Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
High profile cyberattacks and data breaches have become routine occurrences. Cyber threats are so pervasive that many privacy and security experts advise that responsible parties ' like fiduciaries of employee benefit plans ' should prepare for when a data breach occurs, not if . Data collected by employee benefit plans includes sensitive information that makes them a particularly attractive target for cybercrime. While the Health Insurance Portability and Accountability Act (HIPAA), as amended by the Health Information Technology for Economic and Clinical Health Act (HITECH), sets forth requirements applicable to the security and privacy of protected health information collected by health plans, no such guidance currently exists with respect to the security and privacy of personal identifiable information (PII) collected by employee benefit plans other than health plans. However, plan sponsors and fiduciaries should be aware of, and address, security and privacy issues in connection with PII.
Personal Identifiable Information
The Office of Management and Budget (OMB) defines PII as “information which can be used to distinguish or trace an individual's identity, such as their name, social security number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother's maiden name, etc.” OMB Memorandum M-07-16. The U.S. Department of Labor (DOL) has, at least informally, stated that information permitting the physical or online contacting of a specific individual is the same as personally identifiable information, and that this information can be maintained in either paper, electronic or other media.
ENJOY UNLIMITED ACCESS TO THE SINGLE SOURCE OF OBJECTIVE LEGAL ANALYSIS, PRACTICAL INSIGHTS, AND NEWS IN ENTERTAINMENT LAW.
Already a have an account? Sign In Now Log In Now
For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473
Chief information officers still bear the brunt of cybersecurity worries at many companies. But a study by the Association of Corporate Counsel Foundation finds that chief legal officers are increasingly taking a leadership role in cybersecurity strategy.
General counsel are eager to tap the promise of generative AI. But without clear technology road maps, many legal departments are struggling to turn that interest into action.
Part Two of this two-part article examines practical steps marketers must take to succeed in this changing landscape by embracing a multichannel, AI-driven approach to their marketing and PR efforts.
When the SEC issues the next annual enforcement report for fiscal year 2025, we expect securities offering actions and investment adviser actions will almost certainly be up, and the “crypto” and “cyber” cases will almost certainly be down. Public statements by the new SEC administration have said as much, but even more telling than public statements are the allocation of limited enforcement resources.
The VPPA may be nearly four-decades old and video-rental stores largely a thing of the past, but the rise of online content, streaming services and ancillary activities has brought with it frequent litigation based on the VPPA. The key challenge in these litigations is how to interpret the VPPA’s 1980s terms in light of today’s digital advances.