New Nevada Law Mandates Posting of Privacy Practices

Share

Nevada recently joined California as the second state to require that operators of websites and online services post public notices outlining their privacy practices. The Nevada law, which went into effect on July 1, requires that the posted notice on the website or online service do the following:

  • Identify the categories of “covered information” collected through the site.
  • Describe the process for consumers to review and request changes to the covered information collected through the site.
  • Describe the process by which the operator notifies consumers of material changes to the notice.
  • Disclose whether third parties may collect information about a consumer’s online activities over time and across different websites when the consumer uses the site.
  • List an effective date.

Continue reading “New Nevada Law Mandates Posting of Privacy Practices”

OCR Responds to Rise in Health Care Cyberattacks

Share

After recent WannaCry ransomware and Petya/notPetya malware attacks exposed the data security vulnerabilities of health care organizations and pharmaceutical companies globally, the Department of Health and Human Services and Office for Civil Rights have rolled out resources to prevent future attacks. The OCR’s resources, such as its Quick-Response Checklist, infographic and informational newsletter, are meant to support health care organizations every step of the way, from planning and contingency plans to response and mitigation procedures.

We’ve outlined some of the key points in the OCR and HHS documents in this recent alert.

And the Winner is….. FTC Announces Winner of IoT Home Device Security Contest

Share

Earlier this year the FTC launched the IoT Home Inspector Challenge competition to challenge innovators to create a tool that will help protect consumers from security vulnerabilities in the software of home IoT devices.  Submissions were received in May and reviewed by a panel of five judges, including security experts from a range of private companies, universities and the government.  The FTC announced the winners on July 26, 2017.
Continue reading “And the Winner is….. FTC Announces Winner of IoT Home Device Security Contest”

Japan’s Protection of Personal Information Amendments Go into Effect

Share

The amendments to Japan’s Act on the Protection of Personal Information went into effect on May 30, 2017. The amendments provide clarity on what types of personal information will be regulated and steps operators need to take to be in compliance.

The Act, Generally

Formulated “to protect an individual’s right and interests while considering the utility of personal information,” the Act (1) sets forth the overall vision and policy regarding the proper handling and protection of personal information, (2) clarifies the responsibilities and obligations of the central and local governments in the protection of personal information, and (3) ensures that the proper application of personal information contributes to the creation of new industries, the realization of a vibrant economic society, and an enriched quality of life for the people of Japan.
Continue reading “Japan’s Protection of Personal Information Amendments Go into Effect”

Time to Focus on Cybersecurity in Health Care

Share

In the wake of the WannaCry global attack that impacted the U.K.’s National Health Service, the need to protect valuable health care data has never been more urgent. The U.S. government has begun to take steps in the right direction with the passing of executive orders on cybersecurity, the Cybersecurity Act of 2015, and the Government Accountability Office report on the Internet of Things.

Continue reading “Time to Focus on Cybersecurity in Health Care”

Disrupting the Health Care Cybersecurity Model (or Lack Thereof): Health Care Industry Cybersecurity Task Force Calls Out Regulatory Barriers

Share

In a previous blog post, our team evaluated the draft recommendations prepared by the Health Care Industry Cybersecurity Task Force in its “Report on Improving Cybersecurity in the Health Care Industry.”  

We recently examined three of the six major recommendations in the report and their potential impact on the existing health care regulatory environment. These include:

  • HHS and a Comprehensive Health Care Security Framework
  • Government and Private Incentives to Migrate Vulnerable Health Care Providers to More Secure Environments
  • Development of Fraud and Abuse Exemptions to Foster Collaboration and Permit Shared Resources

For more insight, read our detailed review of the health care security recommendations above.