An omnibus package of regulations that includes a final version of extensive HIPAA modifications, which have been pending since 2010, as well as a final version of the HIPAA breach notification rule has moved one major step closer to completion.
Francoise Gilbert of the IT Law Group won't give Zappos an "A" for how the online retailer reacted to its recent data breach. So, what can organizations learn from the incident, so they're better prepared?
Verisign, operator of two of the 13 root name servers that route traffic on the Internet, has revealed that outsiders attacked its computer network several times in 2010, but top management did not learn of the incidents until September 2011.
Organizations that have experienced a breach report that three lessons they learned were to limit the amount of personal information collected, limit sharing data with third parties and limit the amount of data stored, a new survey shows.
Notifying patients about a healthcare information breach requires a "difficult balancing act" by entities to ensure that risks are not exaggerated, says attorney Robert Belfort, an expert in HIPAA compliance, fraud and abuse.
As legal issues surrounding data breaches become increasingly complex, more organizations are turning to attorneys for post-breach response, says Lisa Sotto, a managing partner for New York-based law firm Hunton & Williams.