Standard Post with Image

“Cyber Insurance Becomes a Must for More Manufacturers”, the WSJ titles

The Wall Street Journal so entitled an interesting article published today.  The article, authored by Richard Teitelbaum, originates by the warning letter that the Food and Drug Administration issued against the Abbott Laboratories for failing to investigate and mitigate the risks of cyber-hacking of its heart devices.  The article reports that “manufacturers paid .9 million in premiums for cyber-specific policies in 2016, according to Advisen Ltd., an insurance consulting firm, based on its sample of over 9,000 mostly U.S. companies. That is up 89% from the year before. Manufacturers accounted for 12.6% premiums tracked in 2016 compared with 9% the year before.” […] “For years cyber insurance was overwhelmingly purchased by consumer-facing business—retailers, financial-service providers and hospitals.  Mostly this was to protect against customer data theft.  The” [Abbott Laboratories case] “helps explain why manufacturers are now rushing to make sure they are covered”.

Read the full article at the Wall Street Journal website (subscription might be required)
Standard Post with Image

German DPA takes GDPR implementing steps

The North Rhine-Westphalia State Commissioner for Data Protection and Freedom of Information (Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen) has published the draft Standard Data Protection Model adopted in November 2016 at the Conference of the German Federal and State Data Protection Commissioners.  The model represents a step in the implementation of the requirements of the EU GDPR.

The guidelines can be found, in English and German, at this page
Standard Post with Image

European Open Data Champions Programme

The European Data Portal reports that “the Open Data Champions Programme calls for applicants working with Open Data in the public sector in Europe to take part in an exciting three-day programme of training and peer support in London.  The programme equips participants with tools and knowledge to be effective leaders in Open Data”.

Read more
Standard Post with Image

Swiss-US Privacy Shield FAQs

The US International Trade Administration has published the Swiss-US Privacy Shield FAQs.  The FAQs sheet provides guidance on when an organization can self-certify to the Swiss-U.S. Privacy Shield starting from today.  The sheet also provides guidance on the following questions:  How can an organization that is already participating in the EU-U.S. Privacy Shield self-certify to the Swiss-U.S. Privacy Shield?  How can an organization that is not already participating in the EU-U.S. Privacy Shield self-certify to the Swiss-U.S. Privacy Shield or both frameworks?  Does an organization that participated in the U.S.-Swiss Safe Harbor need to update its privacy policy before self-certifying to Privacy Shield?  Does the Department of Commerce have sample language that can be used in an organization’s privacy policy to refer to its participation in the Privacy Shield?  What are the differences between the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks?

Click here to visit the FAQs in the US International Trade Administration website
Standard Post with Image

Why a risk analysis and risk management is fundamental

The Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services HHS has entered into a resolution agreement with Metro Community Provider Network (MCPN) based on its lack of a risk analysis and risk management plan that addressed risks and vulnerabilities to protected health information.  The MCPN submitted a breach report to the OCR in January 2012, reporting a breach due to a phishing incident that affected 3,200 patients.  The following investigation revealed that, while MCPN had taken corrective measures following the breach, it actually failed to conduct a preventive risk analysis or implement a risk management plan.  The resolution agreement costs $ 400,000 to MCPN and the adoption of a Corrective Action Plan.

The agreement is available here