Blog

Privacy Compliance & Data Security Blog

Privacy compliance and electronic data security affect almost every business. Data breach prevention is essential. Fox Rothschild's Privacy Compliance & Data Security Blog will help readers navigate through the policies and best practices of data breach response. The Blog covers topics including compliance with data protection laws and regulatory enforcement and litigation as well.

Recent Blog Posts

  • It’s Not About the Money: Prepare for “Destruction of Service” Attacks Computer networking giant Cisco says the recent WannaCry and Petya/NotPetya incidents signal the advent of a new generation of cyberattacks that is aimed more at mass disruption than financial gain. The new breed of “Destruction of Service” attacks will only grow more sophisticated and potent, the company says in its Cisco 2017 Midyear Cybersecurity Report. The report warns that cybercriminals “now have the ability—and often now, it seems, the inclination—to lock systems and destroy data as part of their attack process.” The report, released July... More
  • Hurricane Cyber? Insurers Confront Unpredictable Data Breach Costs Venerable insurer Lloyd’s of London says a global cyber attack on a major provider of cloud services could carry costs of up to $53 billion, reports Data Breach Today. That’s a hefty price tag that explains the rising demand for cyber insurance. It also sheds light on why insurers are proceeding extremely carefully. The costs of a major data breach can be significant and difficult to predict. To help define the level of exposure, Lloyd’s worked with cyber consultant Cyence to produce a new... More
  • Good Cyber Help Is Hard To Find Copyright: Tawatdchai Muelae / 123RF Stock Photo Cybersecurity positions are increasingly difficult to fill and the long-term prospects for the industry don’t appear to be getting any brighter, Ericka Chickowski warns at the blog DARKReading. More than 25 percent of organizations take six months or longer to fill priority positions, she reports in “Desperately Seeking Security: 6 Skills Most In Demand.” By 2022, Chickowski notes, there will be a global shortfall of cybersecurity workers of 1.8 million people, according to the Global... More
  • FTC Eyeing Privacy and Security of Connected Cars Acting Federal Trade Commission (FTC) Chairman Maureen K. Ohlhausen made it clear that she expects the FTC’s enforcement role in protecting privacy and security to encompass automated and connected vehicles. In her opening remarks at a June 28, 2017 workshop hosted by the FTC and National Highway Traffic Safety Administration (NHTSA), she said the FTC will take action against manufacturers and service providers of autonomous and connected vehicles if their activities violate Section 5 of the FTC Act, which prohibits... More
  • Alert: Answers About the Most Recent Worldwide Ransomware Attack Yesterday, a massive ransomware attack now known as “Petya” spread across the globe in a similar fashion to the WannaCry cyberattack in May. In an Alert today, Fox Chief Privacy Officer and Partner Mark McCreary breaks down what we know about the attack, how to address it if your organization falls victim to it, and how to minimize the risks of future attacks: Yesterday’s worldwide cyberattack once again exploited a vulnerability that has been known to experts for many months. These attacks are... More
  • CMS Suggests Five Ways for Healthcare Providers to Prepare for New Medicare Cards Eric Bixler has posted on the Fox Rothschild Physician Law Blog an excellent summary of the changes coming to Medicare cards as a result of the Medicare Access and CHIP Reauthorization Act of 2015.  Briefly, Centers for Medicare and Medicaid Services (“CMS”) must remove Social Security Numbers (“SSNs”) from all Medicare cards. Therefore, starting April 1, 2018, CMS will begin mailing new cards with a randomly assigned Medicare Beneficiary Identifier (“MBI”) to replace the existing use of SSNs.  You can... More
  • Fox Partner Scott Vernick Appears on Cheddar To Discuss GDPR Compliance Issues On June 14, Fox Partner Scott Vernick appeared on live-streaming financial news network Cheddar to provide background information on the European Union’s General Data Protection Regulation, which goes into effect on May 25, 2018. To comply with the new privacy rules, companies that provide online services to residents of the EU will be required to obtain documented “hard consent” from customers before processing and storing their data. For many American companies, this is a significant shift. Scott outlines the high stakes for companies... More
  • Washington State Passes Law Restricting Commercial Collection, Storage and Use of Biometric Data On July 23, 2017, Washington State will become the third state (after Illinois and Texas) to statutorily restrict the collection, storage and use of biometric data for commercial purposes. The Washington legislature explained its goal in enacting Washington’s new biometrics law: The legislature intends to require a business that collects and can attribute biometric data to a specific uniquely identified individual to disclose how it uses that biometric data, and provide notice to and obtain consent from an individual before enrolling... More
  • After the “WannaCrypt / WannaCry / WCry” Malware, Microsoft Pushes Update to Current and Unsupported Versions of Windows Yesterday we witnessed new ransomware spread across the world with incredible speed and success, bringing businesses to their knees and home users learning for the first time about ransomware and why computer backups are so important. With over 123,000 computers infected, experts believe the “WannaCrypt/WannaCry/WCry” attacks have stopped after researchers registered a domain that the software checks before encrypting.  However, nothing is stopping someone from revising the software to not require that check and releasing it into the wild.  In other... More
  • $2.5 Million Settlement Shows That Not Understanding HIPAA Requirements Creates Risk In one of the best examples we have ever seen that it pays to be HIPAA compliant (and can cost A LOT when you are not), the U.S. Department of Health and Human Services, Office for Civil Rights, issued the following press release about the above settlement.  This is worth a quick read and some soul searching if your company has not been meeting its HIPAA requirements. FOR IMMEDIATE RELEASE  April 24, 2017 Contact: HHS Press Office  202-690-6343  [email protected]  $2.5 million settlement shows that not understanding HIPAA... More