On July 23, 2018, Denmark’s data protection agency announced that companies must encrypt all emails transmitting sensitive personal data.  This new rule goes into effect January 1, 2019, giving companies that do business in or with Denmark approximately five months to implement encryption technologies for their email systems.  This is a strict interpretation of Article 9 of GDPR; however, one facet of GDPR is that each European Union country can interpret and determine how companies must comply with the overarching GDPR principles and requirements.
Continue Reading Denmark Implements Email Encryption Requirement, What Countries Will Follow?

HIPAA has teeth.  On June 1, 2018, an Administrative Law Judge (ALJ) ruled that the University of Texas MD Anderson Cancer Center violated HIPAA.  In doing so, the ALJ granted the Office of Civil Rights (OCR) summary judgment, requiring the hospital to fork up the $4,348,000 in civil monetary penalties imposed by OCR. 
Continue Reading ALJ Judge Upholds OCR’s $4,348,000 Data Breach Penalty on Texas Hospital