Compliance Perspective: What's New in Healthcare Privacy
NY’s Almost There- Back in June of this year, New York’s legislature passed a bill that, if enacted, would create the first state-level public database with information regarding the ownership of limited liability...more
Biometric data refers to an individual’s physical attributes such as fingerprints, facial recognition, or Iris scans for the purpose of identification. This type of data is currently being used by many government agencies for...more
On February 14, the SEC issued a proposed rule to revise the Commission’s regulations under the Privacy Act of 1974, as amended. The Privacy Act governs the collection, maintenance, use, and dissemination of information about...more
Editor’s Note: On September 29, 2022, HaystackID shared an educational webcast on the topic of US privacy law. As privacy continues to move to the forefront of not only information consideration but of business concern for...more
There is a wealth of information available from the IRS that is not generally made available to the public. Most of this information can be obtained by asking. ...more
Federal contractors know all too well the list of annual requirements and obligations can seem overwhelming at times. One that may get overlooked by some is annual training requirements. A fairly new such training went into...more
Recently the Health Care Compliance Association released the new Health Care Privacy Handbook, 3rd Edition. https://www.hcca-info.org/health-care-privacy-handbook To learn what’s new in the book and in healthcare privacy...more
On January 16, 2020, the National Institute of Standards and Technology (NIST) issued its NIST Privacy Framework Version 1.0 (Privacy Framework). The Privacy Framework follows the same type of structure as the NIST Framework...more
In a letter sent to Senator Elizabeth Warren regarding the CFPB’s supervision of student loan servicers, CFPB Director Kathy Kraninger discussed the Bureau’s relationship with the Department of Education....more
On September 12, the Bureau of Consumer Financial Protection (Bureau) issued a final rule that amends the procedures used by the public to obtain information from the Bureau under the Freedom of Information Act (FOIA), the...more
On May 25, 2018, the European Union will begin enforcing the General Data Protection Regulation (GDPR), which enacts strict standards for the handling, retaining, and processing of the personal data of any individual located...more
DEPARTMENT OF DEFENSE - FAR Class Deviation for Enhanced Debriefings - The Department of Defense (DoD) issued a FAR class deviation last Thursday for enhanced debriefings in light of Section 818 of the FY2018 NDAA (NDAA...more
Under a final rule issued by the Department of Defense (DOD), General Services Administration (GSA), and National Aeronautics and Space Administration (NASA), effective January 19, 2017, federal government contractors must...more
As mentioned in a prior blog post, the U.S. Customs and Border Protection (CBP) can conduct searches of individuals departing the United States, a fact that many are not aware of. In fact, the rule that failure to declare...more
In a decision consolidating two cases involving two veterans and two separate incidences of data breaches at the Veterans Affairs Medical Center (VAMC) in South Carolina, the US Court of Appeals for the Fourth Circuit...more
On February 21, 2017, Department of Homeland Security (DHS) released two memoranda signed by DHS Secretary Kelly addressing immigration enforcement. While a sitting President cannot independently modify laws or regulations...more
The U.S. Court of Appeals for the Fourth Circuit issued a unanimous opinion in Beck v. McDonaldon February 6, 2017, clarifying the standard for Article III standing and what constitutes sufficient injury-in-fact in putative...more
The U.S. Court of Appeals for the Fourth Circuit has made it more difficult to establish Article III standing in data breach cases both at the pleading stage and at summary judgment by requiring plaintiffs to allege and show...more
We have previously noted that the the U.S.-E.U. Privacy Shield data transfer may not be dead, but it is ailing. These concerns have been exacerbated by a January 25, 2017 presidential Executive Order (EO) “Enhancing Public...more
Earlier this month, the Fourth Circuit weighted in with the most recent decision in the developing case law on Article III standing in data breach litigation, a topic that we have been covering extensively on this blog. ...more
In recent weeks there has been significant debate among commentators about whether Europeans’ privacy is becoming less protected in the US and what that may mean for the privacy protection arrangements between the EU and the...more
Beginning on April 12, 2017, U.S. organizations that are subject to the investigatory and enforcement powers of the FTC or the Department of Transportation will be able to self-certify to the newly adopted Swiss–U.S. Privacy...more
Last Wednesday, President Trump signed an immigration-related Executive Order (EO) titled “Enhancing Public Safety in the Interior of the United States” that, among other things, removed the ability of federal agencies to...more
The FAR Council issued a final rule on December 20, 2016, amending the Federal Acquisition Regulation (FAR) to add FAR Subpart 24.3, requiring privacy training for all contractor employees who (1) access a system of records;...more