What Is the Information Blocking Rule? – Faegre Drinker on Law and Technology Podcast

Share

Want to better understand what the Office of the National Coordinator for Health IT’s (ONC) Information Blocking Rule (IBR) is, how it works and why we need it? In this episode of the Faegre Drinker on Law and Technology Podcast, host Jason G. Weiss sits down with Faegre Drinker partners Jeff Ganiban and Doriann Cain, and associate Alex Eschenroeder to discuss all things IBR.

Expected in September 2022, the final draft of the HHS Office of Inspector General’s (OIG) first IBR enforcement rule is aimed at two of the three actor types defined in the IBR: Health IT Developers of Certified Health IT and Health Information Networks / Health Information Exchanges. Under the Cures Act, each IBR violation by a Health IT Developer of Certified Health IT or Health Information Network / Health Information Exchange would be subject to penalties of up to $1 million. The expected rule will establish how the OIG intends to assess and enforce these penalties. (Unfortunately, there is still no guidance on when we can expect a rule regarding the penalties that will apply to IBR violations by Health Care Providers.)

Continue reading “What Is the Information Blocking Rule? – Faegre Drinker on Law and Technology Podcast”

FTC Signals Intention to Move Forward to Adopt New Privacy Rules in the Absence of Federal Legislation

Share

The Federal Trade Commission (FTC), on a split party vote on August 11, approved an Advanced Notice of Proposed Rulemaking (the Notice) that focuses on potential new rules and requirements that could apply to entities engaged in targeted advertising or other forms of personal information gathering and sharing. Once this Notice is published in the Federal Register, the public will have 60 days to comment on the merits of the proposed new rules. There is also a public forum on the Notice slated to take place on September 8. The FTC’s action comes on the heels of legislative attempts to codify federal privacy protections that have yet to come to fruition.

Continue reading “FTC Signals Intention to Move Forward to Adopt New Privacy Rules in the Absence of Federal Legislation”

UK’s Data Protection Reform Proposals Show Distinct Divergence from EU Rules

Share

The UK government has recently published proposals to amend UK data protection legislation with moves towards divergence from EU rules and regulation following the UK’s decision to leave the EU (“Brexit”). The Data Protection and Digital Information Bill (“DPDI Bill”) proposes to make significant changes to existing UK data protection legislation, including the UK General Data protection Regulation (“UK GDPR”) and the Data Protection Act 2018 (“DPA”). The proposals include some measures that will result in a significant divergence, particularly for companies operating on a pan-European basis. While some compliance obligations will be relaxed, most of the changes can best be described as “similar but different” in approach. It remains to be seen what the final text will look like when the bill is passed into law, with some of the more radical proposals already having been dropped from consideration. A crucial point of consideration for UK legislators when the DPDI Bill is making its way through the various stages of the legislative process in the Houses of Parliament will be whether this legislation remains sufficiently similar to the EU’s General Data Protection Regulation (“EU GDPR”) that the UK is able to retain its adequacy status for the purposes of exports of personal data from the EU to the UK by companies operating internationally.

Continue reading “UK’s Data Protection Reform Proposals Show Distinct Divergence from EU Rules”

Discussion on the Dangers of Wire Transfer Fraud Cyberattacks – Faegre Drinker on Law and Technology Podcast

Share

Wire transfer fraud cyberattacks: they cost U.S. businesses billions of dollars each year, but you can take action to minimize your risk. In this episode of the Faegre Drinker on Law and Technology Podcast, host Jason G. Weiss talks with intellectual property Partner Ken Dort about this cyber threat also known as business email compromise attacks. They discuss how wire fraud happens, who’s at risk for these attacks, and the complicated process of recovering losses after hackers hit an organization. Jason and Ken also talk through the steps businesses can take now to reduce their risk of wire fraud down the road. 

Continue reading “Discussion on the Dangers of Wire Transfer Fraud Cyberattacks – Faegre Drinker on Law and Technology Podcast”

Ransomware Payments Become an Even Riskier Choice Amidst the Ever-Growing Sanctions List

Share

In February 2022, Executive Order 14024 highlighted that Russia’s invasion of Ukraine threatened not only Ukraine but also the national security and foreign policy of the United States. Pursuant to this executive order, and in the face of national security concerns, the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) has instituted extensive sanctions, including both economic and trade sanctions. Also, in response to the national security concerns, the Cybersecurity and Infrastructure Security Agency (CISA) issued a Shields Up notice, urging companies to bolster their cybersecurity to protect themselves against the threat of a cyberattack.

As the conflict between Russia and Ukraine continues, the threat of a cyberattack, specifically ransomware and NotPetya-style attacks, remains top of mind. However, as entities continue to bolster their cybersecurity and protect themselves against these attacks, they should be cognizant of the implications that OFAC sanctions may have in connection with such an attack.

Continue reading “Ransomware Payments Become an Even Riskier Choice Amidst the Ever-Growing Sanctions List”

New York Department of Financial Services Announces $5 Million Penalty in Most Recent Cybersecurity Enforcement Action

Share

On June 23, 2022, the New York State Department of Financial Services (NYDFS) announced the entry of a Consent Order in connection with its most recent cybersecurity enforcement action, which included a $5 million monetary penalty against Carnival Cruise Line, Princess Cruise Lines, Holland America Line, Seabourn Cruise Line, and Costa Cruise Lines (“Carnival Companies”), for violations of NYDFS’s Cybersecurity Regulation, 23 NYCRR Part 500 (“Part 500”). In addition to the $5 million monetary penalty, the Carnival Companies also surrendered their insurance producer licenses and agreed to cease selling insurance to residents of New York.

According to the Consent Order, between 2019 and 2021, the Carnival Companies were the subject of four separate cybersecurity events, including ransomware and phishing attacks. All four of the cybersecurity events led to the exposure of nonpublic personal information (NPI) of both consumers and employees, including such information as names, addresses, birth dates, passport numbers, and in some instances, other sensitive information such as social security numbers and health information.

Continue reading “New York Department of Financial Services Announces $5 Million Penalty in Most Recent Cybersecurity Enforcement Action”