New Alerts and Breach Report for Week of August 29, 2022
New KLAS Report Shows Healthcare Organizations Tightening Security
A new report from KLAS Research shows that more healthcare organizations are working with cybersecurity and data privacy vendors to tighten cybersecurity. The report, based on survey responses from healthcare professionals, asked how satisfied healthcare organizations were with their vendors. The results can be found here.
How Cure Periods Work Under New State Laws
Several new state privacy laws allow covered entities a cure period for alleged violations. In Virginia for example, the VCDPA allows companies 30 days to fix violations, and requires those companies to submit a written statement that the violations have been cured. Utah’s UCPA provides the same stipulations, and Connecticut and Colorado’s laws grant a 60 day period. California’s CPRA does not grant a cure period, though the California Privacy Protection Agency has the power to grant a cure period.
Federal Court Rules on Remote Proctoring Practices
A federal court ruled in a case brought against Cleveland State University that schools cannot scan students’ rooms during remote testing. According to this article, the case Ogletree v. Cleveland State University, “arose when a student attending the university during the pandemic was asked to sweep his camera around his room in which tax documents and medications were also stored, although the resulting video didn’t capture anything sensitive.” The court ruled that this practice violates the Fourth Amendment, which guards against unreasonable searches and seizures. And that, “students’ privacy interests outweighed the school’s interest in discouraging cheaters. The court left the door open, though, for less intrusive remote proctoring methods, such as lockdown software and AI that detects suspicious movements.”
Pennsylvania Proposes New Privacy Bill
Democratic Pennsylvania state Sens. Lisa Boscola of Northampton County and Maria Collett of Montgomery County have announced their intent to file a new state data privacy bill. The bill will closely resemble another bill in progress, and take these steps to curb data gathering and selling by companies: “Let consumers find out what personal information is being collected from them; learn whether it is being sold and to whom; decline or opt out of those sales; and access the information itself; Prevent businesses from discriminating against people who stopped the sale of their own information; Apply the new rules only to businesses that have annual revenue of more than $10 million or make half or more of their revenue from selling consumers’ information, and; Impose a “blanket ban” on the sale of all private data of people under age 16.”
Breach Report:
* * * * * * *
To read our guide on the industry’s leading data assessment standard: Service Organization Control (SOC 2), click here.
To browse through our previously published articles and news alerts, please visit our website, and don’t forget to subscribe to receive free weekly Data and Cyber Governance news and Breach Reports directly to your email.
Andrew Grosso, former Assistant US Attorney and whistleblower expert, joins Jody Westby on our Privacy and Cybersecurity podcast this week to discuss the Twitter, Facebook and other tech company whistleblowers, the impact whistleblower cases can have on companies and their privacy and security programs, the impact on governance of tech companies, and protections afforded these whistleblowers. New episodes are generally released on Thursdays, here. They can be enjoyed on Spotify and Apple Podcasts. Don’t forget to subscribe!