Multi-state AG enforcement of HIPAA — a sign of what’s to come?


[social_warfare]

This article is a republication of a piece I wrote for DataGuidance, a global privacy platform, in June of this year. As one of 30 North American experts, I occasionally produce content for this resourceful tool used by privacy professionals around the world.  On 4 December 2018, 12 State Attorneys General (‘AGs’) led a joint complaint against the company Medical Informatics Engineering (‘MIE’) in the United States District Court for the Northern District of Indiana (‘the Court’), in the case State of Indiana et al v. Medical Informatics Engineering, Inc. et al (‘the MIE case’). The complaint was led over the company’s handling of a data breach in May 2015, which the AGs claimed had amounted to a violation of the Health Insurance Portability and Accountability Act of 1996 (‘HIPAA’), as well as statutes at a state level. Thomas Ritter, Associate at Thompson Burton PLLC, comments on the significance of […]

Continue Reading

Cybersecurity Basics for Any Business


[social_warfare]

According to a recent survey of US CEOs, cybersecurity represents the biggest external concern for 2019.  If organizations know cybersecurity is an issue, then why is there such a struggle to combat this universal problem? In my opinion, the answer lies within the following Tony Robbins quote, “Complexity is the enemy of execution”. Organizations view cybersecurity as a problem too complex to combat and solutions too cost prohibitive to practice. In the midst of National Small Business week, it’s only appropriate to talk about building a solid cybersecurity foundation through cost-effective practice pointers. Building a Solid Foundation What if I told you the secret to cybersecurity isn’t all about industrial firewalls and around the clock threat monitoring but a foundational methodology built on easy-to-use principles. If you’re skeptical, take the word of my friend and former FBI agent and cybersecurity expert (and newly minted author) Scott Augenbaum. “90% of the […]

Continue Reading

ABA Warns Lawyers That Data Breaches Raise Ethical Issues


[social_warfare]

The phrase “looking back to the past with an eye on the future” is one that could adequately describe the legal profession’s current attitude towards technological innovation. An industry historically reliant on antiquated methodologies and formal training now has little choice but to embrace the current “Golden Age” of technology. This technological evolution in law is no more readily apparent than in the dramatic changes to legal research (out with the case reporters and in with Westlaw & LexisNexis), writing (“to put pen to paper” now replaced by “to affix fingers to keyboard”), and file retention (goodbye Bankers boxes, hello cloud storage). With such technological advancement comes innumerable challenges to one of, if not, the most important ethical obligations of an attorney – the protection of client information. The American Bar Association’s Standing Committee on Ethics and Professional Responsibility (“the Committee”) emphasized this point through the  formal guidance issued at […]

Continue Reading

State Attorneys General: The New Iron Fist of Data Protection and Privacy


[social_warfare]

As high-profile data breaches continue to befall major companies, a flurry of actions by state Attorneys General — not that of Congress nor the Federal Trade Commission — continue to land the biggest data protection punches. Recent breaches suffered by Target, Uber, and Neiman Marcus have produced multi-state lawsuits from all over the country. This all begs the question: Is state data protection and privacy enforcement just a passing trend or here to stay? On What Authority? State Attorneys General act as key consumer protection advocates, wielding authority over data privacy through state consumer protection laws (often referred to as Unfair or Deceptive Acts or Practices, or UDAP, laws). These UDAP laws act as miniature versions of the FTC Act but feature one very important distinction with respect to punitive measures. While the FTC’s pursuit of civil penalties is a painstaking and circuitous process, UDAP laws provide a much more […]

Continue Reading

SEC Continues to Urge Companies to Prioritize Cybersecurity Through Section 21(a) Report


[social_warfare]

In a new investigative report[1] released this week, the Securities and Exchange Commission (“SEC”) again stressed the need for public companies to prioritize cybersecurity measures. The SEC’s Report signifies the agency’s ongoing emphasis of cybersecurity initiatives this year. For those of you keeping track at home (as I know so many of you are), 2018 thus far has seen the SEC put out interpretive guidance for public companies on cybersecurity disclosure requirements (I wrote about it here) and initiate its first enforcement action against a registered investment-adviser over a violation of the Identity Theft Red Flags Rule. This proactive approach is indicative of the belief put forth by Chairman Jay Clayton earlier this year that “cybersecurity is critical to the operations of companies and our markets,” and as such, calls for the SEC to “continue to evaluate developments in this area and consider feedback about whether any further guidance or […]

Continue Reading