Written by Amy Malone Effective as of May 8, 2012, Vermont’s updated data breach law (Act 109) brings along several changes. The biggest change is in the notification requirements. Notification to consumers must now occur no later than 45 days after discovery of the incident and must include the approximate date of the security breach… Continue Reading
Monthly Archives: May 2012
UK Cookie Law “Grace Period” Expires — Enforcement to Begin
Posted in Data Compliance & Security, Privacy RegulationWhile those of us in the United States were observing Memorial Day and enjoying the unofficial start of summer, the grace period from enforcement of the UK “Cookie Law” expired on Sunday, May 27th. Accordingly, websites must now officially obtain “informed consent” from visitors before saving cookies on a machine. The reach of… Continue Reading
FTC v. Myspace Part II — The Takeaways
Posted in Data Compliance & Security, Federal Trade Commission, Online Advertising, Privacy Litigation, Privacy RegulationThe FTC has again provided us with a road map to compliance through the Myspace consent order. Here are the takeaways that should concern every company with an online presence. Keeping the FTC Out of Your Space — The Takeaways Much can be learned from how the FTC has evaluated the adequacy of Myspace’s privacy policy… Continue Reading
Does an employer invade an employee’s privacy by accessing and reviewing the employee’s email?
Posted in Employee Privacy, Privacy LitigationA recent Massachusetts Superior Court decision, Falmouth Firefighters Union v. Town of Falmouth, answers “no.” Our colleagues over at the Mintz Levin Employment Matters blog have posted an analysis of this interesting decision and the takeaways for employers — particularly Massachusetts employers. Read more here.
Ignorance of HIPAA Provisions No Excuse
Posted in HIPAA/HITECHAs the old canard goes: “Ignorance of the law is no excuse.” The Ninth Circuit agrees, particularly when it comes to misdemeanor charges under HIPAA for “wrongful disclosure.” Our colleagues at the Mintz Health Law & Policy Matters blog tell the story here.
FTC Warns: Practice What You Promise – Part 1
Posted in Federal Trade Commission, Privacy RegulationThe Federal Trade Commission has issued yet another warning to companies operating online: make sure your privacy policy is not making promises that you cannot (or do not) keep. Recently, the FTC entered into an agreement with Myspace and issued a consent order to settle a complaint it filed against the social networking website. This post… Continue Reading
Navigant: Reports of Data Breaches On the Increase Across Industries
Posted in Data Breach, Data Breach Notification, Data Compliance & Security, HIPAA/HITECH, Privacy Regulation, SecurityNavigant recently published the latest update of its comprehensive Information Security and Data Breach Report, which adds yet another analytic view of the data breach picture. And the view is not a pretty one. You can get a copy of the report here. Some of the “highlights”: Healthcare entities again accounted for the largest percentage… Continue Reading
Symantec: Malicious Cyber Attacks Increased by 81 Percent in 2011 and Data Breaches Up
Posted in Data Breach, Data Breach Notification, Data Compliance & Security, Identity Theft, SecuritySymantec has released its annual Internet Security Threat Report, and the numbers are astounding. According to the report, malicious attacks on networks skyrocketed by 81 percent in 2011. The report also highlights that advanced persistent threats, known as APT attacks, are spreading to organizations of all sizes, with the number of daily APT attacks increasing… Continue Reading
