Insights — InfoLawGroup LLP

Over the past couple years, many predicted that new state laws would follow the lead of states like Nevada and Massachusetts, and some anticipated we could see a situation where 50 different privacy/security laws across the country. Now it looks like we are beginning to see some renewed activity on the state level. In Hawaii we have a proposed bill that would require breached entities to provide credit monitoring and call center services to impacted individuals. In my home state, Colorado, a legislator (Dan Pabon) has proposed a novel bill that takes a new approach to incentivizing companies to implement good security. In this post, we take a look at the highlights of the Colorado bill.

bill, consent, data accuracy, data integrity, data security, notice, privacy, privacy notice, Regulation, Security, security measures

FAQ on the "BEST PRACTICES Act" - Part One

By InfoLawGroup LLP on July 22, 2010

Congressman Bobby Rush has introduced a new data privacy bill to Congress known as the "Building Effective Strategies to Promote Responsibility Accountability Choice Transparency Innovation Consumer Expectations and Safeguards" Act (a.k.a. "BEST PRACTICES Act" or "Act").We have put together a summary of the Act in "FAQ" format. In Part One we look at some of the key definitions, requirements concerning transparency, notice and individual choice, mandates around accuracy, access and dispute resolution, and finally data security and data minimization requirements under the Act. Part Two will focus on the "Safe Harbor" outlined in the Act, various exemptions for deidentified information, and provisions concerning the application and enforcement of the Act.

health information, HHS, HIPAA, HITECH, privacy, Regulation, Security

InfoLaw Alert: HHS Issues Proposed Mofications to HIPAA Security and Privacy Rules

By InfoLawGroup LLP on July 08, 2010

banking, fraud, HIPAA, Mexico, privacy, reasonable, reasonable security, Regulation, Security

Quickhits: Dog Days of Summer Edition

By InfoLawGroup LLP on July 08, 2010

assessment, audit, Breach, breach notice, Cloud, cloud computing, Computing, contracting, contracts, Contracts Breach, forensics, incident, incident response, liability, notice, privacy, provider, Regulation, response, schedule, Security, security assessment, security breach, security schedule, service, service provider, service provider liability

What's in Google's SaaS Contract with the City of Los Angeles? Part Three.

By InfoLawGroup LLP on June 23, 2010

This blogpost is the third (and final) in our series analyzing the terms of Google's and Computer Science Corporation's ("CSC") cloud contracts with the City of Los Angeles. In Part One, we looked at the information security, privacy and confidentiality obligations Google and CSC agreed to. In Part Two, the focus was on terms related to compliance with privacy and security laws, audit and enforcement of security obligations, incident response, and geographic processing limitations, and termination rights under the contracts. In Part Three, we analyze what might be the most important data security/privacy-related terms of a Cloud contract (or any contract for that matter), the risk of loss terms. This is a very long post looking at very complex and interrelated contract terms. If you have any questions feel free to email me at dnavetta@infolawgroup.com

Breach, breach notice, California, fines and penalties, legal defensibility, medical data, notification, Regulation

California Department of Public Health Breach Fines and Legally Defensible Security

By InfoLawGroup LLP on June 17, 2010

audit, Breach, breach notice, Cloud, contracting, contracts, forensics, incident response, privacy, Regulation, Security, security assessment, security breach, security schedule, service provider, service provider liability