Mauricio Paez

Mauricio Paez

Jones Day

Contact

Readers' Choice Awards

Cybersecurity
Cybersecurity
Cybersecurity
View Bio
RSS

Latest Publications

Share:

U.S. District Court Invalidates HHS Guidance Overreading HIPAA's Application to Online Technologies

On June 20, 2024, a U.S. federal district court held, in a suit brought by Jones Day, that the Department of Health and Human Services ("HHS") had misapplied the Health Insurance Portability and Accountability Act ("HIPAA")...more

8/2/2024  /  Confidential Information , Covered Entities , Data Privacy , Department of Health and Human Services (HHS) , Electronic Protected Health Information (ePHI) , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , HIPAA Privacy Rule , Medical Records , New Guidance , PHI

SEC v. SolarWinds: Court Rejects SEC Authority Over Cybersecurity Controls and Most Alleged Disclosure Violations

The U.S. District Court for the Southern District of New York dismissed the majority of claims that the Security and Exchange Commission ("SEC") asserted against SolarWinds, including claims that the company's alleged...more

8/2/2024  /  Cyber Incident Reporting , Cybersecurity , Data Protection , Disclosure Requirements , Publicly-Traded Companies , Risk Management , Securities and Exchange Commission (SEC) , SolarWinds

Rhode Island Continues State-Level Adoption of Comprehensive Data Privacy Laws

Rhode Island is the latest state to adopt a comprehensive data privacy law, titled the Data Transparency and Privacy Protection Act....more

7/26/2024  /  Data Collection , Data Privacy , Data Protection , Data Security , Innovative Technology , Personal Data , Personal Information , Rhode Island , State and Local Government , State Privacy Laws

FTC's Final Health Breach Notification Rule: Expanded Scope, New Obligations, and Modified Reporting Requirements

The Federal Trade Commission ("FTC") intends to "strengthen and modernize" the Health Breach Notification Rule with revamped and increased scrutiny on entities holding health information, including health apps, websites, and...more

7/3/2024  /  Breach Notification Rule , Data Breach , Federal Breach Notification Standard , Federal Trade Commission (FTC) , Final Rules , Healthcare , PHI , Regulatory Agenda , Reporting Requirements

Colorado Enacts AI Consumer Protection Legislation

On May 17, 2024, Colorado enacted S.B. 24-205 (the "Act"), which imposes a duty of reasonable care on developers and deployers of high-risk artificial intelligence ("AI") systems to protect consumers from risks of algorithmic...more

6/20/2024  /  Algorithms , Artificial Intelligence , Colorado , Consumer Protection Act , Discrimination , Machine Learning , New Legislation , Reporting Requirements , Risk Management , Unfair or Deceptive Trade Practices

United States Zeroes In on Aviation Cybersecurity With FAA Reauthorization Act Updates

The sweeping FAA Reauthorization Act of 2024 includes measures intended to improve safety and cybersecurity for the U.S. aviation sector....more

6/17/2024  /  Aviation Industry , Biden Administration , Civil Aviation Authority (the CAA) , Cyber Threats , Cybersecurity , Federal Aviation Administration (FAA) , GAO , New Legislation , Rulemaking Process

California Privacy Protection Agency Publishes Enforcement Advisory on Data Minimization

California's privacy enforcement agency has published crucial data minimization guidance for businesses....more

5/14/2024  /  California , California Consumer Privacy Act (CCPA) , California Privacy Protection Agency (CPPA) , Cybersecurity , Data Privacy , Data Protection , Personal Information

Here We Go Again: U.S. Congress Reintroduces New Comprehensive Federal Privacy Law

With the bipartisan, bicameral proposed American Privacy Rights Act of 2024, the U.S. Congress seeks to adopt the first national personal data privacy and security law that would preempt comprehensive state privacy laws....more

4/30/2024  /  Algorithms , Artificial Intelligence , Covered Entities , Data Protection , Federal Data Privacy , Federal Trade Commission (FTC) , FTC Act , Health Insurance Portability and Accountability Act (HIPAA) , Personal Data , Personal Information , Preemption , Proposed Legislation , Regulatory Agenda , Regulatory Reform , State Privacy Laws

CISA Releases Proposed Cyber Incident and Ransom Payment Reporting Rules to Implement CIRCIA

CISA's proposed rules will require organizations operating in U.S. critical infrastructure sectors to report cyber incidents within 72 hours and ransom payments within 24 hours. ...more

4/11/2024  /  Covered Entities , Critical Infrastructure Sectors , Cyber Attacks , Cyber Incident Reporting , Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) , Cybersecurity , Cybersecurity Information Sharing Act (CISA) , Proposed Rules , Ransomware , Reporting Requirements

New State Health Privacy Laws—Moving Beyond HIPAA and Recasting Consumer Health Data Rights?

New, first-of-their-kind consumer health data privacy laws in Washington and Nevada are designed to provide state-level protections for personal health data not covered by the Health Insurance Portability and Accountability...more

4/4/2024  /  Data Privacy , Data Protection , Gramm-Leach-Blilely Act , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , Healthcare , Popular , State Data Privacy Laws , State Privacy Laws

California and FTC Announce Enforcement Actions Involving the Sale of Personal Information

In two back-to-back announcements, California and the FTC reemphasized their enforcement efforts related to the sale of personal information....more

3/14/2024  /  California , California Consumer Privacy Act (CCPA) , CalOPPA , Data Privacy , Data Selling , DoorDash , Enforcement Actions , Federal Trade Commission (FTC) , Mobile Apps , Personal Information , Privacy Concerns , State and Local Government , State Attorneys General

NIST Extends its Cybersecurity Framework to Cover Evolving Threats and Governance

The National Institute of Standards and Technology ("NIST") released a significant update to its framework, expanding its scope and reach to cover a broader audience and evolving cybersecurity risks and management issues....more

3/8/2024  /  Cyber Attacks , Cyber Threats , Cybersecurity , Data Privacy , Data Protection , Data Security , NIST , Popular , Risk Management

California Proposes CCPA Amendments to Further Protect Children's Privacy

Proposed amendments to the California Consumer Privacy Act would require businesses to obtain opt-in consent prior to collecting, selling, sharing, using, or disclosing a minor's personal information....more

3/5/2024  /  California , California Consumer Privacy Act (CCPA) , Consumer Privacy Rights , Cybersecurity , Data Collection , Data Privacy , Data Protection , Minor Children , Personal Data

Executive Order Limits Sale or Transfer of Personal Data to Certain Countries

The U.S. Government has identified the exploitation of Americans' bulk sensitive personal data and U.S. government-related data by "countries of concern" as posing a national security risk....more

3/4/2024  /  Algorithms , Artificial Intelligence , Consumer Financial Protection Bureau (CFPB) , Cybersecurity , Data Sellers , Department of Justice (DOJ) , Executive Orders , International Data Transfers , Personal Data , Proposed Rules

California Court Greenlights Enforcement of New Privacy Regulations

The California Privacy Protection Agency ("CPPA") will be able to immediately enforce regulations issued under the California Consumer Privacy Act ("CCPA"), as amended, after a recent California appeals court decision...more

2/19/2024  /  California , California Consumer Privacy Act (CCPA) , California Privacy Protection Agency (CPPA) , California Privacy Rights Act (CPRA) , Consumer Privacy Rights , Data Protection , Enforcement , New Regulations

HHS Releases Cybersecurity Performance Goals to Enhance Cybersecurity for Health Care and Public Health Sectors

The Department of Health and Human Services ("HHS") has released voluntary cybersecurity performance goals for the health care and public health sectors, which outline an increasingly standardized regulatory approach and...more

2/19/2024  /  Cyber Attacks , Cybersecurity , Data Breach , Data Privacy , Data Protection , Department of Health and Human Services (HHS) , Health Care Providers , Healthcare , Popular , Proposed Regulation , Public Health

California Privacy: A Deeper Dive Into the New Regulations Expected in 2024

The Background: The California Privacy Protection Agency board ("CPPA" or "Board") is in the process of issuing new regulations as authorized under the California Privacy Rights Act. These three sets of proposed regulations...more

2/14/2024  /  Audits , Automation Systems , California , California Privacy Protection Agency (CPPA) , California Privacy Rights Act (CPRA) , Cybersecurity , Decision-Making Process , Innovative Technology , New Regulations , Personal Information , Privacy Concerns , Risk Assessment , Rulemaking Process , Software

The Department of Defense Proposes the Much-Anticipated CMMC 2.0

On December 26, 2023, the Department of Defense ("DoD") published a proposed rule to implement the Cybersecurity Maturity Model Certification ("CMMC") 2.0, which will establish comprehensive cybersecurity requirements for...more

2/2/2024  /  Controlled Unclassified Information (CUI) , Cybersecurity , Cybersecurity Maturity Model Certification (CMMC) , Department of Defense (DOD) , DFARS , False Claims Act (FCA) , Federal Contractors , NIST , Proposed Rules

HHS Announces Upcoming Federal Strategies to Enhance Cybersecurity for Health Care and Public Health Sectors

The Department of Health and Human Services ("HHS") has released a concept paper outlining its new cybersecurity strategies for the health care sector, identifying cybersecurity priorities, potential future regulations and...more

1/12/2024  /  Centers for Medicare & Medicaid Services (CMS) , Cybersecurity , Data Privacy , Data Protection , Data Security , Department of Health and Human Services (HHS) , Federal Trade Commission (FTC) , Health Insurance Portability and Accountability Act (HIPAA) , Healthcare , OCR , Popular , Proposed Rules , Public Health , Regulatory Requirements , Risk Mitigation

EU Releases Data Act to Facilitate Access and Use of Data

On 22 December 2023, the Regulation on harmonized rules on fair access to and use of data ("Data Act") was published in the EU's Official Journal. The Data Act lays down rules on fair access to and use of personal and...more

1/11/2024  /  DATA Act , Data Management , Data Protection , EU , EU Data Protection Laws , Personal Data

FTC Seeks to Strengthen Privacy Protections of Children Online

On December 20, 2023, the Federal Trade Commission ("FTC") announced a Notice of Proposed Rulemaking ("NPRM") to revise the Children's Online Privacy Protection Act ("COPPA") Rule to reduce the amount of information...more

12/28/2023  /  Comment Period , COPPA , Cybersecurity , Data Privacy , Data Protection , Data Security , Enforcement Authority , Federal Trade Commission (FTC) , Notice of Proposed Rulemaking (NOPR) , Online Platforms , Online Safety for Children , Personal Information , Regulatory Agenda , Social Media

HHS Enters Into First-Ever Ransomware Resolution Agreement and Corrective Action Plan

The U.S. Department of Health and Human Services ("HHS") Office of Civil Rights ("OCR") has entered into its first settlement of potential Health Insurance Portability and Accountability Act ("HIPAA") violations arising out...more

12/6/2023  /  Cybersecurity , Data Breach , Data Privacy , Data Protection , Data Security , Department of Health and Human Services (HHS) , Electronic Protected Health Information (ePHI) , Health Insurance Portability and Accountability Act (HIPAA) , HIPAA Violations , Hospitals , Life Sciences , OCR , Ransomware

New York Governor Proposes Stringent Cybersecurity Regulations for Hospitals

New York is the first state to propose cybersecurity requirements for all hospitals operating in the state to address patient safety and other cybersecurity related issues....more

12/1/2023  /  Chief Information Security Officer (CISO) , Cyber Threats , Cybersecurity , Data Protection , Health Insurance Portability and Accountability Act (HIPAA) , Healthcare Facilities , Hospitals , New York , NYDFS , Patient Privacy Rights , Popular , Proposed Regulation , Regulatory Agenda , Regulatory Reform

NYDFS Expands Cybersecurity Regulations: Extortion Payment Reporting, Corporate Governance, and Technical Requirements

A major amendment to the New York State Department of Financial Services' cybersecurity regulations establishes affirmative cybersecurity oversight duties and requires companies to report extortion payments to the agency....more

11/16/2023  /  Chief Information Security Officer (CISO) , Cybersecurity , Cybersecurity Framework , Data Protection , Extortion , Financial Institutions , Financial Services Industry , Information Technology , NYDFS , Popular , Risk Assessment , Third-Party Service Provider

FTC Requires Non-Bank Financial Institutions to Report Data Security Breaches Under Amended Safeguards Rule

On Friday, October 27, the Federal Trade Commission ("FTC") announced new amendments to the Safeguards Rule, requiring covered financial institutions to report certain data breaches to the FTC and reflecting its continuing...more

11/13/2023  /  Cybersecurity , Data Protection , Data Security , Federal Trade Commission (FTC) , Financial Institutions , Financial Regulatory Reform , Financial Services Industry , FTC Act , Gramm-Leach-Blilely Act , New Amendments , Non-Bank Lenders , Personal Information , Popular , Privacy Rule , Risk Assessment , Risk Management , Safeguards Rule , Section 5
123 Results
 / 
View per page
Page: of 5
Next »

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide