Privacy Compliance & Data Security Blog

http://dataprivacy.foxrothschild.com/

Mark is an author of the firm's Privacy Compliance & Data Security Blog. This blog helps readers navigate through the policies and best practices of data breach response and covers topics such as compliance with data protection laws and regulatory enforcement and litigation as well.

Recent Blog Posts

  • Upcoming Webinar: Can’t Touch That: Best Practices for Health Care Workforce Training on Data Security and Information Privacy Elizabeth Litten (Fox Rothschild Partner and HIPAA Privacy & Security Officer) and Mark McCreary (Fox Rothschild Partner and Chief Privacy Officer) will be presenting at the New Jersey Chapter of the Healthcare Financial Management Association on August 30, 2017, from 12:00-1:00 pm eastern time.  The presentation is titled: “Can’t Touch That: Best Practices for Health Care Workforce Training on Data Security and Information Privacy.” This webinar is a comprehensive review of information privacy and data security training, with an emphasis on... More
  • CMS Suggests Five Ways for Healthcare Providers to Prepare for New Medicare Cards Eric Bixler has posted on the Fox Rothschild Physician Law Blog an excellent summary of the changes coming to Medicare cards as a result of the Medicare Access and CHIP Reauthorization Act of 2015.  Briefly, Centers for Medicare and Medicaid Services (“CMS”) must remove Social Security Numbers (“SSNs”) from all Medicare cards. Therefore, starting April 1, 2018, CMS will begin mailing new cards with a randomly assigned Medicare Beneficiary Identifier (“MBI”) to replace the existing use of SSNs.  You can... More
  • After the “WannaCrypt / WannaCry / WCry” Malware, Microsoft Pushes Update to Current and Unsupported Versions of Windows Yesterday we witnessed new ransomware spread across the world with incredible speed and success, bringing businesses to their knees and home users learning for the first time about ransomware and why computer backups are so important. With over 123,000 computers infected, experts believe the “WannaCrypt/WannaCry/WCry” attacks have stopped after researchers registered a domain that the software checks before encrypting.  However, nothing is stopping someone from revising the software to not require that check and releasing it into the wild.  In other... More
  • $2.5 Million Settlement Shows That Not Understanding HIPAA Requirements Creates Risk In one of the best examples we have ever seen that it pays to be HIPAA compliant (and can cost A LOT when you are not), the U.S. Department of Health and Human Services, Office for Civil Rights, issued the following press release about the above settlement.  This is worth a quick read and some soul searching if your company has not been meeting its HIPAA requirements. FOR IMMEDIATE RELEASE  April 24, 2017 Contact: HHS Press Office  202-690-6343  media@hhs.gov  $2.5 million settlement shows that not understanding HIPAA... More
  • Don’t Get Caught in ‘Phishing Season’ With tax season in full swing, a different season is impacting businesses across all industries: “phishing season.” Copyright: fberti / 123RF Stock Photo “Phishing” or “spear phishing” refers to cyberattack scams that target certain individuals within an organization with the hope of gaining access to valuable information. These scams take advantage of the busy tax season, the desire to promptly respond to purported upper management and social engineering employees in order to target and trick only employees with immediate access to sensitive employee... More
  • The Data is In… Privacy Internet Lawsuits are Out The “new age” of internet and dispersed private data is not so new anymore but that doesn’t mean the law has caught up.  A few years ago, plaintiffs’ cases naming defendants like Google, Apple, and Facebook were at an all-time high but now, plaintiffs firms aren’t interested anymore.  According to a report in The Recorder, a San Francisco based legal newspaper, privacy lawsuits against these three digital behemoths have dropped from upwards of thirty cases in the Northern District of... More
  • Privacy Policies Matter… Whether You Read Them Or Not New innovations come hand in hand with new privacy issues.  Privacy policies may seem like a last minute add-on to some app developers but they are actually an important aspect of an app.  Data breaches are an imminent risk and a business’s first defense to potential problems is a privacy policy. Fordham University in New York hosted its Ninth Law and Information Society Symposium last week where policy and technology leaders came together to discuss current privacy pitfalls and solutions.  Joanne... More
  • A Dream or A Nightmare? How the FCC’s Addition of Vague Robocall Rules to the TCPA May Increase Litigation and Issues for Businesses The freedom from automated calls at random hours of the evening may seem like the true American dream these days as more and more companies rely on these calls to reach out and communicate with customers.  Unfortunately, now that the Federal Communications Commission (“FCC”) voted to expand the Telephone Consumer Protection Act (“TCPA”) to include stringent yet vague restrictions on telemarketing robocalls, it may not be a dream for everyone.  In June of this year, in a 3-2 vote, the... More
  • Further Thoughts on Data Breaches and Article III Standing A recent District of Nevada ruling could cause issues for consumers in data breach class action cases moving forward.  On June 1, 2015, the court ruled that a consumer class action against Zappos.com Inc. could not proceed because the class did not state “instances of actual identity theft or fraud.”  The suit was brought as a result of a 2012 data breach where Zappos’ customers’ personal information was stolen, including names, passwords, addresses, and phone numbers.  Even though the information... More
  • Their Experience, Your New Business Guide: How Settling Over Fifty Data Security Cases has Given Rise to Key Lessons from the FTC for Businesses With 2013 being dubbed as the “Year of the Mega Breach” it comes as no surprise that the Federal Trade Commission (“FTC”), on June 30, 2015 published “Start with Security: A Guide for Businesses” to educate and inform businesses on protecting their data.  The FTC is tasked with protecting consumers from “unfair” and “deceptive” business practices and with data breaches on the rise, it has come to take that job much more seriously.  The lessons in the guide are meant... More