Move over HIPAA…the health privacy landscape may be in for a shakeup. On November 4, 2025, Senator Bill Cassidy, M.D. (R-LA) introduced the Health Information Privacy Reform Act (HIPRA), a bill aimed at closing a gap in health data protections. HIPAA … [Read more] about Closing the Privacy Gap: HIPRA Targets Health Apps and Wearables
Since the HHS Office for Civil Rights’ (OCR) publication of a proposed rule to overhaul the HIPAA Security Rule in January 2025, many in the health care and privacy community have wondered whether the rule would quietly fade away. Some even hoped it … [Read more] about HIPAA Security Rule: Still on Track for Finalization
The United Kingdom’s National Cyber Security Centre (NCSC) has released its Annual Review for 2025. As in 2024, the report covers the UK’s cyber security position as well as the country’s readiness to deal with those threats. A copy of NCSC’s report … [Read more] about UK’s National Cyber Security Centre Releases 2025 Annual Review
On October 21, 2025, the New York Department of Financial Services (“NYDFS”) published an Industry Letter (the “Letter”) outlining guidance on managing risks related to third-party service providers (“TPSPs”). NYDFS recognizes that as covered … [Read more] about NYDFS Issues Guidance on Managing Risks Related to Third-Party Service Providers
Effective January 1, 2026, new legislation in California and Oklahoma will introduce important updates to each state’s breach notification requirements. These changes may significantly impact breach response obligations for businesses operating in or … [Read more] about Key Breach Notification Updates in California and Oklahoma for 2026