-
Feb 21, 2017
Cybersecurity Laws Get Serious: EU’s NIS Directive
In the IOS blog, our cyberattack focus has mostly been on hackers stealing PII and other sensitive personal data. The breach notification laws and regulations that we write about require...
Michael Buckbee
4 min read
-
Jan 11, 2017
GDPR: Do You Have to Hire a DPO?
I suspect right about now that EU (and US) companies affected by the General Data Protection Regulation (GDPR) are starting to look more closely at their compliance project schedules. With...
Michael Buckbee
3 min read
-
Oct 11, 2016
The Federal Trade Commission Likes the NIST Cybersecurity Framework (and You Should Too)
Remember the Cybersecurity Framework that was put together by the folks over at the National Institute of Standards and Technology (NIST)? Sure you do! It came about because the US...
Michael Buckbee
2 min read
-
Aug 23, 2016
HHS to Investigate Smaller HIPAA Privacy Breaches
As a reader of this blog, you know all about Health and Human Services’ (HHS) wall of shame. That’s where breaches involving protected health information (PHI) affecting 500 or more...
Michael Buckbee
1 min read
-
Aug 03, 2016
What is the Minimum Acceptable Risk Standards for Exchanges (MAR-E)?
Under the Affordable Care Act (ACA) of 2010, there are now online marketplaces to buy health insurance. These are essentially websites that allow consumers to shop around for an insurance...
Michael Buckbee
4 min read
-
Jul 27, 2016
Understanding Canada: Ontario’s New Medical Breach Notification Provision (and Other Canadian Data Privacy Facts)
Remember Canada’s profusion of data privacy laws? The Personal Information Protection and Electronic Documents Act (PIPEDA) is the law that covers all commercial organizations across Canada. Canadian federal government agencies,...
Michael Buckbee
1 min read
-
Jul 19, 2016
Is Browsing Facebook While in the Hospital a HIPAA Violation?
A recently filed federal class-action suit claims that several healthcare providers are violating HIPAA’s rules on protected health information (PHI). If the suit succeeds, privacy advocates say it has the potential...
Michael Buckbee
2 min read
-
Jul 07, 2016
EU GDPR: Data Rights and Security Obligations [INFOGRAPHIC]
The EU General Data Protection Regulation (GDPR) isn’t light reading (though we’ve done our best with the Plain English Guide to the GDPR. However, it doesn’t mean that this law’s...
Michael Buckbee
1 min read
-
Jun 24, 2016
GDPR: Pseudonymization as an Alternative to Encryption
Have I mentioned lately that the General Data Protection Regulation (GDPR) is a complicated law? Sure, there are some underlying principles, such as Privacy by Design (PbD) and other ideas,...
Michael Buckbee
3 min read
-
Dec 11, 2015
What is the EU General Data Protection Regulation?
Table of Contents DPD 2.0 GDPR Vocabulary Articulating the Articles More Articles: The New Stuff Focus Your GDPR Compliance Note: This post now reflects the final version of the EU...
Michael Buckbee
7 min read
-
Sep 23, 2015
Penetration Testing Explained, Part I: Risky Business
In most of the security standards and regulations that I’ve been following there’s typically a part titled Risk Assessment. You can find this requirement in HIPAA, PCI DSS, EU GDPR,…
Michael Buckbee
3 min read
-
Jan 20, 2015
Inside the World of Insider Threats, Part I: Motivation
As someone once said in a different context, never let a good crisis go to waste. While we still don’t have definitive proof, there’s good evidence that employees were in...
Michael Buckbee
3 min read