In the absence of any meaningful moves in Congress to enact uniform data breach notification, the states continue to make adjustments to existing laws to better protect affected residents in their states.
It’s Monday morning — do you know your privacy/security status? Here are a few bits and bytes to start your week. SEC to Registered Investment Advisers and Broker-Dealers: It’s Your Turn to Pay Attention to Cybersecurity The Division of Investment Management of the Securities & Exchange Commission (SEC) has weighed in on cybersecurity of registered investment companies… Continue Reading
On this Privacy Monday, we can definitely say that the long winter of our discontent (at least for some of our readers) is over. Happy spring! In case you missed it, last Wednesday we presented the fourth in our Wednesday Webinar series on the progress of the EU draft Data Protection Regulation and what we… Continue Reading
On March 18, 2015 – just three months after denial of a motion to dismiss consumer claims arising from Target’s 2013 data breach – Target and the consumer class filed papers seeking approval of a settlement. The proposed settlement agreement creates a $10 million cash fund to be paid out to class members claiming actual damages arising… Continue Reading
State legislatures are not waiting for Congressional action on a national data breach notification standard. Montana — Montana has amended its 10-year old breach notification law (see Mintz Matrix) to expand the definition of “personal information” and require notice to the state attorney general’s consumer protection office. H.B. 74, signed into law by Governor Bullock,… Continue Reading
Originally posted to Mintz Levin’s Employment Matters Blog These days most employers manage a vast amount of electronic information about their employees, including the employees’ personal identifying information. But, what obligations do employers have to unionized employees with respect to managing that information and bargaining with them in the event of a breach of their private… Continue Reading
In a recently-released Form 8-K filing announcing fourth quarter and year-end financial results, Target Corporation reported that expenses incurred in 2014 relating to its 2013 data breach totaled over $191 million. Those expenses were offset by $46 million in insurance proceeds, resulting in a $145 million charge against Target’s 2014 operating results. The expenses incurred… Continue Reading
By now (unless you have been under a snow drift), you have likely heard about the apparent intrusion into a database at the nation’s largest health insurer, Anthem, Inc. Rather than reiterate the facts as currently known (see Anthem’s dedicated website for updates), we’ll look at the fallout and what’s next.
As expected in his State of the Union address last night, President Obama made it very clear that cybersecurity is on his agenda for 2015. After stating that: “No foreign nation, no hacker should be able to shut down our networks, steal our trade secrets or invade the privacy of American families, especially our kids,”… Continue Reading
Written by Cynthia Larose, CIPP and Ari Moskowitz, CIPP This has been a big week for cybersecurity announcements from Washington. In what the White House has called a series of “SOTU Spoilers,” President Obama announced his intention to follow through on some of the recommendations in his administration’s Big Data report — the culmination of… Continue Reading
Three privacy/security stories that you should know as you start your week: President Obama to Offer Cybersecurity/Privacy Previews to State of the Union Proposals In a series of speeches this week, President Obama will preview important issues to appear in his January 20th State of the Union address. A White House official said… Continue Reading
Make sure to get your January 2015 Mintz Matrix! Available here for downloading and always linked through the blog right hand navigation bar. Things you will not want to miss: California has significantly amended its breach notification requirements Kentucky’s new data breach law (2014) is expanded effective January 1 As always, this chart is… Continue Reading
The First Rule of How to Survive a HIPAA Audit: Be Prepared 2015 is bringing along with it the start of the HHS Office for Civil Rights random audit program to assess compliance with the HIPAA privacy, security and breach notification rules. It is anticipated that 300-400 business associates will be the subject of a… Continue Reading
Questions of Authority – who will be the federal regulatory cop on the privacy beat? FTC? FCC? Privacy, Data Security Jurisdiction Questions to the Forefront in 2015 Written by Christopher Harvie As privacy and data security gain more visibility among policy-makers, questions of federal agency authority and jurisdiction are also gaining a higher profile. Since… Continue Reading
sing it with me now…. Five Golden Rules…….(well, five new privacy laws/requirements) There are five significant new privacy laws/amendments that will be effective as of New Year’s Day — January 1, 2015 — and four are from California. Pull up a chair, brew that cup of tea. It’s time to review and prepare.
Back to school, back to traffic jams … back to Privacy Mondays! Our look at bits and bytes and goofs and gaffes in data privacy and security Home Depot Breach Update It has been nearly a week, and The Home Depot has still not confirmed that it is the latest victim of point-of-sale hackers in… Continue Reading
It appears that the data breach victim of the week (perhaps of the year) is The Home Depot. Brian Krebs has reported that it appears that two large dumps of purloined credit card numbers have made an appearance on the black market and that those numbers may have originated at Home Depot locations. Krebs’ reporting is… Continue Reading
Written by Cynthia Larose Some weeks ago, we wrote a piece “What You Need to Know About Backoff Malware: The New Threat Targeting Retailers” . It’s apparently gotten worse. Any business utilizing point-of-sale (POS) terminals for “swiping” credit cards needs to pay attention to this threat and assess vulnerability. Hospitals, physicians’ offices, veterinary clinics, colleges… Continue Reading
Technology, retail, medical, financial services, education ….. and more experience data losses on a daily basis through employee negligence, poor controls, insider attacks, advanced persistent threats from malevolent outsiders or computer viruses. Join Mintz Levin Privacy team members and other privacy and security experts in San Francisco on September 30 for a roundtable discussion of… Continue Reading
Written by Julia Siripurapu, CIPP/US and Dianne J. Bourque Community Health Systems, Inc. (the “Company”), one of the largest hospital organizations in the country, announced via a public filing (Form 8K) made yesterday with the Securities and Exchange Commission (“Report”) that the Company was the target of a cyber attack that compromised the health data… Continue Reading
We are now officially in the throes of “midsummer” on this Privacy Monday. And, on occasion in the data privacy world, we agree with Will Shakespeare’s words….“Lord, what fools these mortals be!” Flash Drives …. Butler University has warned about 160,000 students, faculty, staff, and alumni that personal information was discovered on a flash drive… Continue Reading
Reposted from Mintz Levin’s Health Law & Policy Matters blog The American Bar Association Health Law Section’s July 2014 eSource publication includes an article by Dianne Bourque, Kimberly Gold, and Stephanie Willis that provides examples of how risk assessments under the Breach Notification Rule have changed since the HIPAA Omnibus Rule went into effect in September 2013. The examples analyzed… Continue Reading
Not only the last Monday in June, but the last day of June. There are quite a few privacy-related things taking effect tomorrow, July 1. Some reminders: Florida Amendments to Data Breach Notification Law The Florida Information Protection Act of 2014 (“FIPA”) takes effect tomorrow. The FIPA essentially repeals Florida’s existing data breach notification law and… Continue Reading
Written by Adam Veness New Jersey U.S. District Judge Esther Salas agreed to allow Wyndham Hotels and Resorts LLC to immediately appeal to the Third Circuit a ruling affirming the FTC’s authority to bring data security cases. We have been following this case since the beginning, and you can see our last post here. Judge Salas… Continue Reading