Category: Law and Regulations

Iowa House Study Bill 526 would require organizations to report a breach within 45 days, add new categories to reporting requirements, and expand the definition of what is considered personal information. The bill would apply to personal data in any form and also cover medical records, effectively shortening HIPAA breach reporting requirements by 15 days. If organizations implement increased encryption methods, they can be exempt from the proposed state reporting requirements.

In this WSJ article, the author posits: What is the greatest threat to liberty in America? Constitutional scholar Philip Hamburger responds: overreach and lack of oversight by the regulatory state or Deep State, where the Bill of Rights has been gutted and citizens have not guarantee of due process.

I will need to read through this before adding any commentary.

Signed by President Trump today: Read More

A comparison of U.S. and GDPR breach requirements.

In the ongoing saga of FTC chicanery in the LabMD case… In case you are not up to speed, LabMD was investigated and charged by the FTC for lax security and exposure of patient data in 2009, and in subsequent hearings it became evident that the FTC was on a fishing expedition, paying infosec contractor Tiversa to “manufacture” evidence of malfeasance when there was no proof the data had been stolen or that any harm had subsequently come to patients of the small cancer detection lab.

This week, a federal judge denied the motion to dismiss the First Amendment case that LabMD brought against alleged complicit FTC employees. An excerpt from Law360, below: Read More