Tag Archives: Data Security

Boosts in Ransomware Attacks Spark Multiple Government Agency Responses

Following a recent U.S. government interagency report indicating that, on average, there has been an alarming 300 percent spike in daily ransomware attacks since early 2016 as compared with 2015, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) released new Health Insurance Portability and Accountability Act (“HIPAA”) guidance on … Continue Reading

What Brexit Means for Data Protection

For global pharmaceutical and medical device companies handling personal data in the European Union (EU) or engaged in transatlantic data transfers, some of the many questions created by the Brexit vote include what its impact will be on the United Kingdom’s (UK) data protection laws. These questions also arise in the context of the EU’s … Continue Reading

Appeals Court Decision is Positive News for Health Companies Concerned About Cyberliability Coverage

In a ruling particularly meaningful to health care companies, who are responsible for patients’ protected, personally-identifiable information, the U.S. Court of Appeals recently upheld a lower court’s decision finding coverage under a healthcare company’s comprehensive general liability (CGL) policy.  When the health care company inadvertently made certain confidential medical records accessible to the public online … Continue Reading

Expect Increased State AG Enforcement Actions on Health Data Incidents

Businesses working with U.S. customer or employee data are very familiar with the roles the Federal Trade Commission (FTC), U.S. Department of Health and Human Services, and other federal agencies play in privacy regulation and enforcement. But, increasingly, if your company ends up facing a health – or other data – incident, you may find … Continue Reading

Privacy Shield Details Have Been Revealed: Here’s What Companies Need to Know

The European Commission has published its draft adequacy decision on the EU-U.S. Privacy Shield, the proposed data transfer framework that would replace the defunct Safe Harbor program. The draft adequacy decision formally supports the view that the proposed EU-U.S. Privacy Shield will ensure an adequate level of protection for the transfer of personal data from … Continue Reading

Obama Signs Judicial Redress Act (JRA) – Another Step on the Way to Securing EU-U.S. Data Flows

President Obama signed the U.S. Judicial Redress Act (JRA) into law on 24 February 2016, giving European citizens the same right as U.S. citizens to bring actions against the U.S. government if their personal data are misused. While the JRA is not a formal prerequisite to finalizing the EU-U.S. Privacy Shield transatlantic data-sharing framework, it’s … Continue Reading

What the “EU-U.S. Privacy Shield,” the New Safe Harbor, Means for Your Business

European Union and United States authorities have announced the “EU-U.S. Privacy Shield,” a new transatlantic data transfer framework to replace Safe Harbor, which was invalidated by the European Court of Justice in October in Maximillian Schrems v. Data Protection Commissioner (C-362-14). Since this issue has clear implications for our pharmaceutical and medical device clients, we’ve … Continue Reading

Current State of “Safe Harbor 2.0” And Steps Your Business May Need to Take

Last year, the European Court of Justice issued a judgment invalidating the safe harbor framework for US-EU data sharing, creating uncertainty and a number of questions about what is, and is not, permissible when sharing data involving personal information across borders. The Safe Harbor decision has clear implications for our pharmaceutical and medical device clients, … Continue Reading

Russia to Increase Data Audits in 2016 With Data Localization Law & More News on The EU’s Safe Harbor Ruling

Russia announced its plan to increase data localization audits in 2016 pledging to conduct around 1,000 data localization compliance audits and 2,000 monitoring procedures, under Russia’s data protection authority, the Roskomnadzor. This stems from Russia’s data localization law which came into effect September 1, 2015, requiring that all companies that collect or process personal data … Continue Reading

U.S.-EU Safe Harbor Framework for Data Sharing

Exactly one month after the Court of Justice of the European Union (CJEU) released its judgment in Maximillian Schrems v Data Protection Commissioner (C-362-14), the European Union released a Communication discussing the implications of their decision on data sharing involving personal information. This topic is no stranger to the blog, as we’ve posted about it … Continue Reading

Synopsis of Safe Harbor Guidance Issued by European Union Data Protection Authorities

Data privacy issues in the European Union seem to be a reoccurring theme here on the blog, following Court of Justice of the European Union’s judgment in Maximillian Schrems v Data Protection Commissioner (C-362-14)  on October 6. We’ve posted about it here and also had a recent Reed Smith Client Alert here. Last week, European … Continue Reading

Upcoming Reed Smith Webinar on Cross-Border E-Discovery & New Ruling Regarding the US-EU Safe Harbor Framework

The Reed Smith Life Sciences Health Industry (LSHI) Group will be hosting an upcoming webinar “Cross-Border E-Discovery & New Ruling Regarding the US-EU Safe Harbor Framework” on November 24, 2015 from 9:00 a.m. PT, 12:00 p.m. ET, 5:00 p.m. GMT until 10:00 a.m. 1:00 p.m. ET, 6:00 p.m. GMT. Reed Smith presenters including London based … Continue Reading

FAQs Regarding the Safe Harbor Ruling

As you know, data privacy issues in the European Union are still fresh in the news, given the recent changes outlined in the Safe Harbor decision; we’ve written about it here, here and here. A recent Reed Smith Client Alert outlines frequently asked questions on what businesses need to know now in lieu of the … Continue Reading

Upcoming Reed Smith Webinar on European Union’s Safe Harbor Ruling

As previously discussed here and here the Court of Justice of the European Union (CJEU) handed down its judgment in Maximillian Schrems v Data Protection Commissioner (Case C-362/14)  that the Safe Harbor Decision no longer provides adequate protection for data transferred between the EU and the U.S. In light of this ruling, Reed Smith will be … Continue Reading

Court Justice of the European Union Rules Safe Harbor Decision Invalid

In a decision with significant potential ramifications for flows of personal data from the European Union to the United States, the Court of Justice of the European Union (CJEU) handed down its judgment in Maximillian Schrems v Data Protection Commissioner (Case C-362/14) that the Safe Harbor Decision no longer provides adequate protection for data transferred between … Continue Reading

Cybersecurity Concerns for Medical Device Companies: A Risk Mitigation Checklist

Cybersecurity issues are nothing new to those operating in the health care industry. But while these issues have most commonly been faced by hospitals and health care providers, medical device companies must now take note. As reported recently in the news, medical devices have increasingly become the targets for cybersecurity breaches, given the information contained … Continue Reading

The Legal 500 United States Names Reed Smith ‘Data Protection and Privacy: 2015 Firm of the Year’

Reed Smith’s Information Technology Privacy & Data Security Group has been doing phenomenal work for years, linking experienced cybersecurity and privacy professionals with veteran intellectual property litigators, information governance advisors, technology contracting specialists and others with a similar data-oriented perspective.  And now it has been recognized by The Legal 500 United States as its ‘Data Protection … Continue Reading

First Steps for GCs in Assessing a Data Breach

When a data breach is discovered by a company, it is often the responsibility of the company’s in-house counsel to swiftly assess the breach and provide an initial report to company management. There are several steps that in-house counsel should follow if faced with a breach to allow for an adequate assessment that company management can use. As noted … Continue Reading

Amidst Increasing Security Concerns, Medicare to Drop Social Security Numbers from Cards

Last week, President Obama signed into law a bill that will eradicate Social Security Numbers (SSNs) from all Medicare beneficiary cards over the next eight years. Medicare has four years to begin issuing cards with new identifiers, and four years after that to reissue cards to current beneficiaries. The removal of SSNs from the cards is not only expected to decrease the risks associated with identity theft for Medicare beneficiaries, but also Medicare's risk of exposure associated with breaches of protected health and personal information under HIPAA and state privacy laws.… Continue Reading

State Attorneys General Address Data Privacy and Security Issues

State attorneys general across the United States have taken recent action towards addressing data privacy and security issues. In Connecticut, the attorney general announced the establishment of a Privacy and Data Security Department to handle investigations and litigation relating to data privacy and security. This month's National Association of Attorneys General (NAAG) Southern Region Meeting featured presentations on big data, cybersecurity, cloud computing and data breaches, and next month's NAAG presidential initiative summit will address topics such as intellectual property theft, cloud computing and digital currency. Finally, Washington's attorney general has proposed several amendments to expand the scope of that state's data breach notification requirements.… Continue Reading

FTC Offers Privacy and Security Guidance for Medical Devices in ‘Internet of Things’ Report

On January 27, the Federal Trade Commission (FTC) issued a 71-page Staff Report on privacy and security issues with the Internet of Things (IoT) - the growing ability of everyday devices to monitor and communicate information through the Internet. The Staff Report - which follows up on the FTC's public workshop over concerns with the IoT, as well as the FTC's first enforcement action brought in September 2013 - is especially relevant in the life sciences industry, which may see potentially revolutionary advances as a result of the IoT.… Continue Reading
LexBlog