Whether your organization has a CISO or someone looking after CISO-level responsibilities, we've provided a few news items that caught the attention of our own advisor, Andrey.
RedLegg's Critical Vulnerabilities Bulletin
We're posting our latest critical vulnerability bulletins to our site. Make sure to subscribe via the link below in order to receive an email when our latest bulletin is available.
"Europe Cookie Law Comparison Tool Launched."
"Global law firm Dentons has created a free tool to help users understand their obligations regarding the use of internet cookies across 28 European countries."
"Official 2020 HIPAA Compliance Checklist."
From the HIPAA Journal itself, get the lowdown on 2020 while refreshing your sense of the rules and safeguards.
"Voice Phishers Targeted Company VPNs."
Krebs On Security and Wired both cover the rise of "phone spear phishing" campaigns.
"Historical Chart of Privacy Laws in the United States."
Andrey says, "As a part of RedLegg Advisory privacy work looking into the history of privacy regulations in US and stumbled upon this publication. It is from 2003 and does not cover CCPA and NY Shield, but still provides some great historic perspective."
"Applying the CCPA to Health Care: The HIPAA Exemption, Exercise Apps, and Marketing Data."
"Despite its breadth, California's new privacy law, the California Consumer Privacy Act (CCPA), creates an exemption designed around the federal Health Insurance Portability and Accountability Act (HIPAA)."
An interesting crux.
"Privacy FAQs: Are work email addresses and business contact information governed by the CCPA?"
Andrey says, "Is business contact information covered by CCPA?
As CCPA personal information definition includes “professional and employment information”, according to David Zetoony at Bryan Cave Leighton Paisner LLP:
“The net result is that work email addresses that contain an employee’s name or business contact information, such as the employee’s name, job title, company, business address, work phone number, etc. are arguably covered within the definition of “personal information.” In contrast, generic business names, business addresses, generic email addresses or any other general business information, as long as the information has not been linked to an individual, are arguably not covered within the definition. So, for example, “John.Smith@acme.com” would most likely be considered “personal information” governed by the CCPA whereas “email@example.com” would not, even if the latter is used by the same employee to communicate with the public.”
Looking for other helpful resources?