Law.com Subscribers SAVE 30%
Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
'Information Security 101'
Recent headlines have reported a startling number of security breaches and information thefts. A major university notified 120,000 of its alumni after a computer containing fundraising information including addresses and Social Security numbers was hacked by an unknown intruder; a subsidiary of the Lexis Nexis group announced that the records of 32,000 individuals may have fallen into the hands of thieves using the passwords of legitimate subscribers; Bank of America reported the loss of backup tapes containing the financial records of up to 1.2 million federal employees; payroll outsourcer PayMaxx faced allegations that it had exposed 25,000 customer records, including W-2 information, online; and cell phone provider T-Mobile released information about a hacker who was able to exploit a security weakness in a commercial software package to access customer records, sensitive government documents, private e-mail and candid celebrity photos.
These stories have caught the attention of federal lawmakers, who are proposing legislation to address the security vulnerabilities in a world where personal data is increasingly available through digital media. But computer security is already a matter of law for many companies that provide health benefits for their employees. April 20, 2005 was the effective date for regulations regarding the security of electronic health information under the Health Insurance Portability and Accountability Act of 1996 (HIPAA Security Rule). (Note, “Small health plans,” or those with less than $5 million in receipts, have an additional year to comply [April 20, 2006]. For further information on how to calculate “receipts” in determining whether your plan is “small,” go to the Centers for Medicare and Medicaid Services [CMS] HIPAA Web site: www.cms.hhs.gov/hipaa/ hipaa2 /default.asp, select “Frequently Asked Questions” and then search for “small health plans.”) As was the case with the HIPAA Privacy requirements that went into effect in April 2003, all individual or group health plans that provide or pay for the cost of health care are covered. This means employer-sponsored medical plans, medical expense reimbursement accounts, and any separate dental and vision plans, whether provided through the purchase of insurance (fully insured plans) or paid directly out of company assets (self-insured plans).
The DOJ's Corporate Enforcement Policy: One Year Later
The DOJ's Criminal Division issued three declinations since the issuance of the revised CEP a year ago. Review of these cases gives insight into DOJ's implementation of the new policy in practice.
Use of Deferred Prosecution Agreements In White Collar Investigations
This article discusses the practical and policy reasons for the use of DPAs and NPAs in white-collar criminal investigations, and considers the NDAA's new reporting provision and its relationship with other efforts to enhance transparency in DOJ decision-making.
How AI Has Affected PR
When we consider how the use of AI affects legal PR and communications, we have to look at it as an industrywide global phenomenon. A recent online conference provided an overview of the latest AI trends in public relations, and specifically, the impact of AI on communications. Here are some of the key points and takeaways from several of the speakers, who provided current best practices, tips, concerns and case studies.
The DOJ's New Parameters for Evaluating Corporate Compliance Programs
The parameters set forth in the DOJ's memorandum have implications not only for the government's evaluation of compliance programs in the context of criminal charging decisions, but also for how defense counsel structure their conference-room advocacy seeking declinations or lesser sanctions in both criminal and civil investigations.