Navigant recently published the latest update of its comprehensive Information Security and Data Breach Report, which adds yet another analytic view of the data breach picture. And the view is not a pretty one. You can get a copy of the report here. Some of the “highlights”: Healthcare entities again accounted for the largest percentage… Continue Reading
Category Archives: Data Compliance & Security
Subscribe to Data Compliance & Security RSS FeedSymantec: Malicious Cyber Attacks Increased by 81 Percent in 2011 and Data Breaches Up
Posted in Data Breach, Data Breach Notification, Data Compliance & Security, Identity Theft, SecuritySymantec has released its annual Internet Security Threat Report, and the numbers are astounding. According to the report, malicious attacks on networks skyrocketed by 81 percent in 2011. The report also highlights that advanced persistent threats, known as APT attacks, are spreading to organizations of all sizes, with the number of daily APT attacks increasing… Continue Reading
The Rising Cost of HIPAA Violations: $100,000 Fine Levied on Physician Group
Posted in Data Compliance & Security, HIPAA/HITECH, SecurityWritten by Kimberly Gold If your company needs another reminder that policies and procedures, risk assessments, documentation and training are critical elements for HIPAA compliance programs, we have another corrective action plan – and monetary fine – that should be utilized as a “teachable moment” for health care providers and business associates alike. Phoenix Cardiac… Continue Reading
Massachusetts Attorney General Data Breach Investigation Results in $15,000 Settlement with Property Management Firm
Posted in 201 CMR 17.00, Data Breach, Data Breach Notification, Data Compliance & Security, Privacy RegulationWritten by Cynthia J. Larose and Adam Veness Last October, a Maloney Properties, Inc. (“MPI”) company laptop was stolen containing unencrypted personal information, including social security numbers, for over 600 Massachusetts residents. Shortly after the incident, MPI sent letters to customers alerting them of the incident and related data breach. As a result of that… Continue Reading
The cost of HIPAA non-compliance – $17 million – UPDATE
Posted in Data Breach, Data Breach Notification, Data Compliance & Security, HIPAA/HITECHWritten by Kevin McGinty If it wasn’t clear before, a recent settlement of HIPAA claims brought by the Department of Health and Human Services against BlueCross BlueShield of Tennessee (“BCBST”) underscores the high regulatory cost of non-compliance with privacy requirements. HHS announced on March 13, 2012 that BCBST has agreed to pay $1.5 million… Continue Reading
Privacy-on-the-Go: Make sure that “killer app” has a privacy policy
Posted in Data Compliance & Security, Privacy RegulationAlthough one would never realize it when downloading many popular mobile apps on any of the major platforms (Apple’s iTunes, Google, Amazon, RIM, HP, etc.) — the requirements of California’s Online Privacy Protection Act to have a “clear and conspicuous” privacy policy apply to mobile apps as well as online website. California’s Attorney General has… Continue Reading
Consumer Privacy Bill of Rights – Summary and Invitation to Comment
Posted in Data Compliance & Security, Legislation, Privacy RegulationThe Department of Commerce has already taken the first steps to implementing the White House’s Consumer Privacy Bill of Rights announced last month. Commerce has invited comment on “what issues should be addressed through the privacy multi-stakeholder process and how to structure these discussions so they are open, transparent, and most productive.” According to the Federal… Continue Reading
Massachusetts Businesses Face Two New Challenges on Data Security
Posted in 201 CMR 17.00, Class Action Litigation, Data Compliance & SecurityA cross-post from our friends at the Associated Industries of Massachusetts – and important reading, given that March 1st is Thursday. Employers Face Two New Challenges on Data Security
President Obama: “American consumers can’t wait any longer….”
Posted in Data Compliance & Security, Federal Trade Commission, Legislation, Online Advertising, Privacy RegulationAt the White House today, President Obama unveiled his administration’s framework for new privacy regulations and the long-awaited white paper entitled “Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy.” This follows up on the Department of Commerce “green paper” issued well over a year… Continue Reading
A Top Five List: Data Security and Privacy Issues 2012
Posted in Data Compliance & Security, European Union, Federal Trade Commission, Legislation, Privacy RegulationHere is an article published in Westlaw Journal on the top 5 data security and privacy issues in 2012 (and there could be a “top 20″ if we’d had the column inches!) — a little crystal ball-gazing: Top 5 Commercial Data Security and Privacy Issues in 2012
Massachusetts Data Security Regulations: Deadline Looms for Amending Service Provider Contracts
Posted in 201 CMR 17.00, Data Compliance & Security, Privacy RegulationJust a reminder that March 1 is an important deadline with respect to the Massachusetts data privacy and security regulations (the “Regulations”). As a refresher, the Regulations require all entities that “own or license” personal information of Massachusetts residents — wherever the entity is located — to comply with provisions requiring specific administrative, physical and technical… Continue Reading
HIPAA Breach Reporting Deadline Approaching
Posted in Data Breach Notification, Data Compliance & Security, HIPAA/HITECHOur colleagues over at the Mintz Health Law Policy Matters blog have posted a reminder about the approaching annual HITECH data breach reporting deadline. All “small” calendar year 2011 breaches affecting fewer than 500 must be reported to the Office of Human Rights by the end of February. If you think this may be you,… Continue Reading
Broken Privacy Promises from Upromise? FTC Settlement and Key Takeaways (Update)
Posted in Data Compliance & Security, Federal Trade CommissionWritten by Jake Romero According to the Federal Trade Commission, the most remarkable aspect of Upromise, an online college savings program, was not how much its users saved. Rather, it was how much they were giving away. The FTC has announced settlement regarding a complaint it had filed against Upromise, Inc. alleging that the corporation… Continue Reading
New Year’s Resolutions – Privacy & Security
Posted in 201 CMR 17.00, Data Breach, Data Compliance & Security, HIPAA/HITECH, Identity Theft, Privacy Regulation, Secure Traveling, SecuritySince it’s traditionally the time for new beginnings and resolutions to clear away old habits, we’d like to pass on some tips for improving privacy and security in your operations — and in your own life — in 2012. 1. Be sure to secure. Many data breaches occur by leaving sensitive information lying around the… Continue Reading
Things to do in 2012: Questions to Ask of Cloud Vendors
Posted in Data Breach Notification, Data Compliance & Security, European Union, HIPAA/HITECH, SecurityAdoption of cloud computing is certainly on the increase — but 2011 has seen evidence of some of the risks associated with moving to the cloud. Notable among the year’s data breaches was the breach at e-mail marketer Epsilon Data. To quickly refresh your memory, Epsilon was the victim of a hacking attack, and once… Continue Reading
FTC: Facebook “Deceived” Consumers by Failing to Keep Privacy Promises
Posted in Data Compliance & Security, Legislation“Facebook is obligated to keep the promises about privacy that it makes to its hundreds of millions of users” – Federal Trade Commission Chairman Jon Leibowitz The Federal Trade Commission (FTC) has announced the long-rumored proposed consent decree with Facebook, settling allegations in a complaint that Facebook violated Section 5 of the FTC Act by failing to live… Continue Reading
SEC Guidance to Public Companies: Evaluate and Disclose Cybersecurity Risks
Posted in Class Action Litigation, Data Breach, Data Compliance & Security, Privacy LitigationThe Securities and Exchange Commission (SEC) has issued guidance to public companies with respect to disclosure relating to cybersecurity and data breach risks. This release is from the Commission’s Division of Corporation Finance and is not a rule or regulation — but it is clear that public companies that ignore the advice in the Disclosure… Continue Reading
Cybersecurity and privacy expert joins ML Strategies
Posted in Data Compliance & Security, Legislation, Privacy RegulationWe have a new expert in the house for cybersecurity, privacy and technology issues. Our government relations affiliate, ML Strategies has announced a new Manager of Government Relations, Rachel Sanford. Before coming aboard ML Strategies, Rachel served as a Senior Consultant on privacy and cybersecurity issues at IBM. While at IBM, Ms. Sanford was a… Continue Reading
State Data Breach Notification Laws – The Mintz Matrix
Posted in Data Breach, Data Breach Notification, Data Compliance & SecurityWe update the myriad of state data breach notification laws on a quarterly basis in what we fondly call the Mintz Data Breach Matrix. Hot off the presses is the version current as of October 1, 2011. All the usual disclaimers apply: in the event of a multi-state data breach, the matrix is not a… Continue Reading
Good Weekend Read
Posted in Class Action Litigation, Data Compliance & SecurityMy colleague, and frequent contributor to this space, Kevin McGinty, has published a great article on data privacy class action lawsuits. Happy reading!
House Committee to Hold Hearing on FTC’s COPPA Revisions
Posted in Children, Data Compliance & Security, Privacy RegulationThe Federal Trade Commission has released its long anticipated proposed revisions to its rule implementing the Children’s Online Privacy Protection Act (“COPPA”). COPPA governs (1) operators of websites and online services that are directed to children under the age of 13 and (2) operators of general audience websites or online services that have actual knowledge that… Continue Reading
Privacy and the Smart Grid: California Public Utilities Commission Adopts Smart Grid Data Protection Rules
Posted in Data Compliance & Security, LegislationWritten by Julia Siripurapu Recently the California Public Utilities Commission (CPUC) in a unanimous decision approved data protection rules for the following Smart Grid providers: Pacific Gas and Electric Company, Southern California Edison, San Diego Gas and Electric Company, and the companies that assist them in utility operations, companies under contract with the utilities, and… Continue Reading
Privacy Still on Congressional Radar Screen
Posted in Data Breach, Data Breach Notification, Data Compliance & Security, LegislationLawmakers, industry leaders and officials from the Federal Communications Commission, the Federal Trade Commission and the Department of Commerce generally expressed support last week for Federal legislation on Internet privacy and data security during a Senate Commerce Committee hearing. Senate Commerce Committee Chairman Jay Rockefeller (D-WV), who introduced S. 913, the “Do-Not-Track Online Act of 2011,” which… Continue Reading
Privacy “Webinar Wednesday” Series
Posted in Data Compliance & SecurityLast week, we introduced the “Privacy Webinar Wednesday” educational series with Data Privacy and Security Issues for the Not-for-Profit: 201 CMR 17.00, PCI, and Other Acronyms You Should Know. It was incredibly well-received – over 150 registrants. We’ll be presenting various privacy and security issues on the first Wednesday of the month. In case you… Continue Reading
