Posts

Showing posts with the label Data Security

Considerations for Artificial Intelligence Policies in the Workplace

  Because the use of AI in the workplace can present serious risks to an organization, particularly involving security, intellectual property, confidentiality, and labor and employment legal risks, employers should consider adopting an AI policy to ensure that their use of AI is responsible, ethical, and legally compliant. AI policies can help employers comply with regulations, reduce liabilities, and manage AI risks. Regular audits, employee training, and policy updates help ensure that AI is used in a responsible and legally compliant manner, especially because of the rapidly evolving legal landscape. In recent years, many organizations have implemented new policies on artificial intelligence (AI) use to help prevent bias, plagiarism, or use of AI tools that produce inaccurate or misleading information. Meanwhile, many courts and state bars across the country have introduced AI usage policies to ensure that AI is properly used in the practice of law, including policies requirin...

Industry Groups Urge Rescission of Proposed HIPAA Security Rule Updates

In February, a coalition of healthcare organizations sent  a letter  to President Donald J. Trump and the U.S. Department of Health and Human Services (HHS) (the Letter), urging the immediate rescission of a  proposed update to the Security Rule under HIPAA . The update is aimed at strengthening safeguards for securing electronic protected health information. According to  The HIPAA Journal , the data breach trend in the healthcare industry over the past 14 years is up, not down. This is the case despite the  HIPAA Security Rule  having been in effect since 2005. The HIPAA Journal goes on to provide some sobering statistics: Between October 21, 2009, when OCR first started publishing summaries of data breach reports on its “Wall of Shame”, and and December 31, 2023, 5,887 large healthcare data breaches have been reported. On January 22, 2023, the breach portal listed 857 data breaches as still; under investigation. This time last year there were 882 breach...

2024 Wrap-Up of the Workplace Privacy, Data Management & Security Report

  As the year comes to a close here are some of the highlights from the Workplace Privacy, Data Management & Security Report with our most popular topics and posts from 2024. Expanding State Privacy Laws This year saw a further expansion of state comprehensive consumer data privacy laws. T hese legislative measures aim to enhance the protection of consumer data, ensuring greater transparency and accountability for businesses that collect and process personal information. Several states introduced robust frameworks designed to safeguard consumer privacy. Whether you are an attorney, an executive, or a leader in human resources, marketing, operations, risk management, and of course IT, it is vital to stay informed about these evolving legal standards and their implications for both businesses and consumers. Read more on these developments: Bluegrass State Becomes Third State to Pass a Comprehensive Consumer Privacy Data Law in 2024 Maryland Passes Comprehensive Data Privacy La...

DOL Expands Fiduciary Obligations for Cybersecurity to Health and Welfare Plans

A little more than three years ago, the U.S. Department of Labor (DOL) posted cybersecurity guidance on its website for ERISA plan fiduciaries. That guidance extended only to ERISA-covered retirement plans, despite health and welfare plans facing similar risks to participant data. Last Friday, the DOL’s Employee Benefits Security Administration (EBSA) issued Compliance Assistance Release No. 2024-01 . The EBSA’s purpose for the guidance was simple – confirm that the agency’s 2021 guidance generally applies to all ERISA-covered employee benefit plans, including health and welfare plans. In doing so, EBSA reiterated its view of the expanding role for ERISA plan fiduciaries relating to protecting plan data: “Responsible plan fiduciaries have an obligation to ensure proper mitigation of cybersecurity risks.“ In 2021, we outlined the DOL’s requirements for plan fiduciaries here, and in a subsequent post discussed DOL audit activity that followed shortly after the DOL issued its newly minted...