A massive data breach hit one of the country’s largest education software providers. According to EducationWeek, PowerSchool provides school software
Articles Discussing Privacy And Surveillance In The Workplace.
HHS Proposed Rule Would Increase Cybersecurity Requirements for Electronic Health Data
The U.S. Department of Health and Human Services (HHS) recently released a proposed rule to better protect electronic health data from cybersecurity threats. The proposed rule would apply to health plans, healthcare providers, healthcare clearinghouses, and their business associates, such as billing companies, third-party administrators, and pharmacy benefit managers.
AI versus MFA
Ask any chief information security officer (CISO), cyber underwriter or risk manager, or cybersecurity attorney about what controls are critical for
Patient’s Request for Records Uncovers Dental Practice’s Ransomware Attack, Leading to $350K Settlement
The Indiana Attorney General Office (OAG) filed a detailed complaint on December 23, 2024 (Complaint) which arose out of the following patient complaint:
2024 Wrap-Up of the Workplace Privacy, Data Management & Security Report
As the year comes to a close here are some of the highlights from the Workplace Privacy, Data Management & Security Report with our most popular
Privacy Blizzard Expected in January as Five State Laws Take Effect
Around the country, the weather is turning wintery, but in the privacy arena, there will be a blizzard as five state comprehensive privacy laws become effective.
Here is an overview of businesses needing to prepare.
1. Delaware Personal Data Privacy Act (DPDPA)
The DPDPA takes effect on January 1, 2025.
Human Resources’ Role in Data Privacy and Cybersecurity, Part V: Ethical Obligations When Responding to a Breach of Employee Data
In today’s digital landscape, many organizations will likely face the unfortunate reality of a breach of employee data. The human resources department is the critical link between safeguarding a company’s reputation and championing employees’ data privacy rights. The first article in this series provided an overview of privacy basics. The
The CFPB Cautions Employers About Using Technology to Track, Assess, and Evaluate Workers
Employers should be mindful of whether workforce tracking technology, including AI, may provide information, such as employee performance scores, that triggers FCRA compliance. The FCRA protects both job applicants and employees. Education about basics of the FCRA is key for all employers, including in-house counsel, due to the proliferation of
Human Resources’ Role in Data Privacy and Cybersecurity, Part IV: Communicating Effectively With Employees After a Data Breach
In today’s data-driven environment, effective communication during a cybersecurity breach is crucial for maintaining employee trust and confidence. This fourth article in our five-part series on employee data privacy focuses on strategies for effectively communicating with employees after a data breach. The first article in this series provided an overview
Human Resources’ Role in Data Privacy and Cybersecurity, Part III: Five Tips for Responding to Confidentiality Incidents
In today’s digital landscape, many organizations will likely face the unfortunate reality of a data breach. This third installment of a five-part series on employee data privacy discusses five considerations for HR professionals managing an incident involving a breach of employee data, including how to navigate the situation effectively. The
Failure to Safeguard, Two Cyber Intrusions, and an $850,000 SEC Settlement
Virtually all organizations have an obligation to safeguard their personal data against unauthorized access or use. Failure to comply with such obligations can lead to significant financial and reputational harm.
In a recent settlement agreement with the SEC, a New York-based registered transfer agent, Equiniti Trust Company LLC, formerly known
Workplace Law After ‘Loper’: Will Organizations Face a Wider Regulatory Gap Between Conflicting Data Privacy and Security Laws?
The Loper Bright decision could challenge Congress in passing particular and forward-thinking data privacy and security laws.
Privacy Versus Cyber – What is the Bigger Risk?
“Cybersecurity” has emerged as one of top risks facing organizations. Considering the steady stream of massive data breaches affecting millions (sometimes billions), the debilitating effects of ransomware on an organization’s information systems, the intrigue of international threat actors, and the mobilization and collaboration of national law enforcement to thwart these
Multi-factor Authentication (MFA) Bypassed to Permit Data Breach
As organizations continue to take steps to prevent cyberattacks, a near-universal recommendation is that they should implement multi-factor authentication (MFA), and for good reason. Organizations subject to the updated FTC Safeguards Rule, for example, are required to implement MFA. The Cybersecurity & Infrastructure Security Agency (CISA) includes MFA as a
Employers Urged To Revisit Existing Privacy Policies Following Executive Order Mandating Protection Of Sensitive Personal Data
President Biden issued an Executive Order on February 28, 2024 to prevent access to U.S. Citizens’ sensitive personal