Last week, the Office of Management and Budget issued an updated breach response policy for federal agencies, replacing a policy last updated in 2007. The policy, set forth in memorandum M-17-12, provides minimum standards for federal agencies in preparing for and responding to breaches of personally identifiable information (PII).
Continue Reading Updated OMB Breach Response Policy Includes Required Breach-Related Provisions for Federal Agency Contracts
OMB
OMB Issues New Draft Cyber Guidance for Contractors
By Inside Privacy on
Posted in Cybersecurity, Data Security
By Susan Cassidy, Alex Sarria
On August 11, 2015, the Office of Management and Budget (OMB) issued a draft guidance memorandum intended to improve cybersecurity protections in federal acquisitions. Specifically, the proposed memorandum provides direction to federal agencies on “implementing strengthened cybersecurity protections in Federal acquisitions for products or services…
Continue Reading OMB Issues New Draft Cyber Guidance for Contractors
FCC Adopts New Telemarketing Restrictions
By Inside Privacy on
Today, the Federal Communications Commission adopted new rules that strengthen its restrictions on autodialed or prerecorded telemarketing calls. The FCC billed the new rules as an effort to maintain consistency with the Federal Trade Commission’s telemarketing sales rule, which also governs telemarketing calls, and to give consumers control over the…
Continue Reading FCC Adopts New Telemarketing Restrictions
OIRA Releases Privacy Impact Assessment for Agency Use of Third-Party Websites
By Inside Privacy on
Posted in Department of Commerce, United States
The Office of Information and Regulatory Affairs (OIRA) recently released a model Privacy Impact Assessment (PIA) that federal agencies must use before they employ third-party websites and applications to communicate with the public. The new rules issued by OIRA, an arm of the White House’s Office of Management and Budget (OMB), build on rules the agency issued in June 2010.Continue Reading OIRA Releases Privacy Impact Assessment for Agency Use of Third-Party Websites
Coming Soon: Final HITECH Act HIPAA Privacy/Security Rules
By Inside Privacy on
Posted in Health Privacy, United States
In July of last year, the U.S. Department of Health & Human Services Office for Civil Rights issued a proposed regulation implementing changes to HIPAA resulting from the HITECH Act. As we previously reported, the proposed regulation significantly expands the scope of the privacy, security, and enforcement provisions of…
Continue Reading Coming Soon: Final HITECH Act HIPAA Privacy/Security Rules