Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

Monthly Archives: January 2013

REMINDER — Webinar: The New HIPAA Omnibus Rule and Your Liability: TOMORROW

Posted in HIPAA/HITECH, Legislation, Privacy Regulation

Don’t forget to register! Mintz Levin is presenting a webinar on January 30,2013 to discuss the impact of the HIPAA Omnibus Rule - the first, sweeping overhaul of the HIPAA privacy and security rules in a decade. Covered entities will want to participate to catch up on the finer details. Business associates and downstream entities – e.g., subcontractors, cloud providers, data storage… Continue Reading

OCR Releases Sample Business Associate Agreement Provisions

Posted in Data Breach Notification, Data Compliance & Security, HIPAA/HITECH, Privacy Regulation

 Written By Kimberly Gold   The Department of Health and Human Services, Office for Civil Rights (OCR) has posted on its website sample business associate agreement provisions to help covered entities and business associates comply with the new business associate agreement requirements under the final HIPAA Omnibus Rule. The HIPAA Omnibus Rule modified the minimum required… Continue Reading

Data Privacy Day 2013 Post #3 — Look out for the Maryland Privacy Police!

Posted in Data Compliance & Security, Legislation, Privacy Regulation

Maryland’s Attorney General, Douglas Gansler, announced today that Maryland has a new Internet Privacy Unit to monitor the data collection practices of online companies.    According to the Attorney General’s press release,  the Internet Privacy Unit will monitor companies to ensure they are in compliance with state and federal consumer protection laws, including the Children’s Online Privacy… Continue Reading

Data Privacy Day 2013 – Tip #2 – Dust off your information security policy (or start putting one in place…)

Posted in Data Breach, Data Breach Notification, Data Compliance & Security, Privacy Regulation, Security

Written by Amy Malone Do you have a comprehensive information security program?  Many businesses are still operating without one, leaving them open to preventable data breaches.  The importance of info security programs was yet again underscored by the recent settlement between Cbr Systems and the Federal Trade Commission regarding a breach that affected 300,000 consumers…. Continue Reading

Data Privacy Day 2013 – Passwords

Posted in Security

Something everyone can do for Data Privacy Day:  make it a point to change at least one password and make it “long and strong.”   Here are some tips for building strong passwords from David Sherry, Chief Information Security Officer at Brown University: To create a strong password, you should use a string of text… Continue Reading

International Data Privacy Day is Monday

Posted in Data Compliance & Security, Employee Privacy, Security

Time for some tips to keep your company (and your employees) safe online – Are your employees trained to maintain company privacy standards? Conduct employee training on privacy as it relates to employment, helping employees learn how to protect the privacy of clients’ and customers’ personal information and teaching employees how to manage their own… Continue Reading

Canada’s Anti-Spam Law is a Step Closer

Posted in Privacy Regulation

US marketers who have been paying attention to anti-spam developments north of the border are concerned about proposed new Canadian regulations.   If you have not been paying attention, it’s probably time that you did.   We have a guest post today discussing the progress of those regulations. CANADA’S ANTI-SPAM LAW IS A STEP CLOSER Written by:   ARIANE… Continue Reading

The Sony data breach fine: A hand-slap from London now, but what would it have been under the proposed new EU Data Protection Regulation?

Posted in Data Breach, Data Breach Notification, European Union, Privacy Regulation

Written by Sue Foster, Mintz Levin – London The UK Information Commissioner’s Office (ICO) has fined Sony £250,000 for the widely publicized 2011 security breach during (see here, here, and here) which hackers gained access to personal data (including credit card information) of over 77 million users. For a company of Sony’s size, £250,000 is a hand-slap —… Continue Reading

Webinar: The New HIPAA Omnibus Rule and Your Liability

Posted in HIPAA/HITECH, Privacy Regulation

Mintz Levin is presenting a webinar on January 30,2013 to discuss the impact of the HIPAA Omnibus Rule – the first, sweeping overhaul of the HIPAA privacy and security rules in a decade. Covered entities will want to participate to catch up on the finer details. Business associates and downstream entities – e.g., subcontractors, cloud… Continue Reading

HIPAA Omnibus Rule Reference Chart

Posted in HIPAA/HITECH, Privacy Regulation

By Dianne J. Bourque, Kimberly J. Gold, Ellen L. Janos, Julie K. Lappas, James Sasso, Kate F. Stewart, and Stephanie D. Willis Mintz Levin is pleased to provide this section-by-section analysis of the HIPAA Omnibus Rule. The chart lists provisions of the proposed privacy, security, and enforcement rules mandated by the Health Information Technology for… Continue Reading

Finally! HHS Office of Civil Rights Releases HIPAA Omnibus Rule With Sweeping Changes to Compliance Requirements and Enforcement

Posted in HIPAA/HITECH, Privacy Regulation

BY DIANNE J. BOURQUE AND STEPHANIE D. WILLIS The final regulations1 from Department of Health and Human Services Office of Civil Rights (OCR) containing modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules (Omnibus Rule) have finally been released, but the hard work of interpreting them has just begun for covered entities, business associates, and downstream entities… Continue Reading

HITECH Omnibus Rule Basics

Posted in HIPAA/HITECH, Privacy Regulation, Security

As we pore through the 562-page HITECH Omnibus Rule released by the Department of Health and Services late yesterday afternoon, here are some top line bullet points: Effective Date:  Rule becomes effective on March 26, 2013.  Covered entities and business associates must comply by September 23, 2013. Business Associates are now front and center – During… Continue Reading

Breaking News – HITECH Omnibus Rule Published

Posted in HIPAA/HITECH, Privacy Regulation

After months of waiting, we have just learned that the HITECH regulations — otherwise known as the Omnibus Rule — have been published.   Our team has already started to dive in and we will be publishing detailed analyses both here and at our sister blog, Health Law & Policy Matters. Stay tuned for more -… Continue Reading

Data Privacy Day Event – Brown University

Posted in Data Compliance & Security, Privacy Regulation, Security

In the run-up to International Data Privacy Day on January 28th, we’ll be posting information on events that may be of interest.   Our friends at Brown University have sent this invitation: You are cordially invited to attend a free Information Security Group colloquium in celebration of National Data Privacy Day at Brown University on Monday January 28, 2013 from 1-4 PM. “Perspectives on… Continue Reading

Cybersecurity in the 113th Congress

Posted in Data Breach, Data Breach Notification, Legislation, Privacy Regulation, Security

The 113th Congress will bring new leadership to the House Homeland Security Committee and the Senate Homeland Security and Government Affairs Committees — all responsible for cybersecurity issues.  President Obama is expected to release an Executive Order (based on the draft circulated in late November 2012) very soon, perhaps before the State of the Union… Continue Reading

Privacy-on-the-Go: Make sure that “killer app” has a privacy policy — UPDATE

Posted in Data Compliance & Security, Privacy Regulation

We posted this alert back in March, and now California Attorney General Kamala Harris has released a recommended set of privacy best practices for app developers and advertising networks entitled “Privacy on the Go:  Recommendations for the Mobile Ecosystem.” Written after consulting a “broad spectrum of stakeholders,” including app developers, ad networks, privacy professionals and privacy… Continue Reading

The View from London: European Parliament Publishes Proposal for Revised Draft of EU Data Protection Regulation

Posted in European Union, Privacy Regulation

Written by Susan Foster The European Parliament recently published a report on the European Commission’s draft of a new EU Data Protection Regulation.  The report, which includes the European Parliament’s proposal for a revised draft of the Regulation runs to an astounding 215 pages.  The Parliament’s report is certain to fuel debate for months as… Continue Reading

#3 in our 2013 Issues Series: Privacy of Mobile Applications

Posted in Data Compliance & Security, Privacy Litigation, Privacy Regulation

As we continue our “new year, new look” series into important privacy issues for 2013, we boldly predict: Regulatory Scrutiny of Data Collection and Use Practices of Mobile Apps Will Increase in 2013 Mobile apps are becoming a ubiquitous part of the everyday technology experience.  But, consumer apprehension over data collection and their personal privacy… Continue Reading

Second of a series: Privacy and Security Issues for 2013

Posted in Data Compliance & Security, Employee Privacy, Privacy Regulation

Our series over the next 10 days will highlight the top issues, as we see them, in privacy and security for 2013.    Yesterday, we looked at the increase in cybersecurity disclosure by public companies, triggered by the Securities and Exchange Commission’s Cybersecurity Guidance. Privacy 2013 – What to Expect in the Employment Arena Written… Continue Reading

Words of Warning: “No breach too small”

Posted in Data Breach, Privacy Regulation

As originally posted in Mintz Levin’s Health Law & Policy Matters blog Written by: Stephanie D. WillisThe Department of Health and Human Services, Office for Civil Rights (OCR) reached its first settlement for a breach involving data regarding less than 500 individuals.  Under the December 2012 settlement, the Hospice of North Idaho (HONI) will pay OCR a $50,000 penalty to resolve allegations that… Continue Reading

First of a series (updated): Issues for 2013

Posted in Class Action Litigation, Data Breach, Data Breach Notification, Data Compliance & Security

Happy New Year!   We are beginning this week with a series of top Privacy and Security issues for 2013, as we see them.   Let’s start with an issue of interest to publicly traded companies, or companies considering going public in 2013 – a reminder that cybersecurity issues are of interest to the Securities… Continue Reading