Category Archives: Business concerns

Subscribe to Business concerns RSS Feed

TXT U L8R: Should Your Physician Be Texting Orders?

Many a health lawyer has been struggling with how to communicate the U-turn-laden road of whether hospitals should allow physicians to text orders. The bottom line is: NOT YET. One way to summarize the The Joint Commission’s (TJC) position on texting orders is: Up until 2011: “What is texting?” 2011: “No texting!” May 2016: “You … Continue Reading

Does Your Company Meet Privacy Shield Protection Criteria?

As of August 1, the US-EU Privacy Shield is up and running. Companies transferring personal data (e.g., employee data, customer data, etc.) from the EU to the U.S. can now register with the U.S. Department of Commerce provided that they meet the requisite protection criteria. Registration under the Privacy Shield certifies that the transfer of the personal … Continue Reading

EU Regulators Allow One-Year Test of Privacy Shield

The long-awaited US-EU Privacy Shield—the successor to the US-EU Safe Harbor which was declared invalid—is set to kick in on August 1, 2016. (See our July 8 post for detail.) One of the reasons it took so long to put the Privacy Shield in place was the opposition it encountered from consumer groups and the data protection … Continue Reading

New, Stringent Cyber Supply Chain Standard Under Development

Just last week, the Federal Energy Regulatory Commission or “FERC” moved closer to regulating the supply chain management practices for energy companies that own and operate the physical assets that comprise the nation’s power grid. Specifically, on July 21, FERC directed the North American Electric Reliability Corporation or “NERC” to issue a new supply chain … Continue Reading

New Guidance Released by OCR on Ransomware

In light of the increasing number of high-profile ransomware attacks that have recently occurred and the threat these attacks pose to the health care industry in particular, the Office for Civil Rights (“OCR”) released guidance on July 11, 2016 regarding ransomware and HIPAA. This guidance outlines activities required by HIPAA that will assist entities in … Continue Reading

Don’t Expose Your ePHI by Using Vulnerable Third-Party Applications

Covered entities (CEs) and business associates (BAs) beware—third-party application software security vulnerabilities are on the rise, according to the Health & Human Services (HHS) Office for Civil Rights in Action. In June 2016, the HHS Office for Civil Rights in Action published a newsletter reminding HIPAA CEs and BAs about the risks inherent in third-party application … Continue Reading

Data Breach Costs Rise to $4 Million Globally, $7 Million in the U.S.

According to the Ponemon Institute 2016 Cost of Data Breach Study (sponsored by IBM), the total cost a company should expect to spend in response to a data breach has once again increased both globally and in the United States. The average cost paid for each lost or stolen record containing sensitive and confidential information … Continue Reading

Is Your Company Complying with the SEC’s Safeguards Rule?

The Securities and Exchange Commission (“SEC”) last week announced that Morgan Stanley Smith Barney LLC (“MSSB”) had agreed to pay a $1 million penalty to settle charges related to its failure to protect private customer information, some of which was hacked and actually offered for illegal sale online. The action involved MSSB’s violation of the … Continue Reading

FAA Establishes Drone Advisory Council

On May 3, the Federal Aviation Administration (“FAA”) announced the formation of a new UAS Advisory Committee, or Drone Advisory Council (“DAC”). The formation of the DAC continues the FAA’s emphasis on safety of unmanned aircraft systems (“UAS”) operating in the national airspace system. The FAA, acknowledging the increasing commercialization of drones, has focused extensive … Continue Reading

Supreme Court Decision Limits Right to Sue Without Actual Damages

The Supreme Court’s recent decision in Spokeo, Inc. v. Robins casts doubts on a plaintiff’s standing to sue for statutory damages based upon merely procedural violations, posing additional hurdles for class-action claims under certain consumer protection statutes. What it means for business:  it is now harder for potential plaintiffs to satisfy Article III standing requirements … Continue Reading

European Union Article 29 Working Party Responds to Privacy Shield

The European Union’s Article 29 Data Protection Working Party (WP29), put in place under a European Parliament directive to address personal information and its international movement, responded on April 13 to the Privacy Shield Data Transfer Agreement agreed upon by the United States and the European Commission earlier this year. The Privacy Shield was intended … Continue Reading

European Parliament Votes to Enact Data Protection Reforms

Four months after the European Parliament’s Civil Liberties, Justice and Home Affairs Committee (LIBE) signed off to move ahead with the new regulations in December of last year and six days after the Council of the European Union voted to adopt them on April 8, the European Parliament voted to approve the General Data Protection … Continue Reading

BREAKING: Data Breach Covered Under Traditional Policy, 4th Circuit Says

Insurance coverage for data breach incidents is a hot topic in the insurance world. Nowhere is it hotter than in the area of newly created specialty cyber policies designed specifically to cover such incidents—what do these policies cover, when should they be purchased and how much coverage should be obtained are questions we routinely encounter. … Continue Reading

No Breach Required: CFPB Conducts First Data Security Enforcement Action

In its first data security enforcement action, the CFPB ventured into the FTC’s usual enforcement territory and obtained a consent order against Dwolla Inc., an online payment company. The company has agreed to pay a $100,000 penalty, stop misrepresenting its data security practices, and take corrective action by training employees and improving data security and … Continue Reading

European Commission and Data Protection Authorities Issue Guidance

When the European Court of Justice invalidated the Safe Harbor Framework, companies were left scrambling to determine how best to conduct day-to-day business involving data transfers between the EU and the U.S. To remind us of our options, the European Commission released a communication setting out the alternative grounds upon which personal data may still … Continue Reading

U.S. Senate Encourages Sharing – of Cyber Threat Indicators, That Is

To share or not to share — that is the question for companies when they have information about cybersecurity threats. New federal legislation which was adopted by the Senate on October 27, 2015 is designed to encourage companies to share information — with other companies and the federal government — about cybersecurity threats. The provisions … Continue Reading

EU-U.S. Safe Harbor Invalidity Gives Renewed Interest in U.S. Legislation

The recent holding of the European Court of Justice to invalidate the EU-U.S. Data Privacy Safe Harbor has given new impetus for Congress to pass the Judicial Redress Act sponsored by Sen. Orrin Hatch and Sen. Chris Murphy which would give EU citizens a cause of action in U.S. courts. What to do in the … Continue Reading

Did you miss our Employee Privacy Webinar? Watch the replay here!

Legal concerns about employee privacy issues have exploded over the past year. Privacy concerns in the workplace are no longer limited to who has access to an employee’s personnel file, but have expanded to include matters ranging from an employee’s social media activity, criminal conviction history, genetic history, medical information, and background checks. John Barlament … Continue Reading

European Court of Justice Invalidates EU-U.S. Safe Harbor

On October 6, the European Court of Justice released an opinion that will have a significant effect on many companies which do business in the EU and transfer information to United States operations. In Schrems v. Data Protection Commissioner, the Court held that the EU-U.S. Safe Harbor Agreement does not preempt the data protection authorities … Continue Reading

SEC Announces Focus Areas for Second Round of Cybersecurity Exams of Broker-Dealers and Investment Advisers

On September 15, 2015, the Office of Compliance Inspections and Examination (OCIE) of the Securities and Exchange Commission (SEC) published a Risk Alert to provide additional information on the focus areas for its second round of cybersecurity exams. While the SEC’s oversight with respect to its cybersecurity exam initiative only extends to broker-dealers, investment advisers, … Continue Reading

EU-U.S. Data Protection Treaty Could Open U.S. Courts to EU Litigants

The U.S. and the EU recently concluded a treaty which will open the doors of U.S. courts to Europeans suing U.S. companies for data privacy violations. For a long time the Europeans have been skeptical about the protection of data privacy in the United States. The name “Snowden” still touches a sore spot with most … Continue Reading

Good News from the IRS on Taxability of Identity

Businesses and governmental entities increasingly store sensitive nonpublic personal information electronically. It should be no surprise, then, that identity theft is a major problem in the United States. Identity theft is generally considered to occur when a person wrongfully obtains and uses another person’s personal information (for example, name, social security number, or banking or … Continue Reading
LexBlog