Author: Discerning Data Editorial Board

European Commission Issues GDPR Guidance

Share

The European Commission (EC) recently issued online guidance on the General Data Protection Regulation (GDPR), a sweeping European Union (EU) data protection legislation that will take effect on May 25, 2018.  The guidance is intended to be used as a tool to help businesses as well as the EC, national data protection authorities, EU Member States, and other national administrations prepare for the GDPR.  To date, only 2 EU Member States – Germany and Austria – have adopted the relevant national legislation to be in compliance with GDPR.

Continue reading “European Commission Issues GDPR Guidance”

NIST Releases Draft Report on IoT Cybersecurity Standards; Comments Due April 18

Share

On February 14, 2018, the National Institute of Standards and Technology (NIST) released a draft of its NIST Interagency Report 8200 (NISTIR 8200), which is intended to inform policymakers and standards participants in developing and implementing cybersecurity standards in and for IoT devices and systems.  At a high level, the draft report is intended to:

  • provide a functional description for IoT (Section 4);
  • describe several IoT applications that are representative examples of IoT (Section 5);
  • summarize the cybersecurity core areas and provides examples of relevant standards (Section 6);
  • describe IoT cybersecurity objectives, risks, and threats (Section 7);
  • provide an analysis of the standards landscape for IoT cybersecurity (Sections 8 and 9); and
  • map IoT relevant cybersecurity standards to cybersecurity core areas (Appendix D).

Continue reading “NIST Releases Draft Report on IoT Cybersecurity Standards; Comments Due April 18”

Information Injury Workshop Covers Non-Financial Harms Faced By Consumers

Share

The Federal Trade Commission held its Information Injury Workshop in December in Washington D.C. The goal of the workshop was to explore how to characterize and measure information injuries to consumers.

Information injury is the harm that a victim suffers as a result of privacy or data security breach. Financial, health and safety injury are the most common types of alleged injuries that the FTC has seen in privacy and data security in the past few years. Yet, injury that does not cause financial harm can be challenging to quantify.

Continue reading “Information Injury Workshop Covers Non-Financial Harms Faced By Consumers”

Involuntary Dissolution Does Not Absolve Business Associate of HIPAA Obligations

Share

A receiver appointed to liquidate the assets of Filefax, Inc. has agreed to pay $100,000 to the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) in a no-fault settlement regarding potential violations of the Health Insurance Portability and Accountability Act (HIPAA).

Filefax, an entity involuntarily dissolved by the Illinois Secretary of State in August 2017, previously provided services to HIPAA covered entities, including storage, maintenance, and delivery of medical records.  On February 10, 2015, OCR received an anonymous complaint alleging that an individual had transported medical records obtained from Filefax to a shredding and recycling facility to sell on February 6 and 9, 2015.  OCR investigated the matter and confirmed that an individual had left medical records that contained the protected health information (PHI) of approximately 2,150 patients at the shredding and recycling facility.  OCR’s investigation indicated that Filefax had either left the PHI in an unlocked truck in its parking lot or granted permission to an unauthorized person to remove the PHI from Filefax, and left the PHI unsecured outside of the Filefax facility.

Continue reading “Involuntary Dissolution Does Not Absolve Business Associate of HIPAA Obligations”

China Releases New Personal Information Privacy Standards

Share

On January 25, 2018, China released the final version of the Personal Information Security Specification, new voluntary standards on the protection of personal information.  The standards anticipate and address the “issues faced in personal information security during the rapid development of IT technology; with the protection of personal information as their core” and is meant to “regulate all phases of big data operations and related conduct, such as the collection, storage, processing, use and disclosure of personal information.”  The standards will go into effect on May 1, 2018.

The standards will apply to organizations using information systems to process personal information; specific departments that involve network security, third party assessment organizations; and other organizations that deal with the oversight, management, and assessment of personal information security.  Generally, they lay out the following 8 basic principles of personal information security.

Continue reading “China Releases New Personal Information Privacy Standards”

FTC Nominees Identify Agency’s Top Challenges in Web Questionnaires

Share

The Senate Commerce, Science & Transportation Committee has set confirmation hearings for February 14 for President Donald Trump’s four nominees to the Federal Trade Commission (FTC).

For the past year, there have been two commissioners leading the agency – Acting Chairman Maureen Ohlhausen and Commissioner Terrell McSweeny.

Continue reading “FTC Nominees Identify Agency’s Top Challenges in Web Questionnaires”

©2025 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Attorney Advertising.
Privacy Policy