Header graphic for print
Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

Data Compliance & Security

Subscribe to Data Compliance & Security RSS Feed

Recognizable Faces Disappear from Facial Recognition Meetings

Posted in Data Compliance & Security, Privacy Regulation

    Facing “industry stakeholders [that] were unable to agree on any concrete scenario” in which affirmative consent should be obtained from individuals before employing facial recognition technologies, nine consumer advocacy organizations made an about-face and withdrew from the multistakeholder process coordinated by the National Telecommunications and Information Administration (“NTIA”). These organizations, which include the… Continue Reading

New Hampshire Establishes Privacy Protections for Student Online Personal Information

Posted in Children, Data Compliance & Security, Privacy Regulation, Security

California again has provided a model of privacy legislation for other states to follow.  New Hampshire Governor Maggie Hassan recently signed into law House Bill 520 (the “Bill”), a bipartisan effort to establish guidelines for the protection of student online personal information. Who is covered by the Bill? Modeled after California’s Student Online Personal Information… Continue Reading

Data Breach Affects Millions of Current and Former Government Workers

Posted in Class Action Litigation, Data Breach, Data Compliance & Security, Employee Privacy, Identity Theft, Privacy Litigation, Security

The U.S. Office of Personnel Management (OPM) announced that hackers have stolen the personal information of approximately 4 million current and former federal employees, including names, birthdates and social security numbers.  OPM serves as the human resources department -and holds employee records – for the entire federal government, ranging from security clearances to the identities… Continue Reading

The NAI Issues Privacy Guidelines For Interest-Based Advertising, Ad Delivery and Reporting

Posted in Data Compliance & Security, Online Advertising

The Network Advertising Initiative (NAI) has issued guidance for its members on the use of non-cookie technologies for Interest-Based Advertising (IBA) and Ad Delivery and Reporting (ADR) (Guidance). The NAI is a self-regulatory organization for third-party digital advertising companies. Consistent with the NAI Code of Conduct (NAI Code) which was designed based on the Fair… Continue Reading

Privacy Monday – May 18, 2015

Posted in Children, Cybersecurity, Data Breach, Data Breach Notification, Data Compliance & Security, Events and Webinars, Mobile Privacy, Online Advertising, Privacy Monday, Security, Uncategorized

It’s Monday morning — do you know your privacy/security status? Here are a few bits and bytes to start your week. SEC to Registered Investment Advisers and Broker-Dealers:  It’s Your Turn to Pay Attention to Cybersecurity The Division of Investment Management of the Securities & Exchange Commission (SEC) has weighed in on cybersecurity of registered investment companies… Continue Reading

Breaking Down the DOJ Cybersecurity Unit’s Guidance on Responding to Cyberattacks

Posted in Cybersecurity, Data Breach, Data Compliance & Security, Privacy Litigation, Security

Another federal agency has weighed in with “guidance” on cybersecurity preparation and breach response.  The Department of Justice (DOJ) is the latest to issue guidance on how companies should respond to data breaches.   The guidance is not perfect, and in some respects is simply a recitation of existing best practices, but it is still valuable because… Continue Reading

Responding to Insider Data Theft

Posted in Cybersecurity, Data Compliance & Security, Events and Webinars, Security

Our 2015 monthly Privacy Issues Wednesday webinar series continued this month with Jonathan Cain and Paul Pelletier’s Responding to Insider Data Theft & Disclosure presentation.  Jonathan and Paul discussed how distinguishing the insider threat differs from the techniques used to identify and stop hackers, creating an environment that deters insiders from stealing data, and the… Continue Reading

Cross-Device Tracking: The New World

Posted in Data Compliance & Security, Federal Trade Commission, Mobile Privacy, Online Advertising, Uncategorized

Facebook does it.  Google does it.  It’s everywhere in the mobile ad ecosystem.  And your smartphone does it more often than you know, according to a study released on Monday by Carnegie Mellon. Now, Federal authorities have turned their attention to cross-device and cross-service tracking of consumers over the last several days and weeks. Speaking at… Continue Reading

State Data Breach Notification Law Updates

Posted in Cybersecurity, Data Breach Notification, Data Compliance & Security, Privacy Regulation

State legislatures are not waiting for Congressional action on a national data breach notification standard. Montana — Montana has amended its 10-year old breach notification law (see Mintz Matrix) to expand the definition of “personal information” and require notice to the state attorney general’s consumer protection office.  H.B. 74, signed into law by Governor Bullock,… Continue Reading

Privacy Monday – March 2, 2015: How is Your Cyber Resilience?

Posted in Cloud Computing, Cybersecurity, Data Compliance & Security, Privacy Monday, Security

Welcome to March (and in the Northeast, the arrival of meteorological spring is welcome indeed……) We start this month with a question:  Have you looked at your cyber resilience? The Federal Financial Institutions Examination Council (FFIEC) recently described “cyber resilience” as an organization’s ability to recover critical IT systems and resume normal business operations in… Continue Reading

Cybersecurity Executive Order: Not Much New

Posted in Cybersecurity, Cybersecurity, Data Compliance & Security, Uncategorized

President Obama’s February 13 Executive Order, “Promoting Private Sector Cybersecurity Information Sharing” (the “EO”), turns out to be light on new measures to improve cybersecurity, but focused heavily on adjustments to prior Executive Orders implementing the rules for handling classified information.  This focus introduces concerns about government agencies picking winners and losers in the cybersecurity… Continue Reading

Cybersecurity and Privacy in State of the Union Address

Posted in Children, Cybersecurity, Data Breach, Data Breach Notification, Data Compliance & Security, Legislation, Privacy Regulation, Security

As expected in his State of the Union address last night, President Obama made it very clear that cybersecurity is on his agenda for 2015.  After stating that:  “No foreign nation, no hacker should be able to shut down our networks, steal our trade secrets or invade the privacy of American families, especially our kids,”… Continue Reading

Privacy Monday – January 12, 2015

Posted in Cybersecurity, Data Breach Notification, Data Compliance & Security, Employee Privacy, Federal Trade Commission, Legislation, Privacy Monday, Privacy Regulation, Security

Three privacy/security stories that you should know as you start your week:   President Obama to Offer Cybersecurity/Privacy Previews to State of the Union Proposals In a series of speeches this week, President Obama will preview important issues to appear in his January 20th State of the Union address.    A White House official said… Continue Reading

Save the Date — HIPAA Audit Preparedness Webinar January 28, 2015

Posted in Data Breach Notification, Data Compliance & Security, HIPAA/HITECH, Privacy Regulation, Security

The First Rule of How to Survive a HIPAA Audit:  Be Prepared 2015 is bringing along with it the start of the HHS Office for Civil Rights random audit program to assess compliance with the HIPAA privacy, security and breach notification rules.   It is anticipated that 300-400 business associates will be the subject of a… Continue Reading

On the Twelfth Day of Privacy, My True Love Gave to Me …. 12 Different Types of Wearables!

Posted in 12 Days of Privacy, Cybersecurity, Data Breach, Data Compliance & Security, Privacy Regulation, Security

And what will that new gadget be spilling about you??  Written by Julia Siripurapu, CIPP There is no doubt that wearable devices are among the hottest gifts of the season! From fitness bands and smart watches to wearable cameras and the Google Glass, there is definitely someone on your list (including you!) who may benefit… Continue Reading

On the Tenth Day of Privacy, OCR Gave to Me…..

Posted in 12 Days of Privacy, Data Compliance & Security, HIPAA/HITECH, Privacy Regulation

……………..a cumbersome C-A-P Written by Dianne Bourque  The U.S Department of Health and Human Services Office for Civil Rights has received tremendous publicity in recent years for its upward-trending fines and aggressive enforcement of HIPAA violations.  Seven-figure fines are becoming the norm for serious violations, for example, in May of this year, OCR fined a hospital and university a combined total of $4.8 million dollars for their separate HIPAA… Continue Reading

On the Sixth Day of Privacy, the hackers gave to Sony……

Posted in 12 Days of Privacy, 201 CMR 17.00, Cybersecurity, Data Breach, Data Compliance & Security, Security

many more than six different hacks…….and headaches…… Written by Jonathan Ursprung With the holiday season in full swing, many of us are struggling with that age-old question: “what do you get for the person who has everything?”  Well, if that person happens to be your supreme leader, the answer may very well be “a massive download… Continue Reading

On the Third Day of Privacy, the Shareholders Gave to Me……

Posted in 12 Days of Privacy, Cybersecurity, Data Breach, Data Compliance & Security, Privacy Regulation, Security

…….Shareholder Proposals on Cybersecurity and Privacy: Another Country Heard From  Written by Megan Gates As the holiday season slips into the rear view mirror, another season looms large for public companies —- proxy season.  Adding to the ever-growing chorus of demands for increased transparency by public companies on cybersecurity and privacy matters, institutional shareholders have… Continue Reading

Privacy Monday: December 8, 2104 – The Twelve Days of Privacy 2014

Posted in 12 Days of Privacy, Cybersecurity, Data Compliance & Security, EU Data Protection Regulation, Insurance, Legislation, Mobile Privacy, Privacy Litigation, Privacy Monday, Privacy Regulation, Uncategorized

Our series last year was a reader favorite, so we decided to put our prognosticator hats on again and present:   Rather than look back at 2014, starting tomorrow, the Privacy & Security blog will count down The 12 Days of Privacy, looking ahead to what we might expect in 2015 and what we might… Continue Reading

Global Internet Threat Activity

Posted in Cybersecurity, Data Breach, Data Compliance & Security, Identity Theft, Security

Often, privacy and security professionals are seen as “paranoid” or “Chicken Little” ….. statistics are pointing to something that more closely resembles the canary in the coal mine. A new Internet Security Threat Report provides an overview and analysis of the year’s global internet threat activity. The report is based on data from the Symantec™… Continue Reading

A Different Kind of “Virus”: FDA Follows NIST Framework in Cybersecurity Guidance for Medical Devices

Posted in Cybersecurity, Data Compliance & Security, Security

Written by Joshua T.  Foust In past posts  we’ve taken a close look at the Framework for Improving Critical Infrastructure Cybersecurity put forth by the National Institute of Standards and Technology (NIST), exploring its wide-ranging implications for companies across a number of different industries.  As we’ve explained elsewhere, cybersecurity is an increasingly hot issue for agencies… Continue Reading