On Thursday, March 26, 2020, the Senate passed the Coronavirus Aid, Relief, and Economy Security Act (the “CARES Act”), which provides economic relief for individuals, businesses and industries affected by the COVID-19 pandemic. In addition, some provisions specifically relate to nascent privacy and data security concerns to be addressed both during and after the pandemic:

  • Financial Assistance for Training: Qualifying small businesses and minority owned businesses may apply for financial assistance in the form of grants to cover training and advising for employees on risks of and mitigation of cybersecurity threats in remote customer service or telework practices. The economic landscape following the COVID-19 pandemic will highlight businesses’ increased reliance upon technology, and the nascent need for increased attention to data security education. The financial assistance available to small and minority-owned businesses provides a great opportunity for companies to get ahead of the curve with respect to myriad information security threats.
  • Credit Reporting: The Fair Credit Reporting Act is revised so that furnishers of consumer and payment information, who make an accommodation with respect to one or more payments on a consumer’s account or credit obligation, must report the account or obligation as “current,” unless it was delinquent prior to the accommodation.
  • Public Health Service Act Amended to Conform with HIPAA: The Public Health Service Act is amended to include breach notification and consent requirements consistent with HIPAA. In addition, within one year after the date of enactment, the Secretary of Health and Human Services shall update 45 C.F.R 164.520 so that covered entities and entities creating or maintaining records relating to substance abuse education, training, treatment, and research shall provide easily understandable notices of privacy practices. As a result, some entities not currently regulated by HIPAA will need to adapt to some of the HIPAA requirements related to breach notification and notice of privacy practices.
  • Cybersecurity & Infrastructure Security Agency: $9 million is allocated for supply chain and information analysis, as well as impacted critical infrastructure coordination.
  • Funding for Public Health Surveillance: $500 million is allocated for public health data surveillance and analytics infrastructure modernization.

Continue Reading COVID-19 Bulletin: CARES Act Provides Attention to Privacy & Data Security Precautions

With this year’s high profile breach at a large consumer reporting agency and credit cards ringing up balances during this holiday season, I have been fielding numerous calls from people in both a professional and personal capacity on what they should be doing to “truly” protect their identity and their credit accounts. I often find myself reiterating some of the basics of the laws in place to protect you and to empower you to safeguard your credit information. So, I thought a quick post sharing that information might be timely, helpful and possibly buy you some peace of mind.

  1. No one will care more about your privacy and security than you. Let me begin by reiterating a common mantra of mine: No one will care more about your privacy and security than you. While the law can provide a remedy and some protections, it will never move faster than you, nor will it know as much about your individual situation as you do. In truth, the law is your last remedy when dealing with information security-related issues. That said, there are protections and tools available to you at the federal and state level of which you might be able to avail yourself.
  2. Federal and state law. At the federal level, the privacy and security of your information stored by consumer reporting agencies (“CRAs”) is regulated under the Fair Credit Reporting Act (“FCRA”). The FCRA regulates the use of consumer report information, or any information that might be used to determine your eligibility for something, such as a loan, apartment rental, job, license, etc. As this information includes sensitive details such as your social security number, date of birth, as well as details of your financial and professional history, the FCRA assigns many duties and obligations to CRAs and users of consumer reports. On top of that, many states have their own version of a fair credit reporting act that mirrors the federal law. In some cases, the state act provides more restrictions and protection on the use of personal information than the federal version.

Continue Reading Just Chill: Why the Credit Security Freeze May be Your Best Defense in the Data Breach Era