Page 3 of 42

U.S. State Department Changes Export Control Requirements for Secure Handling of Defense Technical Data, Easing Burden on U.S. Industry

Share

On December 26, 2019, the U.S. State Department’s Directorate of Defense Trade Controls announced it is amending the International Traffic in Arms Regulations (ITAR) to streamline requirements for the secure storage and transfer of defense technical data.  This rule change has important implications for IT service providers and companies that may wish to use cloud-based systems and services for the transfer, processing, and storage of ITAR technical data.

Read the full alert to learn about the new regulations and their potential benefits to U.S. companies and their overseas partners.

Ambulance Company Agrees to $65,000 OCR Settlement for HIPAA Noncompliance

Share

West Georgia Ambulance, Inc. (West Georgia) and the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Service (HHS) entered into a $65,000 no-fault settlement agreement and two year corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA).

Continue reading

ED Requires Higher Education Audits to Review GLBA Data Security Compliance

Share

As discussed in a previous DBR on Data post, the U.S. Department of Education (“ED”) in recent years has repeatedly emphasized the importance of higher education institutions taking all appropriate measures to secure and protect their data systems and data from breaches and inadvertent disclosures. The threats to educational institutions’ data are real, recurring and well-documented. The University of Maryland reported in 2014 that a computer system breach compromised more than 300,000 personal records for faculty, staff and students. A private cybersecurity firm reported that Chinese hackers targeted research databases at more than two dozen universities in the 2017-18 timeframe. In 2019, applicants to Grinnell College, Hamilton College and Oberlin College discovered their admissions files were subject to a ransomware attack. These instances are just a few recent examples of significant data breaches in the education sector.

Continue reading

FTC Opinion Holds False Express Privacy Claims are Material

Share

The Federal Trade Commission’s Opinion finding that Cambridge Analytica engaged in deceptive practices to harvest personal information closes another chapter in the Commission’s actions against Cambridge Analytica and its former chief executive and app developer. The opinion is noteworthy for two reasons. First, the procedural posture of this matter is unique because Cambridge Analytica failed to appear or to answer the complaint. This allowed the Commission under its Rules of Practice to find the facts to be as alleged in the complaint and to enter a final decision. Second, the Commission’s opinion holds that a false express privacy claim is material and thus violates Section 5 of the FTC Act.

Continue reading

$1.6 Million Civil Money Penalty for HIPAA Breach Impacting 6,617 Individuals

Share

The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services imposed a $1.6 million civil money penalty (CMP) against the Texas Health and Human Services Commission, Department of Aging and Disability Services (HHSC) for violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HHSC is a Texas state agency headquartered in Austin, Texas that is responsible for the delivery of benefits and services in Texas for several programs including Medicaid for families and children, long-term care for people who are older or who have disabilities, behavioral health services, and services for women and other people with special health needs.

Continue reading

$3 Million OCR HIPAA Settlement Due to Lost Flash Drive and Stolen Laptop

Share

The University of Rochester Medical Center (URMC) and the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Service (HHS) entered into a $3 million no-fault settlement agreement and two year corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA).

Continue reading

« Older posts Newer posts »

©2020 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

Privacy Policy