HHS Immediately Reduces Annual Limits Across HIPAA Violations

Share

The Department of Health and Human Services (HHS) issued a notice, effective immediately, that it is exercising its enforcement discretion in how it applies HHS regulations concerning the assessment of Civil Money Penalties (CMPs) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HHS currently applies the same annual CMP limit across four separate tiers of violations based on the level of culpability surrounding the HIPAA violation. HHS will reduce the annual CMP limit for each of the four penalty tiers, pending further rulemaking, to better reflect the text of the Health Information Technology for Economic and Clinical Health (HITECH) Act.

Continue reading “HHS Immediately Reduces Annual Limits Across HIPAA Violations”

Supreme Court Gives Companies Another Tool To Fend Off Data Breach Class Actions

Share

In the wake of data breaches, companies may find themselves targets of class actions by customers or employees whose personal information was compromised in the breach. The exposure is considerable, with an estimated 765 million people impacted by data breaches between April and June of 2018. As we previously reported, some courts have allowed consumer and employee data breach cases to proceed despite threshold challenges – leading to multi-million-dollar settlements. And in Dittman, Pennsylvania’s Supreme Court recently held that an employer owed an affirmative duty to exercise reasonable care to protect employees’ personal nonpublic data from data breaches.

Continue reading “Supreme Court Gives Companies Another Tool To Fend Off Data Breach Class Actions”

SEC Issues Risk Alert Regarding Reg S-P, Privacy, Safeguarding, and Registrant Compliance

Share

The SEC’s OCIE recently issued a Risk Alert focusing on compliance issues related to Regulation S-P, the primary SEC rule governing compliance practices for privacy notices and safeguard policies for investment advisers and broker-dealers. The Risk Alert summarizes the OCIE’s findings from two-year’s worth of issues identified in deficiency letters to assist investment advisers and broker-dealers in adopting and implementing effective policies and procedures for safeguarding customer records and information pursuant to Regulation S-P.

In this alert, partner Jim Lundy outlines the Regulation S-P requirements, the OCIE’s Regulation S-P findings and key takeaways for SEC registrants.

Read the full alert.

DOJ White Paper Answers Questions about the Scope and Applicability of the CLOUD Act

Share

Last year Congress enacted the CLOUD Act (the Clarifying Lawful Overseas Use of Data Act) to clarify the means for foreign legal authorities to access electronic information held by U.S.-based global providers. The U.S. Department of Justice (DOJ), in April 2019, issued a White Paper entitled “Promoting Public Safety, Privacy, and the Rule of Law Around the World: The Purpose and Impact of the CLOUD Act.” This White Paper lays out the policy and legal reasons for enactment of the CLOUD Act, and explains how the CLOUD Act overlays and interacts with existing laws and established inter-governmental practices.

Continue reading “DOJ White Paper Answers Questions about the Scope and Applicability of the CLOUD Act”

The Sedona Conference Publishes Its Final, April 2019 Version of A Commentary on Information Governance, Second Edition

Share

The Sedona Conference® has released the Final Version of its Commentary on Information Governance, Second Edition (April 2019). The Second Edition of this Commentary again sets out 11 principles of information governance that provide a strategic framework for senior management to make decisions with respect to all information within an enterprise. However, the latest Commentary has been revised to incorporate changes and advances in technology and law, including on privacy, that have occurred over the past four years, and in particular in an expanded set of footnotes it includes updated references to publications of The Sedona Conference that have been issued in the intervening years since 2014.

Continue reading “The Sedona Conference Publishes Its Final, April 2019 Version of A Commentary on Information Governance, Second Edition”

©2024 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Attorney Advertising.
Privacy Policy