On March 2, the federal Consumer Financial Protection Bureau (CFPB) for the first time brought an enforcement action related to data security. The CFPB consent order imposes a $100,000 fine and five years of regulatory oversight for online payments … [Read more] about CFPB Brings First Enforcement Action on Data Security
WP 29 Issues Statement on EU-U.S. Privacy Shield
On the same day that the European Commission debuted the EU-U.S. Privacy Shield, the Article 29 Working Party (WP29) issued a statement welcoming the publication of the draft “adequacy decision” of the European Commission as well as the legal texts … [Read more] about WP 29 Issues Statement on EU-U.S. Privacy Shield
European Commission Debuts EU-U.S. Privacy Shield
In a development eagerly anticipated by businesses on both sides of the Atlantic, the European Commission has published the legal instruments needed to put in place the “EU-U.S. Privacy Shield” for transfers of personal data from Europe to the United … [Read more] about European Commission Debuts EU-U.S. Privacy Shield
Working Paper on Internet Service Providers and Privacy Released
On February 29, The Institute for Information Security and Privacy released a Working Paper titled, “Online Privacy and ISPs: ISP Access to Consumer Data is Limited and Often Less than Access by Others.” Peter Swire, Senior Counsel at Alston & … [Read more] about Working Paper on Internet Service Providers and Privacy Released
HHS Issues HIPAA Security Rule Crosswalk with NIST Cybersecurity Framework
Last week, the HHS Office for Civil Rights (OCR) released a crosswalk between the requirements of the HIPAA Security Rule and the NIST Cybersecurity Framework. The crosswalk – which was developed in conjunction with the National Institute of … [Read more] about HHS Issues HIPAA Security Rule Crosswalk with NIST Cybersecurity Framework