Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

Category Archives: Data Breach

Subscribe to Data Breach RSS Feed

Privacy Monday: July 21, 2014

Posted in Data Breach, Data Breach Notification, Identity Theft, Privacy Monday

We are now officially in the throes of “midsummer” on this Privacy Monday.  And, on occasion in the data privacy world, we agree with Will Shakespeare’s words….“Lord, what fools these mortals be!” Flash Drives  …. Butler University has warned about 160,000 students, faculty, staff, and alumni that personal information was discovered on a flash drive… Continue Reading

Wyndham Gets Life Preserver in Data Breach Case

Posted in Data Breach, Data Breach Notification, Federal Trade Commission, Privacy Litigation

Written by Adam Veness New Jersey U.S. District Judge Esther Salas agreed to allow Wyndham Hotels and Resorts LLC to immediately appeal to the Third Circuit a ruling affirming the FTC’s authority to bring data security cases.  We have been following this case since the beginning, and you can see our last post here. Judge Salas… Continue Reading

D’oh! OCR Confirms that Medical Records Should Not be Left in the Driveway

Posted in Data Breach, Data Breach Notification, HIPAA/HITECH

Written by  Dianne J. Bourque  (reprinted from Mintz Levin’s Health Law Policy Matters blog) The most recent Office for Civil Rights (“OCR”) HIPAA enforcement action serves as an important reminder to health care providers of the security risks associated with a mishandled medical records custody transfer and the risks of leaving paper records in the… Continue Reading

Privacy Monday – June 23, 2014

Posted in Cybersecurity, Data Breach, Data Compliance & Security, Privacy Monday

DC Update from Politico Morning Tech “DATA BREACH DRAFT DELAYED – The thorny issue of FTC enforcement has slowed efforts to release a draft of Rep. Lee Terry’s data breach bill, according to sources close to the process. Terry had hoped to release the draft he’s been working on with Democrats John Dingell and Peter… Continue Reading

Five Lessons from OCR’s Report to Congress on Breaches and HIPAA Rules Compliance

Posted in Cybersecurity, Data Breach, Data Breach Notification, HIPAA/HITECH, Privacy Regulation, Security

Written by Stephanie D. Willis and Dianne J. Bourque (republished from Mintz Levin’s Health Law Policy Matters blog)   Last week, the HHS Office of Civil Rights (OCR) released two reports required by the Health Information Technology for Economic and Clinical Health (HITECH) Act: (i) the Annual Report to Congress on Breaches of Unsecured Protected Information… Continue Reading

Save the Date: San Francisco Privacy Event

Posted in Data Breach

Join Mintz Levin’s Privacy & Security team for a data breach briefing in San Francisco on July 15th Anticipating the Inevitable — What C-Suite Execs Say They Wish They Had Known Before the Data Went Missing Medical, insurance, retail, financial services, education, hospitality, technology, and defense industries experience data losses on a daily basis through… Continue Reading

Health Data Breach Victims Have Standing to Sue Says WV Supreme Court

Posted in Data Breach, HIPAA/HITECH, Privacy Litigation

The most common defense against class actions for data breach has itself been breached in a ruling last week by the West Virginia Supreme Court. The Court’s opinion held that representatives of the class of medical clinic patients whose names, contact details, social security numbers and medical information had been accidentally posted to a publicly… Continue Reading

My company isn’t a search engine. Why should I care about Google Spain?

Posted in Data Breach, Data Compliance & Security, EU Data Protection Regulation, European Court of Justice, European Union, Legislation, Privacy Litigation, Privacy Regulation

Written by Susan Foster, Solicitor England & Wales/Admitted in California  (LONDON) Google – along with the rest of us – is still considering the implications of the European Court of Justice’s May 13, 2014 decision that Google must remove links to a newspaper article containing properly published information about a Spanish individual on the basis… Continue Reading

“Selfie” Assessment – 4 Key Lessons from Snapchat’s Settlement with the FTC

Posted in Data Breach, Federal Trade Commission, Privacy Regulation

Written by Jake Romero, CIPP/US As a country we are quickly approaching a time in which most adults will be disqualified from being elected to public office because of something they posted on their social media account while growing up.  Against this backdrop of over-sharing, Snapchat, Inc. won over the hearts of its users with… Continue Reading

Privacy Monday – May 12, 2014

Posted in Data Breach, Data Breach Notification, Data Compliance & Security, Privacy Monday, Privacy Regulation

Another busy week in the privacy/security world.  We have some bits and bytes to start your week: Verizon 2014 Data Breach Investigation Report – Something Old, Something New Verizon is out with its 2014 edition of the comprehensive Data Breach Investigation Report (DBIR).   You can get your copy here for your reading pleasure — or… Continue Reading

Cyber Risks for the Boardroom Part 2: Why Corporate Directors Should be Concerned About Data Security Breaches

Posted in Cyber Risks Boardroom Series, Cybersecurity, Data Breach, Insurance

All this week, we are featuring a series “Cyber Risks – Director Liability and Potential Gaps in D&O Coverage” Part 2 of 5:  Why Directors Should Be Concerned Written by Heidi Lawson and Danny Harary A data breach is not a unitary or self-contained event.  The fallout from a breach could impact the directors as… Continue Reading

Privacy Monday: Cinco de Mayo, 2014

Posted in Cybersecurity, Data Breach, Privacy Monday

Happy Cinco de Mayo! Breaking news this Privacy Monday:  The fallout from the massive Target Corporation data breach continues.  This morning, the Target board announced that Chief Executive Officer Gregg Steinhafel has resigned effective immediately.  The company has appointed Chief Financial Officer John Mulligan as interim president and chief executive.  Steinhafel spent 35 years with… Continue Reading

Regulators Speak at IAPP Breakfast Meeting in NYC

Posted in Cybersecurity, Data Breach, Data Compliance & Security, Federal Trade Commission

Written by Andowah Newton Some important takeaways to start your weekend: Data Breach Incidents—Especially “Ransom” Incidents, are on the Rise—One panelist observed that the New York State Attorney General’s Office received reports of approximately 900 data breach incidents during the past year alone.  There has been a significant increase in reports of “ransom” incidents, in… Continue Reading

Minnesota Proposes Expansive Amendment to Data Breach Notification Law

Posted in Data Breach, Data Breach Notification, Legislation

Two days ago, we heard that Target Corporation has brought in an information security heavy hitter to oversee the company’s post-breach data security and technology operations.  Now we learn that its home base of operations, Minnesota, is the latest state to propose a legislative reaction to the Target data breach. The Minnesota legislature has introduced an… Continue Reading

We have seen this movie before ….. and we all should know that it does not end well.

Posted in Data Breach, HIPAA/HITECH, Privacy Regulation

This was originally posted on Mintz Levin’s Health Law & Policy Matters blog: Written by: Kimberly J. Gold How much is the cost of doing nothing when it comes to encryption of sensitive data?   In the case of electronic protected health information, about $2 million. Two companies have been hit with fines equaling a total of almost… Continue Reading

NYC Women in Intellectual Property Discuss Cybersecurity

Posted in Cybersecurity, Data Breach, Data Compliance & Security, European Union, Federal Trade Commission

Written by Andowah Newton Yesterday, Mintz Levin attended a panel breakfast sponsored by the New York City Bar’s Committee on Women in Intellectual Property.  The panel featured two practitioners, one from the public sector and one from the private sector.  The panel was moderated by Karen Greenberg, Director at Fordham Law’s Center.   Some takeaways that we… Continue Reading

Get your updated Mintz Matrix!

Posted in Data Breach, Data Breach Notification

As our readers know, we maintain a summary of the US state data breach notification laws, which we refer to as the “Mintz Matrix.”   We update the Mintz Matrix on a quarterly basis, or more frequently if developments dictate. We’ve updated the Mintz Levin State Data Breach Notification Matrix to reflect recent changes to Kentucky’s… Continue Reading

Target Becomes a Target: Proposed California Bill Aims to Make Retailers Liable for Data Breach Incidents

Posted in Data Breach, Data Breach Notification, Privacy Regulation

Written by Jake Romero, CIPP/US Following a string of high-profile data breaches and new data suggesting that approximately 21.3 million customer accounts have been exposed by data breach incidents over the past two years, the California legislature has introduced legislation aimed at making retailers responsible for certain costs in connection with data breach incidents.  If… Continue Reading

Aggressive Liability Theory Does Not Eliminate Obstacles To Banks’ Claims In Target Data Breach Class Action

Posted in Class Action Litigation, Data Breach, Privacy Litigation

Written by Kevin McGinty The latest salvo in the Target data breach litigation is a class action brought by credit card issuing banks advancing a creative and somewhat misleading construction of the Minnesota’s Plastic Card Security Act.  The banks allege that there was a violation of the statute’s prohibition on retaining PIN, security code and… Continue Reading

Privacy Monday – March 31, 2014 OPENING DAY!

Posted in Cybersecurity, Data Breach, Data Breach Notification, Employee Privacy, Uncategorized

Last Monday in March (Opening Day for you baseball fans) - some privacy/security bits and bytes to close out the month. Microsoft:  “We won’t access private e-mail accounts …  Promise.” Microsoft has committed to no longer accessing the private e-mail accounts of its users after criticism that the company looked at the e-mail of a former employee… Continue Reading

The Target Breach Update

Posted in Cybersecurity, Data Breach

It has been difficult to keep up with all the various permutations of the Target data breach saga. Yesterday, the fingerpointing continued in the form of the release of a Harris Poll and testimony on Capitol Hill at a U.S. Senate hearing. 

Privacy Monday – March 24, 2014

Posted in Cybersecurity, Data Breach, Data Compliance & Security, Privacy Monday

Welcome to March Madness — although if your brackets look anything like mine do this morning, it is not particularly “welcome.”   Let’s just say that there is no danger of my winning Warren Buffet’s $1 billion. Privacy and cybersecurity continue to be hot topics and the breaches roll on.   Here are some privacy and security… Continue Reading