| 3.17.2010 |
Healthcare Info Security |
A Warning About More HIPAA Audits
Hospitals “must build a continual state of readiness” to be audited by the federal government over their HIPAA compliance, a hospital IT director says. He notes that the Health & Human Service Department’s Office for Civil Rights is gearing up to conduct HIPAA compliance audits throughout the country on a regular basis, as called for under the HITECH Act passed last year.
|
|
| 3.17.2010 |
HHS Website |
Initial HHS List of Hospital Data Breaches is Long
As the Health & Human Services Department begins auditing hospitals and other healthcare providers for HIPAA compliance, as directed by the HITECH Act, the department posts its first list of data breaches that affect more than 500 people. The initial list contains nearly 50 breach cases.
|
|
| 3.17.2010 |
Search Security Channel |
SOX Compliance: Time for a Refresh
A Sarbanes-Oxley compliance consultant writes that with the law now having been on the books for seven years, it may be time for many companies to revisit their compliance procedures. In order to be compliant, he argues, they will have to have consistently strong internal controls in place, rather than simply prepare for being able to pass a one-time audit.
|
|
| 3.17.2010 |
Boston Globe |
New Rash of Data Breaches in Massachusetts
Massachusetts is experiencing a new wave of lost and stolen laptop computers and other breaches of valuable private data, just two weeks after a new law took effect in the state that required private information to be protected by encryption. The new Massachusetts law is believed to be the most aggressive data protection law in the nation.
|
|
| 3.17.2010 |
Computer Weekly |
U.K. Electronic Medical Records Rollout Hits Some Snags
As the United Kingdom rolls out a centralized electronic medical records initiative, or what it calls Summary Care Records, concerns about IT security and personal privacy are being raised. The British Medical Association has asked that the rollout be halted until issues of patient approval can be ironed out.
|
|
| 2.25.2010 |
Health Data Management |
Senator Pushes for FDA Regulation of Healthcare IT
A powerful U.S. Senator who has aggressively pushed for healthcare reforms in the past appears to be laying the groundwork for arguing that the Food & Drug Administration should be given the responsibility of regulating healthcare IT. Republican Senator Charles Grassley of Iowa, the ranking minority member on the Senate Finance Committee, tipped his hand in a recent letter he sent to the head of the Health & Human Services department.
|
|
| 2.23.2010 |
Computer Weekly |
Teeth Soon to Be Added to UK’s Data Breach Law
There’s still much ignorance about individuals’ responsibilities under the U.K.’s data breach law, but powerful new penalties due to take effect soon will help change that, a British government official told the Human Factors in Information Security Conference in London. In April of this year, the Information Commissioner’s Office will be empowered to levy fines of up to 500,000 British pounds and conduct spot audits of data security.
|
|
| 2.22.2010 |
Information Week |
HITECH Stimulus Dollars Come with a Catch
The billions of federal stimulus dollars offered as a carrot to healthcare providers who implement meaningful electronic medical records come with a price, a magazine staff writer reminds readers. That price is a high level of data privacy regulation written into the HITECH stimulus bill, which the U.S. Department of Health and Human Services is beginning to codify.
|
|
| 2.22.2010 |
Boston Herald |
Grumbling Heard as Massachusetts Data Protection Law Takes Effect
The paper passes along news of some grassroots grumbling about a new Massachusetts law, which took effect this week, that’s designed to reduce the incidence of data breaches by demanding the same kinds of data privacy protections that have long been the norm in the financial services and healthcare industries. One Boston attorney is quoted as complaining that the new law amounts to the state micromanaging small businesses.
|
|
| 2.16.2010 |
Computer Weekly |
Tough British Law Against Data Breaches About to Take Effect
A tough new British law about to go into effect against data breaches, which includes large financial penalties for those who failed to take adequate steps to prevent them, are causing corporate boards to sit up and take notice. The law is due to take effect in April, and carries civil penalties of a much as a half-million pounds.
|
|
| 2.16.2010 |
|
Redemtech Offers Free Regulatory Database
Online library helps companies navigate the ever-changing legislative landscape – and guard against liabilities for data privacy, electronics disposal and financial transparency.
|
|
| 2.11.2010 |
Info News New Zealand |
New Zealand Cracks Down on E-Waste Export
In a crackdown on the illegal export of e-waste, New Zealand’s Ministry of Economic Development cracked down on companies and individuals who exported e-waste without a permit, including some material that had been gathered at an e-Day event. In doing so, the government reminded the public that e-waste exports are subject to the international Basel Convention, to which New Zealand is a signatory.
|
|
| 2.10.2010 |
Hawaii Tribune Herald |
Hawaii Choking on E-Waste
Hawaiian e-waste recycling centers are being overwhelmed with illegally dumped computer, printers and other materials, as long-promised state e-waste treatment funding for counties has failed to materialize. Like most states, Hawaii is trying to find the right mix of carrots and sticks to the limit the amount of e-waste being dumped into landfills in the state.
|
|
| 2.9.2010 |
NRDC News Center |
NRDC Endorses E-Stewards Certification
The Natural Resources Defense Council has endorsed the first-ever certification program for electronics recycling, created jointly by the environmental and business communities. The new e-Stewards Certification and Standard seeks to stem the tide of hazardous old computers, TVs, monitors and other electronic waste currently flooding the developing world. The group is asking businesses to give priority to certified e-Steward recyclers.
|
|
| 2.2.2010 |
BBC |
Study Suggests EU Should Have Dedicated Waste Agency
The European Union needs a dedicated agency to oversee and enforce EU waste legislation, a new study by the European Commission recommends. The 27 nations in the EU collectively produce 2.6 billion tons of e-waste annually, and regulations affecting waste are now scattered throughout the EU’s other portfolios.
|
|
| 2.2.2010 |
Bank Info Security |
Complaints About Breaches Despite Industry Certification
Those in the payment card industry have begun to find out what those in other industry sectors have long known: that real electronic security is not simply a piece of paper certifying compliance, but an ongoing and imperfect process. "When a company is PCI compliant, it is within a snapshot of time. Companies need to ensure that their goal is to be secure and not just gain a compliance certification," the head of the payment card industry security group told the magazine.
|
|
| 1.28.2010 |
Democrat Herald |
First Year of Oregon’s E-Waste Law Went Better Than Expected
In the first year of a statewide free e-waste recycling program, Oregon residents surpassed expectations by bringing in 18.9 million pounds of material. The Oregon Department of Environmental Quality had estimated the first-year’s total would be just 12 million pounds. With a new $500 fine for tossing e-waste into the garbage rather than the recycling bin having gone into effect in Oregon last month, the agency expects Oregonians will cart about 21 million pounds of e-waste into the more than 200 official recycling centers this year.
|
|
| 1.28.2010 |
Environmental Leader |
EPA May Reconsider Toxic Waste Loophole
The U.S. EPA has asked for public input on a proposal to close a Bush-era loophole in federal environmental regulations that have allowed some waste dump operators to seek exemptions from rules that would otherwise bar them from permitting e-waste PCB’s to be dumped into landfills. Last year, the agency said it was considering withdrawing a rule the Bush Administration had imposed, which removed regulatory costs by reclassifying certain manufacturing byproducts as non-wastes.
|
|
| 1.28.2010 |
Seattle Public Radio Station KPLU |
Washington E-Waste Recycling Law Gets Off to Quick Start
One year into a new state program that provides for mandatory recycling of electronic waste, Washington state officials were happy that it had led to more than 38 million pounds of material being collected, or about 50 percent more than they had anticipated. Washington’s e-waste law is among the nation’s stiffest, making manufacturers responsible for collecting and properly recycling old material. Last year, that activity cost manufacturers about $10 million.
|
|
| 1.27.2010 |
Corporate Social Responsibility Asia |
Hong Kong Considering E-Waste Regulation
Hong Kong’s government is considering imposing regulations that would obligate producers, consumers and retailers of electronic equipment to contribute to disposing of the material in an environmentally responsible manner. The Hong Kong Environment Bureau estimates the country produces approximately 70,000 tons of e-waste each year, with volume increasing at the rate of 2 percent annually in recent years.
|
|
| 1.24.2010 |
The Philippine News Agency |
Enviro Group Asks for Philippine E-Waste Law
A group calling itself the EcoWaste Coalition has called upon Philippine government regulators to act with urgency in order to avert what it maintains would be a full-blown, chemically-induced health crisis arising from the improper disposal and recycling of toxic electronic waste. The group also asked regulators to consider banning the importation of electronic devices near the end of their life, since the material often quickly ends up in landfills throughout the country.
|
|
| 1.19.2010 |
CleanTech |
Oral Arguments Delayed for NYC E-waste Recycling Lawsuit
Oral arguments for a lawsuit filed by the Consumer Electronics Association and the Information Technology Industry Council challenging New York City’s electronics recycling law were postponed until Feb. 10. Barbara Kyle, national coordinator of the Electronics TakeBack Coalition, said the lawsuit is intended to bring up questions about the constitutionality of local and state e-waste laws. Such a shift may require the U.S. government to tackle the issue, which could become a lengthy process, experts say.
|
|
| 1.18.2010 |
Worcester Business Journal |
E-Waste Legislation Puts Recycling Costs on Manufacturers
Massachusetts legislators may be close to passing legislation similar to 19 other states requiring electronics manufacturers to be financially responsible for the disposal and recycling of e-waste. State Sen. James Eldridge sponsored a bill that was merged with House Bill 4374, which has been approved by the legislature’s Joint Committee on Environment, Natural Resources and Agriculture and could be considered by both government branches this year. “There has to be a big-picture solution that includes companies that make these products taking some responsibility for their end-of-life case,” Eldridge said.
|
|
| 1.14.2010 |
Health Data Management |
Health Net Sued for HIPAA Violations
Connecticut Attorney General Richard Blumenthal has filed a lawsuit charging Health Net of Connecticut, Inc. with violations of the Health Insurance Portability and Accountability Act (HIPAA) privacy and security rules following a large data breach of identifiable medical records and Social Security numbers. Parent company Health Net last November reported to insurance officials in four states the disappearance in May of a hard drive with unencrypted health information on 1.5 million members, including 446,000 in Connecticut.
|
|
| 1.1.2010 |
Processor |
Focus on Your SME’s Overarching Security Policy
Any enterprise that deals with the Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley Act, Health Insurance Portability and Accountability Act (HIPAA), or Payment Card Industry - Data Security Standard (PCI-DSS) gets uptight when it comes time to prove compliance, security experts say, noting that some audits—such as PCI’s 12-point list—are quite specific in their requirements, while others, such as HIPAA, simply mandate compliance. “If you are secure, compliance comes as a byproduct. It’s not too difficult to become compliant. But security is a different question,” says Bob Russo, general manager of the PCI Security Standards Council.
|
|
| 1.1.2010 |
Health Data Management |
Critics Charge HHS Rules Leave Too Much Discretion on Breach Notification
Six members of Congress and a prominent consumer watchdog group have formally complained to the head of the U.S. Health and Human Services Department that the agency’s proposed rules implementing recent legislation on notification of data breaches leaves too much discretion to the institution that has suffered the breach. Contrary to Congressional intent, they argued, the rules would allow a healthcare provider to decide for themselves whether a breach constitutes substantial harm that triggers the need for notification.
|
|
| 12.28.2009 |
Bank Info Security |
Top Regulatory Priorities for 2010
With regulatory reform and consumer protection high on the agenda, financial institutions may face new regulatory compliance pressures on several fronts during 2010, industry observers said. The U.S. House of Representatives passed a federal data breach notification bill in December that the U.S. Senate will likely consider this year, and several measures would preempt existing state regulations regarding notification when data is lost or stolen. Federal banking regulators are lagging in examining for Identity Theft Red Flags Rule compliance because the U.S. Federal Trade Commission's fourth delay of enforcement for state-chartered credit unions and creditors de-motivated bank regulators to prioritize, so other risk issues dominate.
|
|
| 12.15.2009 |
U.S. EPA website |
Companies that Illegally Exported E-waste to Hong Kong to Pay $21,650 Penalty
Ziliang Zhu, doing business as W and E International Trading, and SM Metals, currently doing business as Better PC Recycle, were both charged by the U.S. Environmental Protection Agency (EPA) with illegally exporting computer monitor waste to Hong Kong and will pay a penalty of $21,650, according to the EPA. The agency said the Washington companies attempted to ship more than 500 discarded computer monitors in April. Generators and exporters of e-waste “must take responsibility for proper management and disposal,” said Edward Kowalski, EPA Director of Compliance and Enforcement in Seattle, noting that the agency “will use enforcement when necessary to ensure electronic waste doesn’t end up at the doorstep of countries that don’t want it.”
|
|
| 12.11.2009 |
Digital Trends |
U.S. Senate Committee Approves New Electronics Recycling Bill
Legislation designed to reduce the use of hazardous materials in electronics and promote research programs to improve electronic equipment recycling was passed by the U.S. Senate Environment and Public Works Committee. The Electronic Device Recycling Research and Development Act, if approved by the full Senate, would also provide research grants to address e-waste. "Technology continues to advance, but our ways of disposing of electronic equipment haven't kept up," said U.S. Sen. Amy Klobuchar, co-sponsor of the bill.
|
|
| 12.9.2009 |
eWeek |
U.S. House Passes Data Accountability Bill
The U.S. House of Representatives approved the Data Accountability and Trust Act, legislation requiring data brokers to establish procedures to verify the accuracy of information that identifies individuals in their databases and requires them to provide nationwide notice in the event of certain security breaches. The bill also authorizes the U.S. Federal Trade Commission (FTC) to establish a standard method for destroying obsolete non-electronic data and requires data brokers to submit security policies to the FTC. If a breach occurs, the legislation mandates the FTC to conduct a security audit of the data broker.
|
|
| 12.7.2009 |
Bloomberg |
Sarbanes-Oxley Audit Board Questioned by U.S. Supreme Court Justices
The U.S. Supreme Court this week questioned the constitutionality of the Public Company Accounting Oversight Board (PCAOB) established by the 2002 Sarbanes-Oxley Act (SarbOx). Hearing arguments on Monday, several justices suggested that the PCAOB lacks the presidential oversight required under the U.S. Constitution for executive branch agencies. A ruling striking down the board would leave it to the U.S. Congress to re-establish a panel with tighter oversight, setting up a legislative fight that might impact other aspects of SarbOx.
|
|
| 12.1.2009 |
Business Wire |
Survey Reveals Ongoing Challenges for Organizations Seeking PCI DSS Compliance
Companies still face significant hurdles when it comes to protecting customer data with the Payment Card Industry Data Security Standard (PCI DSS), according to a new Computerworld survey. Although more than half of the companies surveyed said they have initiatives aimed at achieving compliance, two-thirds say they have yet to pass a PCI DSS audit and almost three-quarters are not entirely satisfied with how they store customer data. Additionally, 41% of IT and business leaders who answered the survey say their organizations suffered some type of data breach during the past year.
|
|
| 11.26.2009 |
European Voice |
What a Waste
The European Union directives on the recycling of Waste Electrical and Electronic Equipment (WEEE) and Restricting the Hazardous Substances (RoHS) from which electronics are made, are rarely found in grand speeches or declarations, but these directives are among those unsung laws that have a major impact on businesses and consumers in Europe. The European directive on recycling e-waste was a landmark for EU environmental law, but remains little loved in member states. In 2008, the European Commission found that only a third of e-waste was being treated in line with the law, with the rest going to landfills or outside the EU.
|
|
| 11.23.2009 |
American Medical News |
Physicians Get 4th Reprieve from FTC Identity Theft Rule
The delay in enforcement of the U.S. Federal Trade Commission's (FTC) "red flags" rule could give physicians additional time needed to secure legislative relief from what they say is an overreaching regulation. The red flags rule requires entities that regularly extend credit or defer payment for services to implement a formal policy for detecting and preventing identity theft. Despite repeated objections from the American Medical Association and other physician organizations, the FTC counts physician practices as creditors if they bill patients for past services or allow patients to set up payment plans.
|
|
| 11.20.2009 |
Las Vegas Sun |
FBI, Hospital in Talks over Leak of Patient Records
The Federal Bureau of Investigation (FBI) said it has begun evaluating the unauthorized release of confidential patient medical records after officials at University Medical Center in Las Vegas, Nev., met in an attempt to determine how the materials have been compromised. An FBI official said the matter appears to violate the Health Insurance Portability and Accountability Act (HIPPA). "The allegations seem to be very serious," said FBI Special Agent Joseph Dickey. "There could be multiple federal laws that are violated."
|
|
| 11.18.2009 |
TechRepublic |
Going Green with IT in a Legislative Environment
Federal and state legislation has stepped in to control the management of data security, including the Sarbanes-Oxley Act (SarbOx), in which companies must establish and maintain adequate internal control structures; the Gramm-Leach Bliley Act (GLBA), with which businesses are required to ensure that the security and confidentiality of customer records and information that could result in substantial harm to its customer base is protected; the Health Insurance Portability & Accountability Act (HIPAA), for which organizations must ensure confidentiality of health records; and the Fair & Accurate Credit Transactions Act (FACTA), under which businesses must institute disposal practices and provide steps that prevent the unauthorized access or use of discarded information.
|
|
| 11.5.2009 |
Environmental Leader |
Electronics Industry Lawsuit Called ‘Attack on States’ Rights’
Government representatives from 18 states have signed a letter organized by the Electronics Takeback Coalition accusing the electronics industry of trying to usurp state rights with a recent lawsuit against New York City’s e-waste recycling law. The letter was sent to the Consumer Electronic Association (CEA) and the Information Technology Industry Council (ITIC), which filed the lawsuit calling New York’s e-waste recycling law unconstitutional. The law mandates that manufacturers provide free electronics collection to city residents in an effort to fight the global e-waste crisis.
|
|
| 11.5.2009 |
PC World |
U.S. Senate Panel Approves Data-breach Notification Bills
The U.S. Senate Judiciary Committee has approved both the Personal Data Privacy and Security Act and the Data Breach Notification Act, two bills that would require organizations with data breaches to report them to potential victims. The Data Breach Notification Act would require U.S. agencies and businesses that engage in interstate commerce to report data breaches to victims whose personal information "has been, or is reasonably believed to have been, accessed, or acquired." The Personal Data Privacy and Security Act would also require organizations that maintain personal data to give notice to potential victims and law-enforcement authorities when they have a data breach. The law would increase criminal penalties for electronic-data theft and allow people to have access to, and correct, personal data held by commercial data brokers.
|
