Senate Bill 273 goes into effect on March 20, 2019, and creates new requirements for Ohio insurance companies, including health insurance plans, to develop and implement specific information security programs to safeguard nonpublic business and personal information. Senate Bill 273 is based upon the National Association of Insurance Commissioners’ Insurance Data Security Model Law (also referred to as "MDL-668") ...
As the latest signal in the priority of the Duty to Report in Ohio, the State Medical Board has updated its Duty to Report video.[1] The video is offered by the Board for physicians to fulfill the mandatory continuing medical education (CME) component of the license renewal process in Ohio. Introduced in a new regulation on May 31, 2021,[2] the Board began mandating one hour of CME on the topic of the legal duty to report misconduct ...
As if businesses did not have enough to worry about during this COVID-19 pandemic, it’s times like these when cybersecurity risk is at its peak. Distracted employees may be psychologically vulnerable to attack, and shifting quickly and unexpectedly to a remote workforce can create technology and control risks. It’s a perfect storm for cyber risk ...
The Department of Health and Human Services Office of Civil Rights (OCR) Spring 2019 Cybersecurity Newsletter includes new recommendations regarding how HIPAA covered entities can prepare to defend against cybersecurity attacks such as advanced persistent threats (APTs) and zero-day vulnerabilities ...
Not only are healthcare providers under attack in the daily battle against the coronavirus, criminal actors are quickly taking advantage of relaxed HIPAA enforcement and standards, teleworking and the general intensity of the situation to exploit patient and other confidential information ...
OCIE’s most recent Risk Alert, published Sept. 15, 2020, address another cybersecurity issue, this time highlighting the dangers of “credential stuffing.” Credential stuffing is a method of cyberattack that uses compromised client login credentials and can lead to loss of customer assets and the disclosure of confidential or other personal information. Hackers will obtain groups or lists of usernames, email addresses, and their passwords from sellers on the dark web ...
On July 10, 2020, the Office of Compliance Inspections and Examinations (OCIE) released a Risk Alert highlighting the dangers of ransomware to SEC-registered entities, including investment advisers. The Risk Alert is a response to a marked uptick in both the prevalence and sophistication of ransomware attacks in recent months. Ransomware is a type of malware used by criminals to gain control of your or your firm’s confidential information and customer data ...
Introduction On 21 January 2021 a new royal decree was published in the Official Gazette which has temporarily extended occupational doctors' role in combating the COVID-19 pandemic in the workplace ...
The Office of the Comptroller of the Currency (“OCC”) issued an interpretive letter (the “Stablecoin Letter”) confirming that national banks and federal savings associations are permitted to take and hold fiat currency deposits that serve as reserves for fiat-currency backed stablecoins associated with hosted digital wallets (the “OCC Stablecoin Letter”) ...
1. Introduction Transmission services used in the provision of M2M services are growing in importance. As a result, in May 2019 ANACOM (the Portuguese communications regulatory authority) launched a public consultation1 to collect input on the possible creation of a specific range in the national numbering plan (plano nacional de numeração - PNN) to accommodate these services ...
The Federal Circuit released the results of its en banc hearing of a case involving the issue of what is patent eligible subject matter under section 101 of the Patent Act. (CLS Bank International v. Alice Corporation Pty. Ltd., F. 3d., Case No. 2011 1301 (May 9, 2013) ...
The Philippine National Privacy Commission (NPC), which administers the country’s Data Privacy Act (DPA), has recently made available to the public copies of its advisory opinions. These opinions had been issued in response to various queries regarding the proper application and interpretation of the provisions of the DPA and its implementing rules and regulations. Issue of consent Advisory Opinion No ...
In the light of the current geopolitical situation, including severe counter sanctions and restrictions imposed by the Russian Government, we would like to provide you with an update on the current IP regulation in Russia. Partial legalization of parallel imports On 29th March, the Russian government issued a Decree No ...
Important notification of four new guidelines for the compilation of mandatory codes of practice, which are binding in terms of the Mine Health and Safety Act 29 of 1996 (“the MHSA”).Kindly take note that on Friday, 5 February 2016, notices were published in Government Gazette No ...
Some are just donkeys with a horn.I will remember 2019 as the year when many unicorns were exposed as donkeys in disguise.Invoking the rarity and mystique of the mythical creature, a “unicorn” is the term the financial market coined for companies worth US$1 billion or more. The year opened with high hopes for such companies that sought an initial public offering (IPO) in the following months ...
You’ve seen all the articles about the Supreme Court’s decision in Assoc. for Molecular Pathology v. Myriad Genetics Inc. and the end of DNA patents, but what does this mean outside the biotech world? It means more insight into patent eligibility under 35 U.S.C. § 101. While Myriad does not affect business method and software patents, it is indicative of the general trend of the Supreme Court with respect to the threshold required to obtain a valid patent ...
Norway fully integrated the provisions of PSD2 and the Payment Accounts Directive into its legal system with the entry into force of the new Financial Agreements Act on January 1, 2023. The Norwegian Central Bank made significant strides in its exploration of digital central bank currency, completing the fourth phase of its initiative. This phase focused on testing and validating technical solutions, with findings reported on December 18, 2023, indicating successful outcomes ...
Background Disqus is an American company offering online public comment sharing services. These services were previously used by various Norwegian online newspapers. The Data Protection Authority has investigated whether Disqus has been sharing information about the users of the comment sections with marketing companies, without the knowledge of neither the users nor the owners of the online newspapers, and in breach of the GDPR ...
Earlier this year, the UK government launched 'Tech Nation'; an interactive data project that shows the growth of digital businesses within specific areas/regions across the UK. The report is the first of its kind and ranked Belfast as the second highest region in the UK in terms of the highest average company turnover in this sector, with Greater Manchester securing the top spot and Sheffield, Inner London and South Wales coming third, fourth and fifth respectively ...
It has been reported by various news outlets that Ireland’s Data Protection Commission (DPC) has prepared a draft decision which may well lead to the end of EU-US data transfers. This draft decision is a consequence of the concerns which have been raised by USA surveillance laws and practices and comes in the wake of the invalidation of the EU-US Privacy Shield by the Court of Justice of the EU a few years ago ...
Why Proportionality Should Be Considered As Part of the Preservation Parties have a general duty to preserve and produce relevant electronically stored information (ESI). This duty, however, is bounded by a proportionality requirement because e-discovery should not be allowed to be the tail that wags the dog. Courts and parties have been adept at applying proportionality requirements to the production of ESI, but they have struggled to apply proportionality to the preservation of ESI ...
The National Information Technology Development Agency (NITDA) has extended the timeline for filing the 2021 data audit report from 15 March 2021 till 30 June 2021. In 2019, the National Information Technology and Development Agency (‘NITDA’) issued the Nigerian Data Protection Regulation (‘NDPR’) ...
On February 26, 2013, the National Institute of Standards and Technology ("NIST") issued a Request for Information ("RFI") to gather comments regarding the development of a framework to reduce cybersecurity risks to critical infrastructure. As we previously reported, the Obama Administration’s executive order, Improving Critical Infrastructure Cybersecurity (the "Executive Order"), released on February 12, 2013, directs NIST to coordinate development of this framework ...
