The American Arbitration Association (AAA) and its International Centre for Dispute Resolution (ICDR) recently created an aerospace, aviation and national security panel of arbitrators to handle complex, high-value aerospace, aviation, defense, cyber and security-related disputes. Similarly, AAA has a special panel of arbitrators to handle technology-related disputes. But what should companies involved in these types of arbitration cases expect?
In January, we wrote about the new training requirement for employees who handle personally identifiable information (“PII”) or who build systems containing PII. On the same day that rule went into effect, Jan. 19, 2017, three related Department of Homeland Security (“DHS”) proposed rules were published in the Federal Register covering mandatory privacy training, information technology (“IT”) security awareness training, and the safeguarding of controlled unclassified information (“CUI”). Comments on all three proposed rules are due on Monday, March 20, … Read More
Please join us at Taft Indianapolis on March 21 for a breakfast event featuring an informal, interactive panel discussion covering recent developments (including cyber breaches), evolving standards of compliance and practical, effective risk mitigation strategies.
Registration and Continental Breakfast: 7:30-8:00 a.m.
Discussion: 8:00-9:30 a.m.
- Richard L. Banta and Alex J. Carroll from Lifeline Data Centers, LLC
- Frederick W. McClaine from Shepherd Insurance
- James A. Butz and William C. Wagner from Taft Law
Bill Wagner authored the article “Takeaways From NASA Cloud Security Audit,” which was published by Law360 on March 1. The article discusses the Office of Inspector General’s audit report on the security of NASA’s cloud computing services and offers discussion points for corporate management and directors to consider in their own cybersecurity efforts.
In the article, Bill also provides some discussion points for a tabletop review of NASA’s audit findings with your management and board.
Bill is co-chair … Read More
The Office for Civil Rights (OCR) announced a settlement agreement for $5.5 million dollars with Florida’s Memorial Healthcare Systems (MHS) stemming from allegations it failed to protect patient data. The privacy violation arose out of the unauthorized access of 115,143 patients by MHS employees. The information that was compromised consisted of names, dates of birth and social security numbers. A majority of these impermissible actions occurred when a former employee’s login credentials were used from 2011-2012 which affected 80,000 individuals.… Read More
The saga surrounding the St. Louis Cardinals hacking scandal concluded with the issuance of a final punishment from MLB. The scandal stemmed from the actions of the former Cardinals scouting director Chris Correa, after he illegally accessed the e-mail accounts of members of the Houston Astros front office as well as their scouting database. The Cardinals were ordered to forfeit their top two selections in the upcoming 2017 amateur draft to the Astros and pay them two million dollars within … Read More
One overlooked aspect of cybersecurity is training for the employees at your company in proper data management practices. All of the technical measures that a company employs to guard against intrusions do not matter when an employee knowingly or unknowingly circumvents those measures. Proper training can help to reduce the number of incidents and lower your chances of suffering from a data breach.
- Password Management – Proper password management is key to any cybersecurity program. The technical barriers to entry
The Office of Civil Rights (OCR) first HIPAA settlement of 2017 is based on a failure to report a breach of health information in a timely manner. The settlement was reached with Presence Health, a large health care network that operates in approximately 150 locations in Illinois. Presence Health has agreed to settle the potential violations by paying a fine of $475,000 and implementing a corrective action plan to deal with this problem in the future.
The settlement stems from … Read More
After more than five years since the proposed rule in 2011, the Federal Acquisition Regulatory Council gave federal contractors a surprise holiday gift this year—mandatory privacy training for all employees on contracts and subcontracts issued on or after January 19, 2017 who:
(1) Have access to a system of records;
(2) Create, collect, use, process, store, maintain, disseminate, disclose, dispose, or otherwise handle personally identifiable information on behalf of an agency; or
(3) Design, develop, maintain, or operate a system … Read More
Guides and best practices against cyber-attacks often provide only the illusion of security. In an attempt to turn that illusion into reality, the National Cybersecurity Center of Excellence at the National Institute of Standards and Technologies (NIST) intends to create a lab environment to simulate, test, and address cybersecurity problems for robotic-based and chemical manufacturing processes through standards-based solutions using commercially available software.
The intent is to produce a series of NIST Cybersecurity Practice Guides for four cybersecurity capabilities for … Read More