This article introduces an upcoming series of posts scrutinizing federal and state regulators’ enforcement of data security and breach notification laws. The inaugural post will consider how the U.S. Department of Health and Human Services (HHS) enforces the 60-day notification requirement when covered entities do not notify everyone by 60 days, misrepresent when they actually…
Welcome!
Welcome. After almost 18 years of blogging about privacy and data security breaches on PogoWasRight.org, the now-defunct PHIprivacy.net, and DataBreaches.net, I’ve decided to create a site to emphasize some concerns about insufficient enforcement of laws that are supposed to promote data security, incomplete or misleading breach notification letters, and the general lack of transparency about…