Mark G. McCreary

In one of the best examples we have ever seen that it pays to be HIPAA compliant (and can cost A LOT when you are not), the U.S. Department of Health and Human Services, Office for Civil Rights, issued the following press release about the above settlement. This is worth a quick read and some soul searching if your company has not been meeting its HIPAA requirements.
Continue Reading $2.5 Million Settlement Shows That Not Understanding HIPAA Requirements Creates Risk

The “new age” of internet and dispersed private data is not so new anymore but that doesn’t mean the law has caught up. A few years ago, plaintiffs’ cases naming defendants like Google, Apple, and Facebook were at an all-time high but now, plaintiffs firms aren’t interested anymore. According to a report in The Recorder, a San Francisco based legal newspaper, privacy lawsuits against these three digital behemoths have dropped from upwards of thirty cases in the Northern District of California i 2012 to less than five in 2015.
Continue Reading The Data is In… Privacy Internet Lawsuits are Out

New innovations come hand in hand with new privacy issues. Privacy policies may seem like a last minute add-on to some app developers but they are actually an important aspect of an app. Data breaches are an imminent risk and a business’s first defense to potential problems is a privacy policy.
Continue Reading Privacy Policies Matter… Whether You Read Them Or Not

The freedom from automated calls at random hours of the evening may seem like the true American dream these days as more and more companies rely on these calls to reach out and communicate with customers. Unfortunately, now that the Federal Communications Commission (“FCC”) voted to expand the Telephone Consumer Protection Act (“TCPA”) to include stringent yet vague restrictions on telemarketing robocalls, it may not be a dream for everyone.
Continue Reading A Dream or A Nightmare? How the FCC’s Addition of Vague Robocall Rules to the TCPA May Increase Litigation and Issues for Businesses

A recent District of Nevada ruling could cause issues for consumers in data breach class action cases moving forward. On June 1, 2015, the court ruled that a consumer class action against Zappos.com Inc. could not proceed because the class did not state “instances of actual identity theft or fraud.” The suit was brought as a result of a 2012 data breach where Zappos’ customers’ personal information was stolen, including names, passwords, addresses, and phone numbers. Even though the information was stolen, the court dismissed the case because the class could not prove that they had been materially harmed and had no other standing under Article III.
Continue Reading Further Thoughts on Data Breaches and Article III Standing

With 2013 being dubbed as the “Year of the Mega Breach” it comes as no surprise that the Federal Trade Commission (“FTC”), on June 30, 2015 published “Start with Security: A Guide for Businesses” to educate and inform businesses on protecting their data.
Continue Reading Their Experience, Your New Business Guide: How Settling Over Fifty Data Security Cases has Given Rise to Key Lessons from the FTC for Businesses

Last week we posted about A Brief Primer on the NIST Cybersecurity Framework. Our partner and HIPAA/HITECH expert Elizabeth Litten took the NIST Cybersecurity Framework and created a blog post for the HIPAA, HITECH and Health Information Technology Blog on how How the NIST Cybersecurity Framework Can Help With HIPAA Compliance: 3 Tips. For those facing any HIPAA-related issues, it is a worthwhile read.
Continue Reading How the NIST Cybersecurity Framework Can Help With HIPAA Compliance: 3 Tips

In February 2013, President Obama issued his Improving Critical Infrastructure Cybersecurity executive order, which presented a plan to decrease the risk of cyberattacks on critical infrastructure. The US Department of Commerce’s National Institute of Standards and Technology (NIST) was charged with creating the plan, which became known as the Framework for Improving Critical Infrastructure Cybersecurity (Framework). The NIST worked with over three thousand individuals and business organizations to create the Framework. The goal of the Framework is to help businesses develop cybersecurity programs within their organizations and to create industry standards for dealing with cybersecurity issues.
Continue Reading A Brief Primer on the NIST Cybersecurity Framework

With hackers on the loose, and wire transfers as a place for them to gain unauthorized access to bank accounts, it is no wonder that when it comes to potentially intercepted wires, customers and banks are playing hot potato with who to blame. Typically, banks bear the risk of loss for unauthorized wire transfers. The Electronic Fund Transfer Act (“EFTA”) for consumer accounts and Article 4A of the Uniform Commercial Code (“UCC”) for business accounts, are two entities that govern these transfers. Both have opposing interests considering that the EFTA attempts to shield customers from paying unauthorized charges whereas the UCC has a framework in place that protects the banks and shifts the risk of loss to the customer if the bank can show that (1) a commercially reasonable security procedure was in place and, (2) the bank accepted the payment order in good faith and in compliance with the security procedure and any other written agreement or customer instruction.
Continue Reading Bank Security and Wire Transfers: Even Vaulted Systems Can’t Protect All Personal Information