Tech companies are able to degrade product privacy protections without repercussions when "excessive regulation" insulates them from competition, the FTC said in a joint letter with DOJ on Monday.

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced a $600,000 settlement with California health care network PIH Health, Inc. (PIH) Wednesday over a phishing attack that allegedly exposed electronic protected health information (ePHI) of almost 200,000 individuals.

Medical device companies with ties to China should prioritize compliance with DOJ’s new Data Security Program, attorneys at Hogan Lovells said Tuesday (see 2504140047).

DOJ’s data transfer rule might require a “deeper analysis on vendors and third parties” than expected, attorneys at Baker McKenzie said Monday in an opinion piece for the IAPP.

Expect updated compliance guidance throughout the year from DOJ on its data transfer rule, Paul Hastings attorneys said Thursday.

Comments are due June 13 on a draft update to the National Institute of Standards and Technology’s privacy framework, the agency said Monday.

Expect an independent third-party assessment of a cyber incident, the Office of the Comptroller of the Currency officially announced this week.

Life sciences companies should assess whether DOJ’s data transfer rule applies to their data-handling activity, attorneys at Cooley said in a post Thursday (see 2504020022).

Tech associations are continuing to push DOJ to extend the April 8 effective date for its data transfer rule (see 2504020022).

Cross-border data and technology transfers are subject to President Donald Trump’s “America First” executive order, Secretary of State Marco Rubio announced Friday.