Whether a cannabis firm is in the recreational or the medicinal space it seems as though there is an excess of rules and demands whichever way you turn. The new California regulations read like those for a proper...more
Often one of the benefits of working with a capable cyber risk broker or insurer is that the covered business has access to supplemental services ranging from security assessments to budget-priced post-incident legal support....more
4/3/2019
/ Corporate Counsel ,
Cyber Insurance ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Data Security ,
Information Technology ,
Intellectual Property Protection ,
NIST ,
Popular ,
Risk Assessment ,
Risk Management ,
Vendors
On March 15, 2019, the European Data Protection Board published Opinion 5/2019 on the interplay between the ePrivacy Directive and the GDPR, in particular regarding the competence, tasks, and powers of data protection...more
On Friday, February 22, the Wall Street Journal ran a story titled “You Give Apps Sensitive Personal Information. Then They Tell Facebook” (subscription required). The report gained further traction over the weekend, and by...more
Discoveries advance on a regular basis as to how cannabidiol and related therapeutics can heal or at least relieve the pain associated with health conditions. From cancer and opioid addiction to chronic pain and glaucoma,...more
For those of a certain generation the concept of “The Borg” invokes a seemingly inevitable force that pulls opponents into the “Collective” through a process of assimilation. According to the inestimable source, Wikipedia,...more
Last week the firm moderated a discussion of banking and lending in the cannabis industry. The event was well attended and most importantly provided practical insights concerning the financing of cannabis businesses...more
2/7/2019
/ Banking Sector ,
Business Associates ,
Covered Entities ,
Data Privacy ,
Data Security ,
Dispensaries ,
Financial Institutions ,
Health Care Providers ,
Health Insurance ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Marijuana ,
Marijuana Related Businesses ,
Medical Marijuana ,
Standard of Care
If nature abhors a vacuum, then apparently so too does legislation. Between the EU General Data Protection Regulation and the still-evolving California Consumer Privacy Act (CCPA), there has been much discussion amongst us...more
Amongst the flurry of activity in the privacy space recently, there have been two particular trends that businesses need to monitor....more
1/30/2019
/ Article III ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Data Collection ,
Employee Privacy Rights ,
Employer Liability Issues ,
Injury-in-Fact ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Private Right of Action ,
State Law Claims ,
Statutory Violations
At the close of 2018, the Department of Health and Human Services (HHS) published Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients. While not formally styled as guidance or interpretive...more
1/16/2019
/ 21st Century Cures Act ,
Cyber Threats ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Department of Homeland Security (DHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Life Sciences ,
NIST ,
OCR ,
Risk Management ,
Security Standards
If your organization has a website, it probably needs a publicly posted privacy notice explaining how personal data is (or is not) collected, used, protected, and shared. Privacy notices are expressly required under some...more
This past Friday, the Office of Civil Rights within the U.S. Department of Health and Human Services published a formal Request for Information on Modifying HIPAA Rules to Improve Coordinated Care. The RFI’s publication...more
12/18/2018
/ 21st Century Cures Act ,
Consent ,
Covered Entities ,
Electronic Health Record Incentives ,
Food and Drug Administration (FDA) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Institutional Review Board (IRB) ,
OCR ,
PHI ,
Privacy Rule ,
Request For Information ,
Technology Sector
While references to “the cloud” and “cloud computing” are significantly more familiar than they were five years ago, it remains clear that many organizations implement cloud resources ineffectively – or at least do not...more
On November 30th, Marriott announced that a guest reservation database on the Starwood side of its business had been breached. Initial reports indicated that upwards of 500 million individuals were affected. The stolen data...more
$4.8 million.
That is an impressive class-action settlement number, particularly when you consider that the automated calls and texts triggering the litigation and settlement arose from a single auto dealership. The auto...more
A recent Harris Poll surveyed adults on the topic of corporate social responsibility and found, not surprisingly, that a majority of those asked stated that companies should – or perhaps “ought” – to have a mission beyond...more
11/20/2018
/ California Consumer Privacy Act (CCPA) ,
Class Action ,
Consumer Privacy Rights ,
Corporate Social Responsibility ,
Cybersecurity ,
Financial Services Industry ,
Health Insurance Portability and Accountability Act (HIPAA) ,
NIST ,
NYDFS ,
Personal Data ,
Personally Identifiable Information ,
Privacy Concerns ,
Privacy Laws
Organizations of all types are increasingly subject to data theft and loss, whether the asset is customer information, intellectual property, or sensitive company files. The federal government and, thus, its private...more
11/13/2018
/ Benchmarking ,
Best Practices ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Executive Orders ,
Federal Trade Commission (FTC) ,
FFIEC ,
Health Insurance Portability and Accountability Act (HIPAA) ,
NIST ,
Obama Administration ,
Popular ,
Private Sector ,
Regulatory Standards
As consumers, when we think of privacy, one of the first adjectives that springs to mind should be “inconsistent.” Consumers claim to want their personal information used only for the purposes they originally provided it, and...more
A recent issue of MIT’s Technology Review magazine is titled, “Look how far precision medicine has come.“ At least part of the premise is that personalized medicine or precision medicine is not perceived as having made the...more
10/30/2018
/ App Developers ,
Apple ,
Cloud Computing ,
Cybersecurity ,
Digital Health ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Life Sciences ,
Mobile Apps ,
Mobile Devices ,
PHI ,
Popular ,
Precision Medicine Initiative (PMI) ,
Security and Privacy Controls
Just a month after the EU General Data Protection Regulation became effective, California enacted the Consumer Privacy Act of 2018, which has caused almost as much concern among organizations doing business there. Given the...more
10/23/2018
/ California Consumer Privacy Act (CCPA) ,
CAN-SPAM Act ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Data-Sharing ,
Duty to Delete ,
General Data Protection Regulation (GDPR) ,
Marketing ,
Personally Identifiable Information ,
Privacy Laws
In April 2018, Verizon released the 11th edition of its Data Breach Investigations Report. As usual, the Verizon DBIR contained interesting data points culled from more than 53,000 incidents and 2,216 confirmed data breaches....more
10/18/2018
/ C-Suite Executives ,
Corporate Counsel ,
Corporate Management ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Encryption ,
Information Reports ,
Kaspersky ,
Popular ,
Risk Management ,
Security and Privacy Controls ,
Verizon
The scope and scale of Equifax’s recent data breach and Facebook’s ongoing data-sharing travails have forced companies around the world to consider, perhaps more than ever before, the legality of how they obtain and process...more