Archives: Privacy Policy

Subscribe to Privacy Policy RSS Feed

HIPAA’S Privacy Rule: Having a Policy – But Not Enforcing It – Costs Provider $5.5 Million

The Office for Civil Rights (OCR) announced a settlement agreement for $5.5 million dollars with Florida’s Memorial Healthcare Systems (MHS) stemming from allegations it failed to protect patient data. The privacy violation arose out of the unauthorized access of 115,143 patients by MHS employees. The information that was compromised consisted of names, dates of birth and social security numbers. A majority of these impermissible actions occurred when a former employee’s login credentials were used from 2011-2012 which affected 80,000 individuals.… Read More

Real-Life Attacks On Business & What You Can Do To Deter A Cybercriminal – Event September 7

To effectively guard against an enemy of any kind it’s important to know your enemy. This strategy is just as effective when fighting an online battle to protect your company’s data.

Before you can effectively defend against cyberattacks, it is important to educate yourself on potential threats and how to handle them. We invite you to join us on September 7 for part two of the Columbus Cybersecurity Series featuring FBI agent David Fine returns. During this portion of the … Read More

Corporate Boards: The Challenges and Risks of Maneuvering Through Cybersecurity

This is the first of a three-part series on the implications of cybersecurity threats on boards of directors. 

Now, more than ever, corporate boards face an immense challenge to ensure that their companies are prepared for cybersecurity threats before they occur.  It is not question of if a corporation will be hit by a cybersecurity incident or data breach, but when.

The Existing Cybersecurity Landscape and Associated Risks  

The landscape that corporate boards face has never been more treacherous, with … Read More

Regulatory Update: DOJ and SEC Issue Privacy and Cybersecurity Recommendations

The Department of Justice Cybersecurity Unit recently issued its “best practices” for cybersecurity incidents, while the SEC recently circulated a cybersecurity “guidance update.”  These publications recommend that companies institute certain policies and procedures for cybersecurity based on each agency’s experience in the area.

The agencies’ suggestions are good ones.  More importantly, like NIST’s Cybersecurity Framework, such recommendations may become de facto standards that regulators, courts, and juries look to when they assess whether your company’s … Read More

Threat Intelligence – What You Should Be Doing

Threat Intelligence is, very simply, network defense techniques that leverage knowledge (i.e. intelligence and counter intelligence) about adversaries so that organizations can build a superior information base which decreases the chances of an attacker compromising their networks. Gartner more specifically defines it as “Evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to the menace or hazard.”

Vulnerability Read More

Cyber Attacks: Small/Mid Cap Companies Beware

The marquee breaches that have occurred recently (i.e. Anthem, Home Depot, Morgan Stanley, Target, Linked In, and Sony) have helped U.S. Fortune 1000 companies understand that data security must be taken seriously.  Not only must companies invest in their data security, but they must proactively manage and protect it.  Previously, large corporations generally considered hacking attacks and general security breaches as “Force Majeure” events in that they were both unpredictable and unpreventable.  Therefore, many of the Fortune 1000 purchased cyber … Read More

The “Where” of Data Security

When we secure an asset, we usually know where it is and have a series of controls to protect it. For a house or office building, it is the address and we secure it with locks and perhaps a security service. For a car, we have the VIN and maybe a tracking device if the car is valuable as well as keys and alarms to control access. By and large, we have ingrained in our psyches how to protect physical … Read More

The Enemy Abroad: President declares cyber-espionage a national emergency; creates U.S. power to sanction

Following high-profile data breaches, including North Korea’s virtual invasion of Sony Pictures, President Obama declared a national emergency related to malicious cyber-attacks from abroad. In an executive order signed April 1, 2015, Obama created expansive sanctions designed to curb, as he put it, this “unusual and extraordinary threat to the national security, foreign policy, and economy of the United States.”

The order gives the U.S. Treasury Department discretion to freeze assets of foreign persons or entities who engage in “or … Read More

How To Advise Tech Start-Ups in Practice, Not Theory

What career could possibly be more exciting than serving as a privacy lawyer for tech start-up companies? This is a question I asked myself a few years back, right after I finished clerking for a couple of terrific federal judges and right as I was considering starting the privacy practice I had envisioned as a law student sitting in Prof. Fred Cate’s classes at the Indiana University Maurer School of Law several years earlier. At that time, my answer was … Read More

Lawless Published in The Privacy Advisor

“How To Advise Tech Start-Ups in Practice, Not Theory,” an article by Taft Cincinnati attorney Matthew D. Lawless, was published in IAPP’s The Privacy Advisor on March 24.

About the IAPP
The IAPP is the largest and most comprehensive global information privacy community and resource. Founded in 2000, the IAPP is a not-for-profit organization that helps define, support and improve the privacy profession globally.… Read More

Questions Every Tech Start-Up Should Answer Before Drafting a Privacy Policy

So you know what information you will collect, how you will use it, where you will store it, how you will secure it and with whom you will share it. Put all of this information in a “privacy policy” and you’re done, right?

Wrong.

Following is our list of the top privacy law questions every tech start-up should ask itself before drafting a privacy policy.

1.  Do we receive any health information from health plans, health care clearinghouses or other Read More

LexBlog