Privacy & Compliance

GDPR: Do You Have to Hire a DPO?

Michael Buckbee

Jan 11, 2017

I suspect right about now that EU (and US) companies affected by the General Data Protection Regulation (GDPR) are starting to look more closely at their compliance project schedules. With...

The Federal Trade Commission Likes the NIST Cybersecurity Framework (and You Should Too)

Michael Buckbee

Oct 11, 2016

Remember the Cybersecurity Framework that was put together by the folks over at the National Institute of Standards and Technology (NIST)?  Sure you do! It came about because the US...

HHS to Investigate Smaller HIPAA Privacy Breaches

Michael Buckbee

Aug 23, 2016

As  a reader of this blog, you know all about Health and Human Services’ (HHS) wall of shame. That’s where breaches involving protected health information (PHI) affecting 500 or more...

What is the Minimum Acceptable Risk Standards for Exchanges (MAR-E)?

Michael Buckbee

Aug 03, 2016

Under the Affordable Care Act (ACA) of 2010, there are now online marketplaces to buy health insurance. These are essentially websites that allow consumers to shop around for an insurance...

Understanding Canada: Ontario’s New Medical Breach Notification Provision (and Other Canadian Data Privacy Facts)

Michael Buckbee

Jul 27, 2016

Remember Canada’s profusion of data privacy laws? The Personal Information Protection and Electronic Documents Act (PIPEDA) is the law that covers all commercial organizations across Canada. Canadian federal government agencies,...

Is Browsing Facebook While in the Hospital a HIPAA Violation?

Michael Buckbee

Jul 19, 2016

A recently filed federal class-action suit claims that several healthcare providers are violating HIPAA’s rules on protected health information (PHI). If the suit succeeds, privacy advocates say it has the potential...

EU GDPR: Data Rights and Security Obligations [INFOGRAPHIC]

Michael Buckbee

Jul 07, 2016

The EU General Data Protection Regulation (GDPR) isn’t light reading (though we’ve done our best with the Plain English Guide to the GDPR. However, it doesn’t mean that this law’s...

GDPR: Pseudonymization as an Alternative to Encryption

Michael Buckbee

Jun 24, 2016

Have I mentioned lately that the General Data Protection Regulation (GDPR) is a complicated law? Sure, there are some underlying principles, such as Privacy by Design (PbD) and other ideas,...

What is the EU General Data Protection Regulation?

Michael Buckbee

Dec 11, 2015

Table of Contents DPD 2.0 GDPR Vocabulary Articulating the Articles More Articles: The New Stuff Focus Your GDPR Compliance Note: This post now reflects the final version of the EU...

Penetration Testing Explained, Part I: Risky Business

Michael Buckbee

Sep 23, 2015

In most of the security standards and regulations that I’ve been following there’s typically a part titled Risk Assessment. You can find this requirement in HIPAA, PCI DSS, EU GDPR,…

Inside the World of Insider Threats, Part I: Motivation

Michael Buckbee

Jan 20, 2015

As someone once said in a different context, never let a good crisis go to waste. While we still don’t have definitive proof, there’s good evidence that employees were in...

5 Things Privacy Experts Want You to Know About Wearables

Michael Buckbee

Jul 17, 2014

There’s been a lot of news lately in the health and fitness wearables space. Apple just announced they’re releasing an app, called “Health,” as well as a cloud-based platform “Health...