ARTICLE
6 August 2021

What We're Reading - August 6, 2021

M
Mintz

Contributor

Mintz logo
Mintz is a litigation powerhouse and business accelerator serving leaders in life sciences, private equity, sustainable energy, and technology. The world’s most innovative companies trust Mintz to provide expert advice, protect and monetize their IP, negotiate deals, source financing, and solve complex legal challenges. The firm has over 600 attorneys across offices in Boston, Los Angeles, Miami, New York, Washington, DC, San Francisco, San Diego, and Toronto.
Explore Firm Details
There is a glut of information out there regarding privacy and cybersecurity these days. Our new feature "What We're Reading" provides a curated list of articles, blogs, newsletters, and books that you may find interesting and helpful.
United States Privacy
Cynthia J. Larose
Your Author LinkedIn Connections

There is a glut of information out there regarding privacy and cybersecurity these days. Our new feature "What We're Reading" provides a curated list of articles, blogs, newsletters, and books that you may find interesting and helpful.

  • For healthcare providers and other HIPAA-covered entities: News stories and Health and Human Services Office for Civil Rights (OCR) investigations abound of hackers infiltrating information systems, workforce members impermissibly accessing patients' health information, and electronic PHI (ePHI) being left on unsecured servers. The Summer 2021 OCR Newsletter is required reading discussing the importance (indeed, the HIPAA Security Rule requirements....) of Information Access Management and Access Control.
  • We often discuss data retention/destruction programs with clients, and in this age of Big Data, the answer to the initial question -- how long do you retain data when you no longer actively use it? - is many times "forever." Recital 39 of the GDPR and the upcoming California Privacy Rights Act (CPRA) both impose limits on data retention. In fact, by January 2023, the CPRA will affirmatively prohibit businesses from hanging on to personal information for "each disclosed purpose for which the personal information was collected for longer than is reasonably necessary for that disclosed purpose." Another perspective on data "hoarding" may ring true with business stakeholders - Paul Gillin writes in Computerworld that the consequences go beyond "compliance."
  • Ransomware - (1) NIST has published draft guidance for organizations concerning ransomware attacks. The Ransomware Profile can help any organization seeking to implement a risk management framework that deals with ransomware threats....and every organization should be working on that. (2) The Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security has launched StopRansomware.gov, an interagency resource that providers information regarding ransomware protection, detection, and response guidance in a single website. It includes ransomware alerts, reports, and resources from CISA, the FBI, and other federal partners in a whole-of-government approach.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Cynthia J. Larose
Cynthia J. Larose
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More