Monthly Archives: July 2015

Cloud Sharing Apps Scrutinized for ePHI

In a relatively short time period, the direct costs of document storage have dropped precipitously, and cloud-based document storage has become ubiquitous. Clearly, this is a wave of the future. But a recent settlement agreement between the Office of Civil Rights and a Boston area hospital should make it plain that, when it comes to electronic protected health information, mobile devices and cloud-based storage apps carry significant risk. On July 8, 2015, the U.S. Department of Health and Human Services, Office for Civil Rights and St. Elizabeth’s Medical Center entered into a settlement agreement following an investigation into a complaint …

[ CONTINUE READING ]

Somebody’s Watching You: What Are the Rules?

In 1984, Kennedy William Gordy, better known as pop artist Rockwell, released his first and ultimately biggest hit: Somebody’s Watching Me.  One can only imagine how Rockwell would have felt if the Internet was in full swing when he sang about his fears. Our behavior on the Internet is of great interest to many different people, including advertisers. They want to know what sites we visit, in part, to provide targeted ads. In other countries, it is common for governments to require that consumers opt-in to user tracking and targeting. But in the United States, several advertising industry associations, supported …

[ CONTINUE READING ]

Is a Uniform Federal Data Breach Law Really Necessary?

In June 2015, the United States Office of Personnel Management announced a massive data breach. Estimates are that the breach compromises the personal information of up to 18 million current, former and potential federal employees. This data breach joined the growing list of mega breaches that has many calling for a single, federal, uniform data breach notification law, to replace and preempt the current so-called “patchwork” of state laws that exist in all but a handful of states. On July 7, 2015, the Attorneys General of 47 states and US territories joined together in a letter to congressional leaders opposing …

[ CONTINUE READING ]

Should Feds Regulate Persistent Identifiers as Personal Information?

Recently, the Federal Trade Commission settled an action it had brought against Nomi Technologies, a provider of “in-store analytics” technology. The fact that the action was brought against Nomi to begin with, considering what Nomi does, and the 20-year consent decree that Nomi entered into with the FTC, has raised more than a few eyebrows. It has left many – including some of the FTC’s own Commissioners – wondering just what regulators are interested in when it comes to controlling information collection practices in the “information economy.” Nomi has developed and markets technology to retailers that helps to physically track …

[ CONTINUE READING ]

FFIEC Cybersecurity Assessment Tool: Not Just For Financial Institutions

On June 30, 2015, the Federal Financial Institutions Examination Council (FFIEC) released its long anticipated Cybersecurity Assessment Tool (press release here). The FFIEC is a formal interagency organization empowered to create uniform principles, standards and report forms for the federal examination of financial institutions governed by the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC) and the Consumer Financial Protection Bureau (CFPB). The Cybersecurity Assessment Tool is designed to assist all financial institutions in conducting a self-assessment of …

[ CONTINUE READING ]