Privacy Compliance & Data Security Blog

http://dataprivacy.foxrothschild.com/

Mark is an author of the firm's Privacy Compliance & Data Security Blog. This blog helps readers navigate through the policies and best practices of data breach response and covers topics such as compliance with data protection laws and regulatory enforcement and litigation as well.

Recent Blog Posts

  • Villanovans in Healthcare VIRTUAL Spring Speaker Series – DATA PRIVACY AND DIGITAL TRANSFORMATION I was lucky enough to participate in an excellent panel of healthcare professionals discussing how COVID-19 has impacted medical technology, methods of treatment and research, and patient privacy rights. If you are concerned with contract tracing applications, or what governments, employers, or private companies may be doing with data from contact tracing applications, we also had a terrific discussion on those topics. Sign up at this link and you will receive a link to the webinar once it is edited and produced. About... More
  • FEMA Issues Planning Exercise Starter Kit for Businesses Preparing to Resume Operations The Federal Emergency Management Agency has published its “Exercise Starter Kit for Workshop on Reconstituting Operations,” which is available here. This excellent resource will get many businesses started as they prepare to resume limited or full operations, but entities should also be careful to address any safety, privacy and insurance issues (to name a few) with their counsel. The kit, issued May 12, includes sample documents organizations can use to conduct their own planning workshops or tabletop exercises on returning to normal operations as well... More
  • FTC Issues Tips for Consumers to Avoid COVID-19 Financial Relief Payment Scams Responding to recent reports that the U.S. Government may send payments by check or direct deposit to Americans in the near future to offset some of the economic damage done by the COVID-19 outbreak, the Federal Trade Commission has offered a list of three important tips consumers should keep in mind to avoid getting scammed. These are worth reviewing and sharing with employees, family members, and friends. The logistics of any coronavirus relief package are still being worked out, but here are... More
  • Time To Update Your Data Breach Notification Practices Strong data encryption is a best practice, but according to new guidance from the UK’s data protection authority, it may not exempt you from General Data Protection Regulation (GDPR) notification requirements if you suffer a breach. That’s a significant departure from most U.S. federal and state data privacy rules. Our Privacy & Data Security team explains the steps you should take now to stay in compliance with both sets of regulations in this new alert.... More
  • Is Your Business in Compliance with the Illinois Biometric Information Privacy Act A number of employers in Illinois are involved in pending class action litigation regarding violations of the Illinois Biometric Information Privacy Act, 740 ILCS 14/1, et seq. (the “BIPA”). The BIPA, which was enacted in 2008, addresses the collection, use and retention of biometric information by private entities. Any information that is captured, stored, or shared based on a person’s biometric identifiers, such as fingerprints, iris scans, or blood type, is considered “biometric information.” The Illinois Legislature enacted the BIPA... More
  • Upcoming CLE (Chicago): Staying One Step Ahead: Developments in Privacy and Data On Tuesday, November 7th from 2:00 to 6:30, Fox Rothschild and Kroll will be presenting the CLE: Staying One Step Ahead: Developments in Privacy and Data.  The CLE will take place at Fox Rothschild’s offices at 353 N. Clark Street in Chicago.  The speakers are Bill Dixon from Kroll, and Dan Farris and Mark McCreary from Fox Rothschild.  Cocktails and networking will follow the presentations. If you are in the Chicago are on November 7th, I hope you will join us.  Click here... More
  • Upcoming Webinar: Can’t Touch That: Best Practices for Health Care Workforce Training on Data Security and Information Privacy Elizabeth Litten (Fox Rothschild Partner and HIPAA Privacy & Security Officer) and Mark McCreary (Fox Rothschild Partner and Chief Privacy Officer) will be presenting at the New Jersey Chapter of the Healthcare Financial Management Association on August 30, 2017, from 12:00-1:00 pm eastern time.  The presentation is titled: “Can’t Touch That: Best Practices for Health Care Workforce Training on Data Security and Information Privacy.” This webinar is a comprehensive review of information privacy and data security training, with an emphasis on... More
  • CMS Suggests Five Ways for Healthcare Providers to Prepare for New Medicare Cards Eric Bixler has posted on the Fox Rothschild Physician Law Blog an excellent summary of the changes coming to Medicare cards as a result of the Medicare Access and CHIP Reauthorization Act of 2015.  Briefly, Centers for Medicare and Medicaid Services (“CMS”) must remove Social Security Numbers (“SSNs”) from all Medicare cards. Therefore, starting April 1, 2018, CMS will begin mailing new cards with a randomly assigned Medicare Beneficiary Identifier (“MBI”) to replace the existing use of SSNs.  You can... More
  • After the “WannaCrypt / WannaCry / WCry” Malware, Microsoft Pushes Update to Current and Unsupported Versions of Windows Yesterday we witnessed new ransomware spread across the world with incredible speed and success, bringing businesses to their knees and home users learning for the first time about ransomware and why computer backups are so important. With over 123,000 computers infected, experts believe the “WannaCrypt/WannaCry/WCry” attacks have stopped after researchers registered a domain that the software checks before encrypting.  However, nothing is stopping someone from revising the software to not require that check and releasing it into the wild.  In other... More
  • $2.5 Million Settlement Shows That Not Understanding HIPAA Requirements Creates Risk In one of the best examples we have ever seen that it pays to be HIPAA compliant (and can cost A LOT when you are not), the U.S. Department of Health and Human Services, Office for Civil Rights, issued the following press release about the above settlement.  This is worth a quick read and some soul searching if your company has not been meeting its HIPAA requirements. FOR IMMEDIATE RELEASE  April 24, 2017 Contact: HHS Press Office  202-690-6343  [email protected]  $2.5 million settlement shows that not understanding HIPAA... More