Late last week, the HHS Office for Civil Rights (OCR) published guidance designed to help health care providers understand when, consistent with the HIPAA Privacy Rule, they may share information related to a patient’s mental health with others. As we have previously written, HHS seeks to balance a patient’s privacy rights in mental health records […]
FTC Denies LabMD’s Motion to Dismiss
The FTC – in a decision that should surprise no one – refused to dismiss its administrative complaint (“Complaint”) against LabMD. This case – like the FTC’s case against Wyndham Worldwide – illustrates the continuing fight regarding the scope of the FTC’s power for regulate inadequate data security practices. In particular, this decision is important because it […]
Complimentary Seminar – Payment Card Breaches: How to Prepare, How to Survive – March 5, 2014
Please join Alston & Bird, Dell SecureWorks and AIG for a discussion on how to prepare for and respond to payment card breaches. Recent payment card breaches in the retail industry have highlighted the need to fully prepare for similar types of attacks, both in terms of increasing security controls where appropriate and enhancing incident […]
NIST releases final Cybersecurity Framework
The National Institute of Standards and Technology (“NIST”) has released the final version of the much-anticipated Framework for Improving Critical Infrastructure Cybersecurity (the “Framework”). The Framework was developed by NIST at the direction of President Obama’s February 12, 2013, Executive Order 13636, “Improving Critical Infrastructure Cybersecurity” (the “Executive Order”). The Framework largely retains the structure […]
FTC Settles With Children’s Entertainment Company Over Safe Harbor Lapse
February 11, 2014 – The FTC today announced a proposed settlement with Fantage.com Inc., a children’s online entertainment company that allegedly misrepresented its adherence to the U.S.-European Union Safe Harbor Framework (the “Framework”). According to the FTC’s complaint, Fantage made statements in the privacy policy its website that it followed the privacy principles of the Framework, when […]