TikTok Slapped with €345 Million Fine for Child Privacy Violations
Sep18

TikTok Slapped with €345 Million Fine for Child Privacy Violations

The Data Protection Commission (DPC) in Ireland has fined TikTok €345 million ($368 million) for multiple violations of the General Data Protection Regulation (GDPR) related to the processing of children’s personal information and other child privacy issues. The DPC initiated an investigation of TikTok to determine if the company was fulfilling its obligations under the GDPR to protect the privacy of child users of the platform. The...

Read More

HHS Publishes New Resources for Improving Healthcare Cybersecurity

The Health Sector Coordinating Council Cybersecurity Working Group and the HHS 405(d) Program have published three additional resources for the healthcare sector to help them manage cybersecurity risks. Hacking incidents at healthcare organizations have increased sharply in recent years and data breaches are being reported at extremely high levels. For the past two years, around 700 large data breaches have been reported by...

Read More
Meta Facing Class Action Lawsuit over Use of Health Data for Serving Targeted Advertisements
Aug02

Meta Facing Class Action Lawsuit over Use of Health Data for Serving Targeted Advertisements

Another lawsuit has been filed against Meta by a patient who claims her private healthcare information was collected without consent and was used to serve targeted advertisements related to her medical condition. The plaintiff, Jane Doe, was a patient of UCSF Medical Center and the Dignity Health Medical Foundation, who have also been named in the lawsuit. The case stems from the inclusion of Meta Pixel on web pages behind a login on...

Read More
Guidance on HIPAA and Telehealth for When the COVID-19 Public Health Emergency Ends
Jun14

Guidance on HIPAA and Telehealth for When the COVID-19 Public Health Emergency Ends

The U.S. Department of Health and Human Services has issued guidance on HIPAA and Telehealth to help healthcare organizations ensure compliance when the COVID-19 Public Health Emergency (PHE) comes to an end. The Health Insurance Portability and Accountability Act (HIPAA) does not prevent healthcare organizations from providing telehealth services, although it does place certain restrictions on the technologies that can be used, and...

Read More
Agreement In Principle Reached Between EU and US on Replacement for EU-US Privacy Shield
Mar29

Agreement In Principle Reached Between EU and US on Replacement for EU-US Privacy Shield

The EU and US have an agreement in principle on a framework to replace the EU-US Privacy Shield, which was invalidated by the Schrems II judgment as it was determined to violate the principles of the EU General Data Protection Regulation (GDPR). The EU-US Privacy Shield is a legal framework regulating exchanges of data for commercial purposes between the European Union and the United States. Companies relied on this framework when...

Read More
United States Data Protection and Privacy Laws
Mar25

United States Data Protection and Privacy Laws

Although not the first state law to address data protection and consumer privacy, the passage of the California Consumer Privacy Act (CCPA) made the headlines in 2018 due to being closely modeled on the EU´s General Data Protection Regulation (GDPR). The CCPA requires organizations with revenues of more than $50 million, organizations that buy, receive, or share the personal data of more than 100,000 Californian residents or...

Read More
Updated Security Risk Assessment Tool Released by HHS
Sep12

Updated Security Risk Assessment Tool Released by HHS

An updated version the Department of Health and Human Services’ Office for Civil Rights (OCR) Security Risk Assessment (SRA) Tool has now been released. The Office of the National Coordinator for Health Information Technology (ONC) developed the tool with the assistance of OCR in order to help small- to medium-sized healthcare suppliers comply with the security risk assessment requirements of the HIPAA Security Rule and the Centers...

Read More
Ireland Facebook Ordered to Stop Data Transfers to US by Irish DPO
Sep11

Ireland Facebook Ordered to Stop Data Transfers to US by Irish DPO

A preliminary order has been handed down by Ireland’s Data Protection Commission (DPC) ordering Facebook to stop sending personal data transfers from Ireland to the United States. This order is a result of the European Union Court ruling in July, referred to as Schrem II, that stated it is illegal for any personal data being transferred from the EU to the US if it can be monitored by US government agencies or federal authorities. What...

Read More
TikTok Data Management Being Investigated by CNIL in France
Aug15

TikTok Data Management Being Investigated by CNIL in France

It has been revealed that the data protection authority in France, the CNIL, is about to review the data operations of TikTok. TikTok has been trying to appoint the Data Protection Commission (DPC) in Ireland as its lead authority in Europe. It has done so by establishing a base in Ireland to manage private data for EU-based users. Due to this the group believes that the investigation in France may be deemed invalid. The DPC is...

Read More
COVID19 Pandemic Leads to Massive Increase in WHO Cyberattacks
Mar24

COVID19 Pandemic Leads to Massive Increase in WHO Cyberattacks

It has been revealed that the World Health Organization has suffered a surge in the number of hacking attempts on its databases in the last month as a result of the COVID-19 Pandemic. Chief Information Security Officer for the WHO, Flavio Aggio, issued a statement that said a large number of fraudulent WHO web pages have been discovered that have been created to trick people into handing over personal information. The purpose of the...

Read More
Facebook Data Gathering Reined in by German Facebook Ruling
Feb13

Facebook Data Gathering Reined in by German Facebook Ruling

Recently he German antitrust body, Bundeskartellamt, released a decision dictating that the way Facebook obtains, links, authors and uses data in user accounts is an unfair advantage it leverages due to its dominant market position. This ruling comes after a three-year long investigation into Facebook’s business methods by the Bundeskartellamt. Facebook account holders must, under the terms of service, give their consent to have...

Read More
Breach Notification Act Passed by Alabama State Senate
Mar09

Breach Notification Act Passed by Alabama State Senate

The Alabama Data Breach Notification Act (Senate Bill 318) has been sent for consideration to the House of Representatives after the Alabama Senate last week unanimously passed it. Alabama is one of the two remaining states still yet to introduce legislation that requires companies to send notifications to people whose personal information is accessed in data breaches. South Dakota, the other state yet to introduce legislation, is...

Read More
IT Governance, Cyber Security Policies and Defenses Highlighted in ISACA Research
Oct19

IT Governance, Cyber Security Policies and Defenses Highlighted in ISACA Research

According to the findings of recent research carried out by Information Systems Audit and Control Association (ISACA), cyber security and defenses pose the largest challenges to corporate governance. Boards of directors and team leaders have also failed to implement an ideal correlation between business and information technology targets. 69% of the respondents in the survey stated that they feel believe that there is no of connection...

Read More