Privacy & Security
On November 3, 2021, Robinhood Markets Inc., a popular online stock trading app, reported that an intruder gained access to its systems, obtaining the personal information of millions of its users. With its sudden rise to popularity and contempt following the GameStop stock volatility, and an ongoing class action lawsuit concerning a previous breach, Robinhood is in hot water with both customers and regulatory agencies alike.
On October 20, the House of Representatives passed several bills directed at the Department of Homeland Security (“DHS”) and the Department of Commerce (“DOC”) that may impact network security compliance measures affecting U.S. businesses. These bills take aim at much of the software and network technology used by companies within the supply chain to ensure that security is not dismissed in the effort to cut costs and to maintain healthy competition between network communication equipment vendors.
William Hanning is a Chief Information Security Officer with Groups360 and close to twenty years of Information Security experience. Mr. Hanning has built and managed security programs in multiple industries in organizations of varying sizes, as well as within Fortune 100 companies. Here, he gives insight about the separation between data privacy and cybersecurity, the role of information security teams, and how cybersecurity relates to and supports the work of legal and compliance departments.
There is no doubt that the COVID-19 pandemic has affected almost every aspect of life for people around the globe. While the internet has allowed people to stay connected and continue working from home, it has also presented an opportunity for cybercriminals to take advantage of susceptible remote working setups. Cybercrime has significantly increased since the start of the pandemic, prompting corporations to mitigate the risk of a data breach against an onslaught of new vulnerabilities to their internal systems.
The recent Pandora Papers leak in October 2021 shined the light on the massive and intricate web of offshore accounting that allows for insurmountable amounts of wealth to be hidden throughout the world. One of the most shocking revelations of these Papers was how heavily the United States was implicated in creating and perpetuating this system. As such, legislators have been pressured to find a way to crackdown on this sort of offshore money. One way that they have proposed addressing the problem is by amending the United States’ current criminal financial legislation, the Bank Secrecy Act.
Recently, whistleblower Frances Haugen testified before a Senate subcommittee that Facebook has been deliberately putting its own profits before users’ safety. As Facebook’s former product manager for civic misinformation, Haugen calls for federal regulation of social media platforms and asserts that Facebook will not solve what she calls a “crisis” of deliberately ignoring users’ wellbeing for the sake of its own profits without Congress’s help. She points to tobacco, automobiles, and opioids, stating that when it became clear that those products were harming people, the government took action.
Cyberattacks on the healthcare industry have reached a fever pitch. In 2020 alone, there was a drastic increase in healthcare organization cybersecurity breaches. In 2021, the average cost of a healthcare data breach increased by over $2 million to $9.23 million. Healthcare providers continue to be the most targeted industry for cybersecurity breaches, with over ninety-three percent of healthcare organizations experiencing a data breach over the past three years. 306 breaches of unsecured protected health information (“PHI”) impacting 500 or more individuals were reported to the U.S. Department of Health and Human Services (“HHS”) in 2020. Yet healthcare organizations continue to be ill-equipped to handle this growing problem.
The COVID-19 pandemic has fundamentally changed many aspects of healthcare delivery. Most notably, the pandemic increased the demand for digital health services. Telemedicine saw ten years’ worth of expansion in one year, but it was not the only digital health service that exploded as a result of the pandemic. Telehealth has evolved from merely meeting with a provider via a video conference to include more sophisticated technologies. Remote Patient Monitoring (“RPM”) allows for providers to collect patient data without the patient having to go to a healthcare facility for monitoring. RPM can improve the quality of healthcare delivery by more closely monitoring a patient while also reducing patient volumes within a healthcare setting. In addition, because RPM allows patients to get more care at home, it can largely reduce costs to the patient and the payor while increasing access. Despite the many benefits associated with RPM, there are considerable risks and compliance issues.
The ability to purchase private data through commercial data brokers has become increasingly easy. Data brokers originally gained popularity as a way to assist marketing and advertisements, allowing companies to better communicate with their consumers. Lawmakers worry data brokers’ products have begun to cater towards law-enforcement, causing constitutional concerns.
On Friday, February 26, 2021, U.S. District Court Judge James Donato approved a 650 million-dollar settlement against tech giant Facebook for violating the Illinois Biometric Information Privacy Act. Chicago attorney Jay Edelson filed the class action lawsuit in 2015, alleging that Facebook had failed to obtain consent from users before using facial recognition technology to scan and digitally store uploaded photos.