Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Steve Spagnolo

Posts by Steve Spagnolo
Posted in Cybersecurity & Data Breaches, Health Privacy/HIPAA

OCR and NIST Host Conference and Provide Insights on Safeguarding Health Information

Government officials emphasized the importance of risk analysis and risk management in safeguarding PHI at the Seventh Annual “Safeguarding Health Information: Building Assurance Through HIPAA Security” conference held from September 23–24, 2014, and co-hosted by the National Institute of Standards and Technology and the Department of Health and Human Services, Office for Civil Rights. The conference’s themes—which include risk analysis and risk management, information sharing, and upcoming OCR enforcement efforts—highlighted how HIPAA regulated entities should approach cybersecurity considerations and compliance with the HIPAA Security Rule.

Posted in Consumer Privacy, International/EU Privacy

Amendments to China’s Consumer Protection Law Add Compliance Obligations when Handling Personal Information

On October 25, 2013, the Standing Committee of China’s National People’s Congress passed an amendment (“Amendment”) to the 1993 Law of Protection of Consumer Rights and Interests, which addresses longstanding issues related to e-commerce fraud and illegal disclosures of consumers’ personal information. The Amendment, which takes effect on March 15, 2014, reforms China’s 20-year-old consumer protection law by providing more robust protections to consumers, including provisions that restrict the collection, use, and disclosure of consumers’ personal information and require consent to send commercial communications.

Posted in Cybersecurity & Data Breaches

U.S. Banking Regulator Directs Banks to Bolster Cybersecurity Efforts in Wake of Recent Denial of Service Attacks

The Office of the Comptroller of the Currency (OCC) issued an alert today warning banks of a recent spate of distributed denial of service (DDoS) attacks directed at several U.S. banks, and reiterating its expectation that banks have risk management programs in place to identity and mitigate the “new and evolving threats” to online customer […]