I recently had the pleasure to present at the Northern Kentucky School of Law and the College of Informatics Security Symposium. The topic of my discussion was an expansion on my recent blog on the Edward Snowden matter and what companies can learn about security breaches, specifically those that come from inside. As a recent report affirmed yet again, the greatest threat of security breach does not come from hackers or other external threats, but rather from people working inside an organization. In that same presentation, I used yet again a very tired, but accurate phrase when it comes to describing security breaches: “It’s not IF you have a security breach, but WHEN you have a security breach.” I’ve been saying that for over 10 years since my days as a corporate privacy officer. The words are never truer than they are today.
November 6, 2013
California Expands Data Breach Notification Law to Include Information that Allows Access to User Accounts
Once again, California is taking the lead on addressing emerging data security issues. Governor Brown is expected to sign into law a new data security breach notification bill (S.B. 46). The bill expands the coverage of California’s existing breach law to include breaches of individuals’ online user names and email addresses, when acquired in combination with passwords or a security question and answers that would permit access to their online accounts.
October 8, 2013
For businesses working alongside healthcare providers, payers and clearinghouses, this September may be a stressful month preparations for the next deadline under the 2013 Omnibus Privacy Rule. As of September 23, 2013, these healthcare providers, payers, and clearing houses (“Covered Entities”) and their associated service providers (“Business Associates”) must be in compliance with a variety of new requirements since HIPAA was amended as part of the American Recovery and Reinvestment Act (“ARRA”) signed into law by President Obama on February 17, 2009. It would be a questionable use of blog space to write out all the things that might need to happen for any Business Associate between now and the deadline. However, here are some things for businesses in the healthcare space to consider:
September 17, 2013