- U.S. organizations wishing to import data from EU subjects will be subject to much more “robust” privacy protocols
- Final approval still faces hurdles
The EU-U.S. Safe Harbor Framework (“Safe Harbor”) has provided companies on both sides of the Atlantic an efficient means to transfer personal information to and from the EU and the U.S. Recently, however, the Safe Harbor has come under attack. EU officials have opined that modern U.S. policy has eroded protections afforded under the Safe Harbor, resulting in the Safe Harbor no longer offering “adequate” protection as required by the EU Data Protection Directive 95/46/EC (“EU Directive”). Most recently, and perhaps the most concerning, is the opinion from Advocate General Yves Bot of the European Court of Justice (“ECJ”), whereby Bot recommended the Safe Harbor be declared invalid.
The well-publicized cyber-attack on Anthem, Inc.’s information technology system may require employers to take prompt action to protect the rights of their health plan participants. Although neither the scope nor the cause of the security breach has yet been determined, the attack has been described as both “massive” and “sophisticated.”
As we wrote yesterday, President Obama has called for legislation (the Personal Data Protection and Privacy Act) that will require notice of a data breach within 30 days of discovery by your company.
In November we discussed the standards in place for whether and when a consumer must be notified of a data breach. The current answer is that almost all states have laws requiring notification, but the format and timing of the notification vary from state to state.
Data breaches have become a phenomenon of late—with news seemingly breaking everyday on the latest victim and the potential harm to consumers. Often overlooked, however, is the impact that each new data breach has on banks.
Among the many data security and breach laws that exist, covered health care providers and health plans must also contend with the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
Cyber attacks are not only increasingly prominent, but are also increasingly costly. The financial impact of a data breach averages $10 million per occurrence. Data breach insurance coverage may help ameliorate these financial consequences and constitutes a vital part of a comprehensive data security strategy.
In our last post, we discussed how to minimize your risk of a data breach. But what do you do if and when a data breach occurs? How will you know when to send a notification? Today, we’ll discuss just that.
Data breaches are becoming an everyday occurrence. Just ask The Home Depot, Target and Schnuck’s. The number of companies reporting a data breach increased over 30% in the past two years. Experts agree that every company is susceptible to data breaches, and that it is not a question of if but when it will happen.