the […]