December 9, 2021

Volume XI, Number 343

Advertisement
Advertisement

December 08, 2021

Subscribe to Latest Legal News and Analysis

December 07, 2021

Subscribe to Latest Legal News and Analysis

December 06, 2021

Subscribe to Latest Legal News and Analysis

What We’re Reading - August 6, 2021

There is a glut of information out there regarding privacy and cybersecurity these days.  Our new feature “What We’re Reading” provides a curated list of articles, blogs, newsletters, and books that you may find interesting and helpful.

  • For healthcare providers and other HIPAA-covered entities:  News stories and Health and Human Services Office for Civil Rights (OCR) investigations abound of hackers infiltrating information systems, workforce members impermissibly accessing patients’ health information, and electronic PHI (ePHI) being left on unsecured servers.   The Summer 2021 OCR Newsletter is required reading discussing the importance (indeed, the HIPAA Security Rule requirements….) of Information Access Management and Access Control. 

  • We often discuss data retention/destruction programs with clients, and in this age of Big Data, the answer to the initial question --   how long do you retain data when you no longer actively use it? – is many times “forever.”   Recital 39 of the GDPR and the upcoming California Privacy Rights Act (CPRA) both impose limits on data retention.  In fact, by January 2023, the CPRA will affirmatively prohibit businesses from hanging on to personal information for “each disclosed purpose for which the personal information was collected for longer than is reasonably necessary for that disclosed purpose.”     Another perspective on data “hoarding”  may ring true with business stakeholders – Paul Gillin writes in Computerworld that the consequences go beyond “compliance.”

  • Ransomware – (1) NIST has published draft guidance for organizations concerning ransomware attacks.   The Ransomware Profile can help any organization seeking to implement a risk management framework that deals with ransomware threats….and every organization should be working on that.  (2) The Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security has launched StopRansomware.gov, an interagency resource that providers information regarding ransomware protection, detection, and response guidance in a single website.  It includes ransomware alerts, reports, and resources from CISA, the FBI, and other federal partners in a whole-of-government approach.

©1994-2021 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.National Law Review, Volume XI, Number 218
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Cynthia Larose, Privacy, Security, Attorney, Mintz Levin, Law Firm, electronic transactions lawyer
Member / Chair, Privacy & Cybersecurity Practice

Cynthia is a highly regarded authority in the privacy and security field and a Certified Information Privacy Professional (CIPP). She handles the full range of data security issues for companies of all sizes, from start-ups to major corporations. Cynthia is masterful at conducting privacy audits; crafting procedures to protect data; advising clients on state, federal, and international laws and regulations on information use and data security; helping organizations respond to breaches; and planning data transfers associated with corporate transactions. She is an in-...

617-348-1732
Advertisement
Advertisement
Advertisement