Author: Discerning Data Editorial Board

California Enacts Consumer Privacy Act

Share

The California Consumer Privacy Act’s swift passage is the result of a compromise reached between the backers of a ballot initiative and California legislators. There are similarities and differences between the Privacy Act and the European Union’s General Data Protection Regulation (GDPR) regime, but one thing that is common to both is the need for covered entities that collect or process the personal data of data subjects to understand what personal data is collected, why it is collected, how it is used, and with whom it is shared – in other words, core information governance principles.

The new law is the most comprehensive state privacy law passed to date. It will go into effect January 1, 2020 and comes on the heels of the GDPR which became effective on May 25, 2018.

Continue reading “California Enacts Consumer Privacy Act”

Final Report on U.S. Government Policies and Public-Private Frameworks to Address Botnets, Security and Resiliency Challenges Released

Share

This post is part of a continuing DBR on Data series on Executive Order 13800 and updates on its implementation a year after passage.

The U.S. Department of Commerce and the Department of Homeland Security, through the National Telecommunications and Information Administration (NTIA), has released the final report on enhancing the resilience of the Internet and communications ecosystem against botnets and automated distributed threats.

Continue reading “Final Report on U.S. Government Policies and Public-Private Frameworks to Address Botnets, Security and Resiliency Challenges Released”

Singapore Taekwondo Federation Fined by Personal Data Protection Commission for Unauthorized Disclosure of Minors’ Information

Share

Singapore’s Personal Data Protection Commission recently found that the Singapore Taekwondo Federation violated Singapore’s Personal Data Protection Act (PDPA) by failing to protect minors’ personal data on its website.  The PDPA was enacted in 2012 to “govern the collection, use and disclosure of personal data by organisations in a manner that recognizes both the right of individuals to protect their personal data and the need of organisations to collect, use or disclose personal data for purposes that a reasonable person would consider appropriate in the circumstances.”

Continue reading “Singapore Taekwondo Federation Fined by Personal Data Protection Commission for Unauthorized Disclosure of Minors’ Information”

OMB Releases Report on Federal Cybersecurity Risk

Share

This is the first post in a DBR on Data series on Executive Order 13800 and updates on its implementation a year after passage.

The White House Office of Management and Budget (OMB) released in May 2018 its report to the president on federal cybersecurity risk determination. The report, which responds to the President’s May 2017 Executive Order 13800, entitled “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure,” comes as several key reports also required by Executive Order 13800 have been recently released in full or in summary form. The Federal Cybersecurity Risk Determination Report and Action Plan concludes that the recent government-wide cybersecurity risk assessment conducted by the OMB, in collaboration with the Department of Homeland Security (DHS), confirms the need for the U.S. government to take “bold approaches” to improve federal cybersecurity.

Continue reading “OMB Releases Report on Federal Cybersecurity Risk”

FTC Staff Provides Recommendations to Consumer Product Safety Commission on IoT Safety

Share

In March 2018, the Consumer Product Safety Commission (CPSC) issued a Notice of Public Hearing and Request for Written comments on The Internet of Things on Consumer Product Hazards.  The CPSC expressed interest regarding existing safety standards on existing IoT devices, how to prevent hazards, and the role of government in the effort to promote IoT safety.

Continue reading “FTC Staff Provides Recommendations to Consumer Product Safety Commission on IoT Safety”

$4 Million Judgment Awarded to Office for Civil Rights for HIPAA Violation

Share

A U.S. Department of Health and Human Services (HHS) Administrative Law Judge (ALJ) has ruled that the University of Texas MD Anderson Cancer Center violated the Health Insurance Portability and Accountability Act of 1996 (HIPAA) in its failure to encrypt its electronic devices and ordered MD Anderson to pay $4,348,000 in civil monetary penalties  to the Office for Civil Rights (OCR). This is the second summary judgment ordered in favor of the OCR in its history, and the fourth largest amount recovered by OCR for HIPAA violations.

Continue reading “$4 Million Judgment Awarded to Office for Civil Rights for HIPAA Violation”

©2024 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Attorney Advertising.
Privacy Policy