- The California Court of Appeals ruled in Thurston v. Midvale Corp. regarding website-related Americans with Disabilities Act (ADA) suits, specifically requiring a restaurant to bring its website into compliance with the Web Content Accessibility Guidelines (WCAG) 2.0.
- The court adopted the now-majority viewpoint that websites are covered by the ADA when there is a nexus financial planning for small business owners between the website and access to a physical place of public accommodation, have a look at some of the best ecommerce tools if
Category: Regulation
NSA Launches Cybersecurity Directorate to Combat Cyber Attacks on Government and Private Sector Systems
The National Security Agency (NSA) has established a Cybersecurity
Directorate that “unifies NSA’s foreign intelligence and cyber defense
missions” to more closely align its offensive and defensive operations. The directorate,
operating as of October 1, 2019 will help contribute to the NSA’s defensive
mission to protect digital systems. It will focus initially
on the defense industrial base and weapon security improvement.
The increased focus on cybersecurity comes in the wake of a
56-page report
by the National Security Telecommunications Advisory Committee warning that the
United…
Continue Reading
Resolution Agreement Requires Medical Imaging Company to Pay $3 Million to Settle Data Breach
The Office for Civil Rights (OCR) at the U.S. Department of
Health and Human Services revealed on May 6, 2019 that Tennessee-based
Touchstone Medical Imaging (TMI) entered into a Resolution
Agreement (RA) requiring them to pay a $3 million fine to settle a
data breach that exposed over 300,000 patients’ protected health information (PHI).
In addition to the significant monetary fine, TMI must adopt a corrective
action plan that will address shortfalls in the company’s compliance with HIPAA
Security and Breach Notification Rules, which is…
Continue Reading
Health Industry Cybersecurity Practices
Earlier
this year the Department
of Health and Human Services issued a report that in part detailed
practices hospitals can use to avoid cyberattacks against the health care
industry. The genesis of the report was the Cybersecurity Act of 2015 (CSA) and
more specifically, section 405(d). That section calls for “aligning health care
industry security approaches.” The forward to the report provides that
“industry and government came together under the auspices of the 405(d) task group…focused
on building a set of voluntary, consensus-based principles to…
Continue Reading
Employees’ Claim Under the Illinois Biometric Information Protection Act Escapes Arbitration Provision in Employment Agreement
A recent decision by an Illinois appellate court analyzed whether employees’ privacy violation claims fall within their employment agreements’ arbitration provision. At issue was an employer’s use of biometric information collected from its employees and the consequences of doing so in a manner that was allegedly inconsistent with applicable law, and whether those claims are subject to arbitration, rather than litigation in a court of law.
If you are in need of hiring someone and you do not have the time to go over the…
Continue Reading
Vermont’s “Data Brokers” Law is a Glimpse into the Future for Many Industries
Cybersecurity has been a field
where the concept of state governments acting as legislative laboratories has
been observed in real time, with multiple states passing different pieces of legislation
every year. One of the more unique laws passed in 2018, and effective as of
January 1, 2019, is Vermont’s descriptively titled “act relating to data
brokers and consumer protection.” Although unknown to most consumers,
there is a booming industry of “data brokers” who act as middlemen
between companies who collect data and those looking to…
Continue Reading
Absence of DOJ Regulations Does Not Bar Liability for Failure to Comply with the ADA
In the face of an ever-growing number of lawsuits based upon
allegedly non-ADA compliant website designs, defendants have enjoyed little
success obtaining dismissal at the pleadings stage of proceedings. One
lingering glimmer of hope had been the viability of a due process argument
premised upon the “primary jurisdiction” defense, which formed the basis of
Judge Otero’s decision dismissing the plaintiff’s complaint in Robles v. Domino’s Pizza, LLC. In short,
the defendant argued that the plaintiff’s action must be either stayed or
dismissed because the…
Continue Reading
National Counterintelligence and Security Center Launches Effort to Protect Industry Against State Actors
On January 7, 2019, the National Counterintelligence and Security Center (NCSC), which coordinates counter-intelligence efforts within the U.S. government, announced that it would begin disseminating its “Know the Risk, Raise Your Shield” materials in an effort to assist the private sector in guarding against threats from foreign intelligence entities and other adversaries.
This campaign appears to have been prompted by
the Trump administration’s efforts to drive U.S. companies to better protect
their trade secrets from foreign hackers.
This comes on the heels of recent cyber-attacks…
Continue Reading
Department of Health and Human Services Releases Cybersecurity Guide for Healthcare Providers
Over a year of collaboration between the Department of Health and Human Services (HHS) and industry partners has culminated in the publication of a cybersecurity guide for medical providers of all sizes. HHS describes it as “a set of voluntary, consensus-based principles and practices to improve cybersecurity in the health sector,” that looks to “raise the cybersecurity floor” across the country. Although the guide emphasizes its wide applicability, much of the discussion appears directed at small and mid-sized providers. For example, HHS highlights a recent…
Continue Reading
TSA Releases Cybersecurity Roadmap to Guard Against Evolving Cyber Threats
The Transportation Security Agency (TSA) has released its first Cybersecurity Roadmap to prioritize cybersecurity measures within the TSA and the nation’s transportation system, the Transportation Systems Sector (TSS). The TSA’ Cybersecurity Roadmap closely aligns with the more general DHS Cybersecurity Strategy published earlier this year.
The roadmap notes that TSA’s mission responsibilities include: (1) securing its own networks, and (2) working with its partners and TSS stakeholders, in coordination with the Department of Homeland Security (DHS), to secure its cyberspace. In order to ensure cybersecurity…
Continue Reading