Exhibit A. Federal Statutes Impacting Data Security
|
|
- Adela Underwood
- 8 years ago
- Views:
Transcription
1 Exhibit A Federal Statutes Impacting Data Security Michele A. Whitham Partner, Founding Co-Chair Security & Privacy Practice Group Foley Hoag LLP 155 Seaport Boulevard Boston, MA 02210
2 Federal Law Citation Information / Subject Matter Protected Bad Acts Targeted Penalties / Damages Cable Communications Policy Act (CCPA) U.S.C. 551 Information contained in cable records Cable companies must notify subscribers about collection and use of personal information; companies cannot disclose a subscriber s viewing habits Enforced with a private right of action Children s Online Privacy Protection Act (COPPA) U.S.C. 6501, et seq., 16 C.F.R. 312 Personally identifiable information: name, address, address or contact information, SSN, persistent identifier (cookie), combination of name or photograph with other information that would permit physical or online contacting, or information collected about child or parents that combines with other personal information Website / online service operator cannot collect or disclose personal information from a child under 13 without obtaining requisite prior parental consent No private right of action; enforcement carried out by FTC (and others, for narrow issues); penalties up to $11,000 per violation Computer Fraud and Abuse Act (CFAA) 18 U.S.C Protected computers covered: those used by financial institutions, the US government, and those used in communications involving interstate commerce or foreign commerce (does not have to be owned by government if involved in interstate or foreign commerce) Accessing computer without authorization in order to obtain information, affect use by government involving an interstate or foreign transaction, further a fraud when value is obtained (over $5,000 in any one year period), intentionally or recklessly damage the computer, traffic in passwords, or to exhort payment Common Bad Acts: Unauthorized access to websites, gathering of Civil remedies: damage/loss must fit into the following categories: aggregated damage exceeding $5,000, potential modification or impairment of a medical diagnosis, examination, treatment or care of one or more persons, physical injury, a threat to public health or safety, or damage to a government computer that is used in furtherance of the administration of justice, national All rights reserved.
3 addresses, diversion of customers or harvesting of customer lists, use of bots, defective software, setting of cookies, and authorized users exceeding scope of authority defense, or national security Criminal remedies: acts are punishable by fine and/or imprisonment and apply to both actual and attempted offenses Consumer Financial Protection Act 2010 Pub. L. No , 124 Stat Controlling the Assault of Non- Solicited Pornography and Marketing Act (CANSPAM) U.S.C , 18 U.S.C and 28 U.S.C. 994 Commercial messages whose primary purpose is the advertisement or promotion of a product or service The sender of the as well as the advertiser within the are subject to CANSPAM A sender of commercial is permitted to send communications to a recipient unless and until that recipient has opted out from such communications; every individual must be permitted to opt out, and thus, each message must have clear opt-out mechanism Also prohibited: false or misleading transmission of information, false or misleading subject lines, address harvesting and dictionary attacks, and automatically generating accounts Further, sexually explicit messages must be clearly labeled as such A private right of action for internet service providers exists along with FTC enforcement Injunctions and damages are available. Actual monetary damages lost by users of Internet access service or statutory damages in the amount of $250 per violation ($100 for internet service providers). Statutory damages are capped at $2,000,000 for actions by states and $1,000,000 for internet service providers, but can be trebled in cases of willful and knowing violation Driver s Privacy Protection Act (DPPA) U.S.C Motor vehicle records held by states State must obtain a person s consent before disclosing motor vehicle information to marketers Civil: Plaintiff can get actual damages, not less than $2,500, punitive damages if willful or reckless violation, reasonable attorneys fees and costs, or other equitable relief All rights reserved.
4 Criminal: States DMV s can be fined up to $5,000 per day for each day of substantial noncompliance Electronic Communications Privacy Act (ECPA) U.S.C Wire (including cordless), oral or electronic communications; stored communications Title I (Wiretap Act): - Intentionally intercepting or endeavoring to intercept (or procuring another person to do so) protected communications, including through the use of electronic, mechanical, or other devices. - Disclosing or using the intercepted information, including use in interfering with a criminal investigation, is also illegal Title I (Wiretap Act): - Private cause of action available against persons or entities; damages include injunction, declaratory judgment, actual or statutory damages ($100 per day for each day of violation for $10,000, whichever is greater), punitive damages, reasonable attorney s fees and other litigation costs reasonably incurred Title II (Stored Communications Act): - Criminal remedies also available. - Obtain, alter, or prevent authorized access to a wire or electronic communication while it is in electronic storage Title II (Stored Communications Act): - Same as Title I, but damages are the greater of actual damages and profits earned by the violator or $1,000 Electronic Funds Transfer Act (EFTA) 15 U.S.C Direct debit electronic fund transfers from bank accounts (applies to bank or person who, Customers must receive initial disclosure from entity detailing transfer processes, error-reporting The EFTA provides for both actual and statutory damages, and allows for the recovery of costs All rights reserved.
5 directly or indirectly, holds an account belonging to a consumer) including preauthorized automatic transfers procedures, and notification details (including ATM uses) and attorneys' fees in successful actions. Statutory damages are determined by the court based on the frequency and persistence of noncompliance, the nature of noncompliance, the extent to which the noncompliance was intentional, the resources of the defendant and the number of persons adversely affected. The EFTA places caps on statutory damages. Unfortunately, the manner in which the caps are applied is uncertain. In the case of an action filed by an individual, statutory damages are at least $100, but not greater than $1,000. Employee Polygraph Protection Act (EPPA) U.S.C Polygraph examinations Private sector employers cannot use polygraph testing on employees / prospective employees unless it is in connection with an ongoing investigation involving economic loss or injury to the employer s business, such as theft, embezzlement, misappropriation, etc when the employer has reasonable suspicion Civil penalties against employers may not exceed $10,000; injunctions also available A private right of action also exists, and in these cases, costs and fees are available Fair Credit Reporting Act (FCRA) U.S.C Data contained in consumer report, including personal and financial data Consumer reporting agencies must maintain reasonable procedures to ensure that information in consumer reports will be disclosed only for Only individual customers may seek to invoke remedial provisions; willful noncompliance results in actual and punitive All rights reserved.
6 permissible reasons, including in response to court order / legal process, pursuant to written instructions of consumer, to a person who intends to use the information in connection with credit transaction, employment purposes, or insurance underwriting services, or to obtain a government license, a loan, to a person who has legitimate business need for the information, or to a child support enforcement agency damages (punitive damages not available for negligent noncompliance), as well as costs and attorney s fees; any person who knowingly and willfully obtains information on a consumer under false pretenses, or any credit reporting agency that provides information to a person not authorized to receive it, faces fines and/or imprisonment of up to 2 years Fair and Accurate Credit Transactions Act (FACTA) Pub. L. No Stat Data contained in consumer report, including personal and financial data Identity theft; covered entities that hold customer accounts must implement identity theft prevention measures designed around recognizing and responding to Red Flags (fraud alert, credit freeze, address discrepancy, inconsistent pattern of activity, altered documents, inconsistent information, personal information similar to large number of other individuals opening accounts, etc.) See above (FCRA) Family Educational Rights and Privacy Act (FERPA) U.S.C. 1232g Student records: records which contain information directly related to students and which are kept by an education agency or institution Educational agency or institution cannot release student records without written consent of parents; nor can educational agencies or institutions release or provide access to personally identifying information within records No private right of action exists; enforcement mechanism is withholding of government funding Exceptions exist for law enforcement (I.E. drug and alcohol All rights reserved.
7 disclosures) Freedom of Information Act (FOIA) U.S.C. 552 Executive agency records Agencies must give public access to records; people requesting records need not state a reason; exceptions include personnel and medical files, and similar files the disclosure of which would constitute a clearly unwarranted invasion of personal privacy as well as information compiled for law enforcement purposes disclosure of which would yield unwarranted invasion of personal privacy Exceptions to rule used as defense to compliance Genetic Information Nondiscrimination Act (GINA) P.L , 122 Stat. 881 Genetic information, I.E. information about individual s genetic tests or those of family members (including fetuses), the manifestation of a disease or disorder in an individual s family members or any request for, or receipt of genetic services or participation in clinical research that includes genetic services by an individual Employers and other covered entities may not collect, acquire or publicize this information (with exceptions for inadvertence, public records, and when employer provides genetic services) Remedies for violations include corrective action and monetary penalties ($100 per day of noncompliance, with a minimum of $2,500, or $15,000 if violations are more than de minimis) Private right of action exists Gramm-Leach-Bliley Act (GLBA) U.S.C Credit card applications, account histories, name address, or telephone number in conjunction with SSN, passwords, account numbers Interagency Guidance requires every financial institution to develop and implement a risk-based response program to address incidents of unauthorized access to customer information No private right of action; no monetary remedy; enforcement left to FTC which can merely implement the standards associated with the act, and seeking injunctions preventing an institution from disclosing information in violation of GLBA Health Insurance Pub. L. No. Protected Health Information Covered entities cannot disclose Government enforcement: entity All rights reserved.
8 Portability and Accountability Act (HIPAA) , 110 Stat (PHI): individually identifiable health information that is transmitted by electronic media, maintained in any electronic medium, or transmitted or maintained in any other form; HITECH Act (part of Stimulus Act) makes Business Associates of entities subject to privacy and security provisions regarding this information PHI; patient authorization needed for most purposes other than disclosure for treatment, payment for treatment, and healthcare operations; entities must impose administrative, physical and technical safeguards, as well as organizational requirements and security policies and procedures violating privacy provisions is subject to civil fines. Penalties range from $100 per violation, up to $50,000 per violation (total max penalty is $1,500,000 during single calendar year); criminal penalties including fines and incarceration available for egregious violations Mail Privacy Statute 39 U.S.C Prohibits opening of mail without a search warrant or addressee s consent Privacy Act of U.S.C. 552a Applies to federal agencies systems of records which contain individuals personal information Prevents agencies from disclosing information from a system of records without the express consent of an individual to whom the information pertains (subject to routine use exception) Privacy Impact Assessment must be completed when an agency is developing new technology that will handle or collect personal information, developing system revisions, or issuing a new or updated rulemaking that affects personal information Privacy Protection Act of U.S.C. 2000aa Work product materials possessed by a person reasonably believed to have a purpose to disseminate to the public a newspaper, book, broadcast, or other similar form of public communication Subpoena is needed to obtain these work product materials; party can challenge subpoena in court without having law enforcement officials intrude on premises N/A Right to Financial Privacy Act (RFPA) 12 U.S.C Customers records from financial institutions Federal government cannot obtain records unless it obtains (a) a search warrant supported by probable cause, (b) the customer s consent or Customer has right of action against the agency or the institution, and civil penalties of at least $100 and punitive All rights reserved.
9 (c) a specifically proscribed procedural device such as a subpoena served upon the customer damages are available Telemarketing and Consumer Fraud Abuse and Prevention Act 15 U.S.C Telemarketer phone calls Telemarketers must clearly tell consumers at outset of call the identity of the seller, the purpose for the call, and what good or service the telemarketer is offering See also Federal and State Do-Not- Call Lists Telephone Consumer Protection Act of U.S.C. 227 Telemarketer phone calls Telemarketers must cease calling individual once request has been made Individuals can sue for damages of up to $500 for each call See also Federal and State Do-Not- Call Lists Video Privacy Protection Act of U.S.C Customer video rental or purchase information Videotape service providers cannot disclose information Private right of action exists; video companies that violate the act may be liable for damage awards of at least $2,500, punitive damages, costs and attorneys fees All rights reserved.
Fair and Accurate Credit Transactions Act: More Protection for Consumers
Fair and Accurate Credit Transactions Act: More Protection for Consumers Businesses must heed FACTA requirements for protecting consumers credit records or face criminal or monetary consequences Stacey
More informationCOMPUTER FRAUD AND ABUSE ACT. US Code as of: 01/05/99 Title 18 Sec. 1030. Fraud and related activity in connection with computers
COMPUTER FRAUD AND ABUSE ACT US Code as of: 01/05/99 Title 18 Sec. 1030. Fraud and related activity in connection with computers (a) Whoever - (1) having knowingly accessed a computer without authorization
More informationE-mail Marketing: CAN- SPAM Act Compliance David J. Ervin and Christopher M. Loeffler, Kelley Drye and Warren LLP
E-mail Marketing: CAN- SPAM Act Compliance David J. Ervin and Christopher M. Loeffler, Kelley Drye and Warren LLP This Practice Note is published by Practical Law Company on its PLC Law Department web
More informationPrivacy Statement. Policy Overview. This Notice tells you our policies regarding:
Privacy Statement At Glacier Club Cable TV we take your privacy seriously and we want you to know our policies. This Notice will give you an overview of those policies and how we will apply them in specific
More informationCongress Passes New Anti-Spam Legislation
DECEMBER 2003 Congress Passes New Anti-Spam Legislation On December 16, 2003, President Bush signed into law the Controlling the Assault of Non-Solicited Pornography and Marketing Act (the CAN-SPAM Act
More informationCYBERCRIME LAWS OF THE UNITED STATES
CYBERCRIME LAWS OF THE UNITED STATES United States Code, Title 18, Chapter 121 STORED WIRE AND ELECTRONIC COMMUNICATIONS AND TRANSACTIONAL RECORDS ACCESS 2701. Unlawful access to stored communications
More information3. "Consumer reporting agency" has the meaning ascribed to it in 15 U.S.C. Sec. 1681a(f).
Combo security freeze bill with consensus areas. Where no consensus: AG language in left column, CDIA language in right column. In some cases, differences on specific points are identified in text of bill.
More informationUpdated Administration Proposal: Law Enforcement Provisions
Updated Administration Proposal: Law Enforcement Provisions [Changes to existing law are in shown in italics, bold, and strikethrough format] SEC. 101. Prosecuting Organized Crime Groups That Utilize Cyber
More information2. "Consumer" means an individual. (same as 15 U.S.C. 1681a(c))
Combo security freeze bill with consensus areas. Where no consensus: AG language in left column, CDIA language in right column. In some cases, differences on specific points are identified in text of bill.
More information2480a. Definitions. 2480b. Disclosures to consumers
Vermont Statutes Annotated Title 9 Commerce and Trade Part 3 0 Sales, Assignments and Secured Transactions Chapter 63 Consumer Fraud Subtitle 3 Fair Credit Reporting 2480a. Definitions For purposes of
More information30-14-1726. Definitions. As used in 30-14-1726 through 30-14-1736, the following definitions apply:
Montana Code Annotated Title 30 Trade and Commerce Chapter 14 Unfair Trade Practices and Consumer Protection 30-14-1726. Definitions. As used in 30-14-1726 through 30-14-1736, the following definitions
More informationPacific Medical Centers HIPAA Training for Residents, Fellows and Others
Pacific Medical Centers HIPAA Training for Residents, Fellows and Others Summary of Critical Pacific Medical Centers (PMC) HIPAA Policies and Procedures For additional information or questions, please
More informationSUBSCRIBER PRIVACY NOTICE
PRIVACY AND SECURITY NewWave will provide you with a copy of its privacy notice at the time Service is installed, and annually afterwards, or as otherwise permitted by law. Customer can view the most current
More informationNC General Statutes - Chapter 75 Article 4 1
Article 4. Telephone Solicitations. 75-100. Findings. The General Assembly finds all of the following: (1) The use of the telephone to market goods and services to the home is now pervasive due to the
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT The parties to this ( Agreement ) are, a _New York_ corporation ( Business Associate ) and ( Client ) you, as a user of our on-line health record system (the "System"). BY
More informationBUSINESS ASSOCIATE AGREEMENT ( BAA )
BUSINESS ASSOCIATE AGREEMENT ( BAA ) Pursuant to the terms and conditions specified in Exhibit B of the Agreement (as defined in Section 1.1 below) between EMC (as defined in the Agreement) and Subcontractor
More informationUnderstanding Health Insurance Portability Accountability Act AND HITECH. HIPAA s Privacy Rule
Understanding Health Insurance Portability Accountability Act AND HITECH HIPAA s Privacy Rule 1 What Is HIPAA s Privacy Rule The privacy rule is a component of the Health Insurance Portability and Accountability
More informationOKLAHOMA LAWS RELATING TO IDENTITY THEFT
OKLAHOMA LAWS RELATING TO IDENTITY THEFT Prepared for VICARS by Legal Aid Services of Oklahoma Introduction: OKLAHOMA LAWS RELATING TO IDENTITY THEFT Identity theft takes place when someone uses your personal
More informationFair Credit Reporting Act Compliance Guide
Fair Credit Reporting Act Compliance Guide FAIR CREDIT REPORTING ACT TABLE OF CONTENTS Page I. INTRODUCTION...1 A. Increased Applicant and Employee Rights...1 B. What is a "Consumer Report?"...1 C. What
More informationMichie's Legal Resources. This part shall be known and may be cited as the Tennessee Identity Theft Deterrence Act of 1999. [Acts 1999, ch. 201, 2.
http://www.michie.com/tennessee/lpext.dll/tncode/12ebe/13cdb/1402c/1402e?f=templates&... Page 1 of 1 47-18-2101. Short title. This part shall be known and may be cited as the Tennessee Identity Theft Deterrence
More informationPrivacy, Data Collection and Information Management Practice Team November 13, 2003
Overview of Current Anti-Spam Regulations Privacy, Data Collection and Information Management Practice Team The proliferation of unsolicited commercial e-mail, more commonly known as spam, has prompted
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT
HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ("BA AGREEMENT") supplements and is made a part of any and all agreements entered into by and between The Regents of the University
More informationTerms and Conditions Relating to Protected Health Information ( City PHI Terms ) Revised and Effective as of September 23, 2013
Terms and Conditions Relating to Protected Health Information ( City PHI Terms ) Revised and Effective as of September 23, 2013 The City of Philadelphia is a Covered Entity as defined in the regulations
More informationTexas Security Freeze Law
Texas Security Freeze Law BUSINESS & COMMERCE CODE CHAPTER 20. REGULATION OF CONSUMER CREDIT REPORTING AGENCIES 20.01. DEFINITIONS. In this chapter: (1) "Adverse action" includes: (A) the denial of, increase
More informationCybercrime: A Sketch of 18 U.S.C. 1030 and Related Federal Criminal Laws
Order Code RS20830 Updated February 25, 2008 Cybercrime: A Sketch of 18 U.S.C. 1030 and Related Federal Criminal Laws Summary Charles Doyle Senior Specialist American Law Division The federal computer
More informationBOBCAT COMPUTING POLICY
BOBCAT COMPUTING POLICY The overarching policy governing computing and networking at Jones is the Policy on Acceptable Use of Electronic Resources. The policy is reprinted in its entirety below. Faculty,
More informationBy Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN
Major Changes to HIPAA Security and Privacy Rules Enacted in Economic Stimulus Package By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN The HITECH Act is the
More informationIssue Brief. Arizona State Senate IDENTITY THEFT AND CONSUMER PROTECTION INTRODUCTION IDENTITY THEFT. September 17, 2015.
Arizona State Senate Issue Brief September 17, 2015 Note to Reader: The Senate Research Staff provides nonpartisan, objective legislative research, policy analysis and related assistance to the members
More informationNew Hampshire Statutes Title 31 Trade and Commerce Chapter 359-B Consumer Credit Reporting
New Hampshire Statutes Title 31 Trade and Commerce Chapter 359-B Consumer Credit Reporting 359-B:22 Definitions. In this subdivision: I. "Identity theft" means the unauthorized taking or use of an individual's
More informationHB659 151295-1. By Representative Hall. RFD: Judiciary. First Read: 23-APR-13. Page 0
HB -1 By Representative Hall RFD: Judiciary First Read: -APR-1 Page 0 -1:n:0/0/01:JET/mfc LRS01-1 1 1 1 1 1 1 1 1 0 1 SYNOPSIS: Under existing law, a court or magistrate may issue a warrant for the search
More informationHackers, Slackers & Packers: Preventing Data Loss & Dealing with the Inevitable. Data Breaches Are All Too Common
Hackers, Slackers & Packers: Preventing Data Loss & Dealing with the Inevitable Steven J. Fox (sjfox@postschell.com) Peter D. Hardy (phardy@postschell.com) Robert Brandfass (BrandfassR@wvuh.com) (Mr. Brandfass
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the Agreement ), is made effective as of the sign up date on the login information page of the CarePICS.com website, by and between CarePICS,
More informationCredit Reports and the Fair Credit Reporting Act. The Credit Bureaus
Credit Reports and the Consumer Law Eric E. Johnson eejlaw.com Konomark Most rights sharable. The Credit Bureaus 1 State law causes of action against credit bureaus Defamation Invasion of privacy State
More informationSUMMARY OF PUBLIC LAW 108-187 THE CAN-SPAM ACT OF 2003
SUMMARY OF PUBLIC LAW 108-187 THE CAN-SPAM ACT OF 2003 On December 16, 2003, President Bush signed into law the CAN-SPAM Act of 2003. CAN-SPAM stands for "Controlling the Assault of Non-Solicited Pornography
More informationNEW WAVE PRIVACY NOTICE
NEW WAVE PRIVACY NOTICE Companies controlled by NewWave Communications (subsequently referred to as NewWave, we, our, or us ) operate cable television systems through which they provide their customers
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT
HIPAA BUSINESS ASSOCIATE AGREEMENT THIS HIPAA BUSINESS ASSOCIATE AGREEMENT ( BAA ) is entered into effective the day of, 20 ( Effective Date ), by and between the Regents of the University of Michigan,
More informationCHAPTER 121 STORED WIRE AND ELECTRONIC COMMUNICATIONS AND TRANSACTIONAL RECORDS ACCESS
18 U.S.C. United States Code, 2010 Edition Title 18 - CRIMES AND CRIMINAL PROCEDURE PART I - CRIMES CHAPTER 121 - STORED WIRE AND ELECTRONIC COMMUNICATIONS AND TRANSACTIONAL RECORDS ACCESS CHAPTER 121
More informationIX. FLORIDA CONSUMER COLLECTION PRACTICES ACT
IX. FLORIDA CONSUMER COLLECTION PRACTICES ACT Sec. 559.55 Definitions. 559.551 Short title. PART IV - CONSUMER COLLECTION PRACTICES (FCCPA) 559.552 Relationship of state and federal law. 559.553 Registration
More informationGENERAL ASSEMBLY OF NORTH CAROLINA SESSION 2005 H 2 HOUSE BILL 629 Committee Substitute Favorable 5/18/05
GENERAL ASSEMBLY OF NORTH CAROLINA SESSION 0 H HOUSE BILL Committee Substitute Favorable //0 Short Title: Option to Freeze Credit Report. Sponsors: Referred to: March, 0 (Public) A BILL TO BE ENTITLED
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT is made and entered into as of the day of, 2013 ( Effective Date ), by and between [Physician Practice] on behalf of itself and each of its
More informationRetaliatory Hacking: Risky Business or Legitimate Corporate Security?
Retaliatory Hacking: Risky Business or Legitimate Corporate Security? 1 Presenter: Sean L. Harrington Cybersecurity Partnership Manager and information security risk assessor in the banking industry; Digital
More informationBUSINESS ASSOCIATE AGREEMENT. Business Associate. Business Associate shall mean.
BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement is made as of the day of, 2010, by and between Methodist Lebonheur Healthcare, on behalf of itself and all of its affiliates ( Covered Entity
More informationPRIVACY AND IDENTITY THEFT 2003:
PRIVACY AND IDENTITY THEFT 2003: Where Are We Now And Where Are We Going.... Huggins v. CitiBank: A Case Study Stephen P. Groves, Sr., Esquire 205 King Street, Suite 400 Charleston, South Carolina 29401
More informationCHAPTER 172. C.56:11-28 Short title. 1. This act shall be known and may be cited as the "New Jersey Fair Credit Reporting Act."
CHAPTER 172 AN ACT concerning consumer credit reports and supplementing Title 56 of the Revised Statutes. BE IT ENACTED by the Senate and General Assembly of the State of New Jersey: C.56:11-28 Short title.
More informationClients Legal Needs in HIPAA Security Compliance
Clients Legal Needs in HIPAA Security Compliance Robyn A. Meinhardt, JD, RN FOLEY & LARDNER LLP 2004 Preserving Attorney-Client Privilege and Work Product Protections 1 Relevance to Security Compliance
More informationHow To Comply With The Federal Consumer Reporting Act
Fair Credit Reporting Act 1 The Fair Credit Reporting Act (FCRA) 2 became effective on April 25, 1971. The FCRA is a part of a group of acts contained in the Federal Consumer Credit Protection Act 3 such
More informationJAN 2 2 2016. (a) The obstruction, impairment, or hindrance of the. (b) The obstruction, impairment, or hindrance of any
~ (c) S.B. NO. \ JAN 0 A BILL FOR AN ACT THE SENATE TWENTY-EIGHTH LEGISLATURE, 0 STATE OF HAWAII RELATING TO LAW ENFORCEMENT. BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF HAWAII: ' SECTION. Section
More informationNOTICE TO USERS OF CONSUMER REPORTS: OBLIGATIONS OF USERS UNDER THE FCRA I. OBLIGATIONS OF ALL USERS OF CONSUMER REPORTS
All users of consumer reports must comply with all applicable regulations. Information about applicable regulations currently in effect can be found at the Consumer Financial Protection Bureau s website,
More informationCREDIT REPAIR ORGANIZATIONS ACT 15 U.S.C. 1679 et. seq.
CREDIT REPAIR ORGANIZATIONS ACT 15 U.S.C. 1679 et. seq. Please note that the information contained herein should not be construed as legal advice and is intended for informational purposes only. In addition,
More informationV 11.01.14. Seven areas are covered by this Notice:
Mediatti Broadband Communications, your local cable operator ( MBC ) is providing this Subscriber Privacy Notice ( Notice ) to inform you of its practices regarding personally identifiable information
More informationBBB Wise Giving Alliance & The International Committee of Fundraising Organizations Advancing Trust in the Charitable Sector Federal Trade
BBB Wise Giving Alliance & The International Committee of Fundraising Organizations Advancing Trust in the Charitable Sector Federal Trade Commission, Bureau of Consumer Protection Allison M. Lefrak, Attorney,
More informationEvolution of HB 300. HIPAA passed in 1996 Originally, HIPAA only directly impacted certain covered entities :
Texas HB 300 HB 300: Background Texas House Research Organizational Bill Analysis for HB 300 shows state legislators believed HIPAA did not provide enough protection for private health information (PHI)
More informationSummary of Privacy and Data Security Bills- 112 th Congress. Prepared for September 15, 2011 CT Privacy Forum
Summary of Privacy and Data Security Bills- 112 th Congress Prepared for September 15, 2011 CT Privacy Forum GEOLOCATION TRACKING The Location Privacy Protection Act of 2011 (S. 1223)- introduced by s
More informationHIPAA Privacy Rule CLIN-203: Special Privacy Considerations
POLICY HIPAA Privacy Rule CLIN-203: Special Privacy Considerations I. Policy A. Additional Privacy Protection for Particularly Sensitive Health Information USC 1 recognizes that federal and California
More informationDisclaimer: Template Business Associate Agreement (45 C.F.R. 164.308)
HIPAA Business Associate Agreement Sample Notice Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308) The information provided in this document does not constitute, and is no substitute
More informationState By State Employee Monitoring Laws
Portfolio Media, Inc. 648 Broadway, Suite 200 New York, NY 10012 www.law360.com Phone: +1 212 537 6331 Fax: +1 212 537 6371 customerservice@portfoliomedia.com State By State Employee Monitoring Laws Law360,
More informationInterplay Between FDA Advertising and Promotion Enforcement Activities, Product Liability, and Consumer Fraud Litigation
Interplay Between FDA Advertising and Promotion Enforcement Activities, Product Liability, and Consumer Fraud Litigation Leslie M. Tector Quarles & Brady LLP September 30, 2014 Objectives Which federal
More informationEffective Date: March 23, 2016
AIG COMPANIES Effective Date: March 23, 2016 HIPAA NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
More informationCredit Repair Organizations Act
Credit Repair Organizations Act Title IV of the Consumer Credit Protection Act (Public Law 90-321, 82 Stat. 164) is amended to read as follows: TITLE IV--CREDIT REPAIR ORGANIZATIONS'' Sec. 401. Short title.
More informationCHAPTER 124B COMPUTER MISUSE
1 L.R.O. 2005 Computer Misuse CAP. 124B CHAPTER 124B COMPUTER MISUSE ARRANGEMENT OF SECTIONS SECTION PART I PRELIMINARY 1. Short title. 2. Application. 3. Interpretation. PART II PROHIBITED CONDUCT 4.
More informationCHAPTER 2--CREDIT REPAIR ORGANIZATIONS SEC. 2451. REGULATION OF CREDIT REPAIR ORGANIZATIONS.
CODES COMPLAINTS EMPLOYEE CERTIFICATION FEDERAL LAWS NACSO GUIDELINES LOG OUT CHAPTER 2--CREDIT REPAIR ORGANIZATIONS SEC. 2451. REGULATION OF CREDIT REPAIR ORGANIZATIONS. Title IV of the Consumer Credit
More informationTHE FAIR CREDIT REPORTING ACT
THE FAIR CREDIT REPORTING ACT As a public service, the staff of the Federal Trade Commission (FTC) has prepared the following complete text of the Fair Credit Reporting Act (FCRA), 15 U.S.C. 1681 et seq.
More informationAVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE
AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE This Notice of Privacy Practices describes the legal obligations of Ave Maria University, Inc. (the plan ) and your legal rights regarding your protected health
More informationSigned into law on February 17, 2009, the Stimulus Package known
Stimulus Package Expands HIPAA Privacy and Security and Adds Federal Data Breach Notification Law Marcy Wilder, Donna A. Boswell, and BarBara Bennett The authors discuss provisions of the Stimulus Package
More informationExhibit B. State-By-State Data Security Overview
Exhibit B State-By-State Data Security Overview Michele A. Whitham Partner, Founding Co-Chair Security & Privacy Practice Group Foley Hoag LLP 155 Seaport Boulevard Boston, MA 02210 State Statute Citation
More informationHIPAA Privacy and Security Changes in the American Recovery and Reinvestment Act
International Life Sciences Arbitration Health Industry Alert If you have questions or would like additional information on the material covered in this Alert, please contact the author: Brad M. Rostolsky
More informationUNIVERSITY PHYSICIANS OF BROOKLYN HIPAA BUSINESS ASSOCIATE AGREEMENT CONTRACT NO(S):
UNIVERSITY PHYSICIANS OF BROOKLYN HIPAA BUSINESS ASSOCIATE AGREEMENT CONTRACT NO(S): THIS AGREEMENT is made by and between UNIVERSITY PHYSICIANS OF BROOKLYN, INC., located at 450 Clarkson Ave., Brooklyn,
More informationSTATE OF NEW JERSEY. SENATE, No. 1988. 213th LEGISLATURE. Sponsored by: Senator JEFF VAN DREW District 1 (Cape May, Atlantic and Cumberland)
SENATE, No. STATE OF NEW JERSEY th LEGISLATURE INTRODUCED JUNE, 00 Sponsored by: Senator JEFF VAN DREW District (Cape May, Atlantic and Cumberland) SYNOPSIS "New Jersey Fair Debt Collection Practices Act."
More informationARRIS WHOLE HOME SOLUTION PRIVACY POLICY AND CALIFORNIA PRIVACY RIGHTS STATEMENT
ARRIS WHOLE HOME SOLUTION PRIVACY POLICY AND CALIFORNIA PRIVACY RIGHTS STATEMENT INTRODUCTION ARRIS may collect and receive information from you through its websites 1 as well as through the Moxi User
More informationBUSINESS ASSOCIATE AGREEMENT TERMS
BUSINESS ASSOCIATE AGREEMENT TERMS This Addendum ( Addendum ) is incorporated into and made part of the Agreement between SIGNATURE HEALTHCARE CORPORATION ("Covered Entity ) and ( Business Associate"),
More informationBUSINESS ASSOCIATE CONTRACTUAL ADDENDUM
BUSINESS ASSOCIATE CONTRACTUAL ADDENDUM This HIPAA Addendum ("Addendum") is entered into effective this first day of November 1, 2015, by and between "Business Associate" AND COUNTY OF OTTAWA Ottawa County
More information3/13/2015 HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA?
HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA? 1 DEFINITIONS HIPAA Health Insurance Portability and Accountability Act of 1996 Primarily designed
More informationMANDATED REPORTING OF CHILD NEGLECT OR PHYSICAL OR SEXUAL ABUSE 214. A. Child means a person under age 18.
I. PURPOSE It is the policy of Lakes International Language Academy (the school ) to maintain this policy on mandated reporting of child neglect or physical or sexual abuse. The purpose of this policy
More informationEmployee Privacy Laws: North Carolina
View the online version at http://us.practicallaw.com/w-000-3324 Employee Privacy Laws: North Carolina ALICIA A. GILLESKIE AND KIMBERLY J. KORANDO, SMITH, ANDERSON, BLOUNT, DORSETT, MITCHELL & JERNIGAN,
More informationHealth Insurance Portability and Accountability Policy 1.8.4
Health Insurance Portability and Accountability Policy 1.8.4 Appendix C Uses and Disclosures of PHI Procedures This Appendix covers procedures related to Uses and Disclosures of PHI. Disclosures to Law
More informationUniversity Healthcare Physicians Compliance and Privacy Policy
Page 1 of 11 POLICY University Healthcare Physicians (UHP) will enter into business associate agreements in compliance with the provisions of the Health Insurance Portability and Accountability Act of
More informationWhat is FERPA? This act is enforced by the Family Policy Compliance Office, U.S. Department of Educational, Washington, D.C.
What is FERPA? The Family Educational Rights and Privacy Act of 1974 (FERPA), as amended (also referred to as the Buckley Amendment), is a Federal law designed to protect the confidentiality of a student
More informationNorth Carolina General Statutes Chapter 75 Monopolies, Trusts, and Consumer Protection Article 2A Identity Theft Protection Act
North Carolina General Statutes Chapter 75 Monopolies, Trusts, and Consumer Protection Article 2A Identity Theft Protection Act 75-60. Title. This Article shall be known and may be cited as the "Identity
More informationTitle 9-A: MAINE CONSUMER CREDIT CODE
Title 9-A: MAINE CONSUMER CREDIT CODE Article 10: LOAN BROKERS Table of Contents Part 1. GENERAL PROVISIONS... 3 Section 10-101. SHORT TITLE... 3 Section 10-102. DEFINITIONS... 3 Part 2. REGISTRATION AND
More information44-1695. Liability. 44-1698. Security freeze on credit reports and credit scores; fees; definitions
Arizona Revised Statutes Title 44 Trade and Commerce Chapter 11 Regulations Concerning Particular Businesses Article 6 Consumer Reporting Agencies and Fair Credit Reporting 44-1695. Liability A. A consumer
More informationH I P AA B U S I N E S S AS S O C I ATE AGREEMENT
H I P AA B U S I N E S S AS S O C I ATE AGREEMENT This HIPAA BUSINESS ASSOCIATE AGREEMENT (the BAA ) is entered into by and between Opticare of Utah, Inc. ( Covered Entity ), and,( Business Associate ).
More informationBUSINESS ASSOCIATE PRIVACY AND SECURITY ADDENDUM RECITALS
BUSINESS ASSOCIATE PRIVACY AND SECURITY ADDENDUM This Business Associate Addendum ( Addendum ), effective, 20 ( Effective Date ), is entered into by and between University of Southern California, ( University
More informationA Legal Guide To PRIVACY AND DATA SECURITY
A Legal Guide To PRIVACY AND DATA SECURITY A Collaborative Effort Minnesota Department of Employment and Economic Development Gray Plant Mooty A Legal Guide To PRIVACY AND DATA SECURITY is available without
More information4. Proper identification has the meaning ascribed to it in 15 U.S.C., Section 1681h(a)(1); and
ENROLLED SENATE BILL NO. 1748 By: Bass, Lawler, Garrison, Adelson, Ford, Lamb, Crain and Jolley of the Senate and Ingmire, Nance, Terrill, Worthen, Balkman, Denney and Wright of the House An Act relating
More informationLegislative & Regulatory Information
Americas - U.S. Legislative, Privacy & Projects Jurisdiction Effective Date Author Release Date File No. UFS Topic Citation: Reference: Federal 3/26/13 Michael F. Tietz Louis Enahoro HIPAA, Privacy, Privacy
More informationSecretary of the Senate. Chief Clerk of the Assembly. Private Secretary of the Governor
Senate Bill No. 467 Passed the Senate September 10, 2013 Secretary of the Senate Passed the Assembly September 9, 2013 Chief Clerk of the Assembly This bill was received by the Governor this day of, 2013,
More information18 USC 1030. NB: This unofficial compilation of the U.S. Code is current as of Jan. 4, 2012 (see http://www.law.cornell.edu/uscode/uscprint.html).
TITLE 18 - CRIMES AND CRIMINAL PROCEDURE PART I - CRIMES CHAPTER 47 - FRAUD AND FALSE STATEMENTS 1030. Fraud and related activity in connection with computers (a) Whoever (1) having knowingly accessed
More informationRed Flag Rules and Aging Services: What You Need to Know
Red Flag Rules and Aging Services: What You Need to Know Late in 2007, six federal agencies, including the Federal Trade Commission ( FTC ), jointly issued final rules and accompanying guidelines to implement
More informationACCEPTABLE USE POLICY OF BROADVOX, INC; BROADVOX, LLC; WWW.BROADVOX.COM; WWW.BROADVOX.NET (COLLECTIVELY BROADVOX )
ACCEPTABLE USE POLICY OF BROADVOX, INC; BROADVOX, LLC; WWW.BROADVOX.COM; WWW.BROADVOX.NET (COLLECTIVELY BROADVOX ) 1. ACCEPTANCE OF TERMS THROUGH USE This website (the Site ) provides you (the Customer
More informationLouisiana Revised Statutes
Louisiana Revised Statutes Title 9 Civil Code-Ancillaries Book 3 Of the Different Modes of Acquiring the Ownership of Things Code Title 12 Of Loan Chapter 2 Louisiana Consumer Credit Law Part 13 Disclosure
More informationPrivacy of Consumer Financial Information
Background and Overview Introduction Title V, Subtitle A of the Gramm-Leach-Bliley Act ( GLBA ) 1 governs the treatment of nonpublic personal information about consumers by financial institutions. Section
More informationProducts Liability: Putting a Product on the U.S. Market. Natalia R. Medley Crowell & Moring LLP 14 November 2012
Products Liability: Putting a Product on the U.S. Market Natalia R. Medley Crowell & Moring LLP 14 November 2012 Overview Regulation of Products» Federal agencies» State laws Product Liability Lawsuits»
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT ( Agreement ) is entered into by and between (the Covered Entity ), and Iowa State Association of Counties (the Business Associate ). RECITALS
More informationFORM OF HIPAA BUSINESS ASSOCIATE AGREEMENT
FORM OF HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) is made and entered into to be effective as of, 20 (the Effective Date ), by and between ( Covered Entity ) and
More informationTulane University. Tulane University Business Associates Agreement SCOPE OF POLICY STATEMENT OF POLICY IMPLEMENTATION OF POLICY
Tulane University DEPARTMENT: General Counsel s POLICY DESCRIPTION: Business Associates Office -- HIPAA Agreement PAGE: 1 of 1 APPROVED: April 1, 2003 REVISED: November 29, 2004, December 1, 2008, October
More informationGarden City Public Schools CHILD ABUSE IN AN EDUCATIONAL SETTING EXHIBIT - NOTICE/REPORTING REQUIREMENTS
Duties of Employees CHILD ABUSE IN AN EDUCATIONAL SETTING EXHIBIT - NOTICE/REPORTING REQUIREMENTS The law imposes reporting requirements on teachers, administrators, school nurses, school guidance counselors,
More informationStored Wire and Electronic Communication and Transactional Records Access. Table of Contents
United States Secret Service Directives System Stored Wire and Electronic Communication and Transactional Records Access Table of Contents Introduction 1 Definition 1 Disclosure of Communication or Records
More informationHIPAA and Privacy Policy Training
HIPAA and Privacy Policy Training July 2015 1 This training addresses the requirements for maintaining the privacy of confidential information received from HFS and DHS (the Agencies). During this training
More informationAcceptable Use Policy of UNWIRED Ltd.
Acceptable Use Policy of UNWIRED Ltd. Acceptance of Terms Through Use This site provides you the ability to learn about UNWIRED and its products and services as well as the ability to access our network
More informationNew York Consolidated Law Service General Business Law Article 25 - Fair Credit Reporting Act
New York Consolidated Law Service General Business Law Article 25 - Fair Credit Reporting Act 380-t. Security freeze. (a) A consumer may request that a security freeze be placed on his or her consumer
More information