Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

Category Archives: Data Compliance & Security

Subscribe to Data Compliance & Security RSS Feed

Changes in Breach Notification Risk Assessments Under HIPAA

Posted in Data Breach Notification, Data Compliance & Security, HIPAA/HITECH, Privacy Regulation

Reposted from Mintz Levin’s Health Law & Policy Matters blog The American Bar Association Health Law Section’s July 2014 eSource publication includes an article by Dianne Bourque, Kimberly Gold, and Stephanie Willis that provides examples of how risk assessments under the Breach Notification Rule have changed since the HIPAA Omnibus Rule went into effect in September 2013.   The examples analyzed… Continue Reading

Privacy Monday – June 23, 2014

Posted in Cybersecurity, Data Breach, Data Compliance & Security, Privacy Monday

DC Update from Politico Morning Tech “DATA BREACH DRAFT DELAYED – The thorny issue of FTC enforcement has slowed efforts to release a draft of Rep. Lee Terry’s data breach bill, according to sources close to the process. Terry had hoped to release the draft he’s been working on with Democrats John Dingell and Peter… Continue Reading

My company isn’t a search engine. Why should I care about Google Spain?

Posted in Data Breach, Data Compliance & Security, EU Data Protection Regulation, European Court of Justice, European Union, Legislation, Privacy Litigation, Privacy Regulation

Written by Susan Foster, Solicitor England & Wales/Admitted in California  (LONDON) Google – along with the rest of us – is still considering the implications of the European Court of Justice’s May 13, 2014 decision that Google must remove links to a newspaper article containing properly published information about a Spanish individual on the basis… Continue Reading

Privacy Monday – May 12, 2014

Posted in Data Breach, Data Breach Notification, Data Compliance & Security, Privacy Monday, Privacy Regulation

Another busy week in the privacy/security world.  We have some bits and bytes to start your week: Verizon 2014 Data Breach Investigation Report – Something Old, Something New Verizon is out with its 2014 edition of the comprehensive Data Breach Investigation Report (DBIR).   You can get your copy here for your reading pleasure — or… Continue Reading

Regulators Speak at IAPP Breakfast Meeting in NYC

Posted in Cybersecurity, Data Breach, Data Compliance & Security, Federal Trade Commission

Written by Andowah Newton Some important takeaways to start your weekend: Data Breach Incidents—Especially “Ransom” Incidents, are on the Rise—One panelist observed that the New York State Attorney General’s Office received reports of approximately 900 data breach incidents during the past year alone.  There has been a significant increase in reports of “ransom” incidents, in… Continue Reading

The latest thinking from Europe (while we are waiting for the Regulation)

Posted in Data Compliance & Security, European Union, Privacy Regulation

Written by Susan Foster, Solicitor England & Wales/Admitted in California  (LONDON) Privacy practitioners from the US and Europe gathered in London on April 30 and May 1 to discuss current thinking about privacy policy, regulation and compliance at the IAPP’s European Data Protection Intensive conference. In the background to the current discussions, of course, we… Continue Reading

Privacy Monday – April 28, 2014

Posted in Cybersecurity, Data Compliance & Security, Privacy Monday

For the last Monday in April, we have a few privacy and security bits and bytes to start your week. Trending Now – 5 Things Every Company’s Data Security Program Should Include JD Supra Perspectives has published a short article (disclosure: quoting this author) that can get people talking this week. Get it here and circulate… Continue Reading

NYC Women in Intellectual Property Discuss Cybersecurity

Posted in Cybersecurity, Data Breach, Data Compliance & Security, European Union, Federal Trade Commission

Written by Andowah Newton Yesterday, Mintz Levin attended a panel breakfast sponsored by the New York City Bar’s Committee on Women in Intellectual Property.  The panel featured two practitioners, one from the public sector and one from the private sector.  The panel was moderated by Karen Greenberg, Director at Fordham Law’s Center.   Some takeaways that we… Continue Reading

Privacy Monday – March 24, 2014

Posted in Cybersecurity, Data Breach, Data Compliance & Security, Privacy Monday

Welcome to March Madness — although if your brackets look anything like mine do this morning, it is not particularly “welcome.”   Let’s just say that there is no danger of my winning Warren Buffet’s $1 billion. Privacy and cybersecurity continue to be hot topics and the breaches roll on.   Here are some privacy and security… Continue Reading

Data: Big, Borderless and Beyond Control? Five Things You Can Do

Posted in Cybersecurity, Data Breach, Data Compliance & Security, Employee Privacy, Security

Written by Amy Malone There’s been a lot of talk about big data over the last few years and the breaches at Target and Neiman Marcus have many companies running in circles trying to figure out how to protect their systems and their data.  So what are some of the big issues in our current… Continue Reading

Complaint from BBB Triggers HarperCollins COPPA-Compliance Measures

Posted in Children, Data Compliance & Security, Online Advertising

Written by Julia Siripurapu The Children’s Advertising Review Unit (CARU) announced (press release) that  it has recommended that HarperCollins Publishers Ltd. (the “Company”) modify its information collection practices on its Ruby Redfort child-directed website (the “Site”) to better protect the privacy of children under 13  (“Children”) and that the  Company has agreed to do so…. Continue Reading

California Moves to Restrict Collection of Consumer Personal Information Online: the Process, History and Politics Behind Senate Bill 383

Posted in Data Compliance & Security, Legislation, Privacy Litigation, Privacy Regulation

Written by Jake Romero The California Senate has passed a bill restricting the information that certain online retailers can collect in connection with consumer purchases.  Senate Bill 383 would amend Sections 1747.02 and 1747.08 of the California Civil Code to address the collection of customer information in connection with credit card purchases in online transactions… Continue Reading

Federal IT Acquisition Policy Recommendations Focus on Cybersecurity

Posted in Cybersecurity, Data Compliance & Security

The Department of Defense and the General Services Administration, which together spend more than $500 billion annually on information technology, have released a joint report to the White House recommending steps to upgrade the cybersecurity requirements of acquisitions of information technology and services throughout the federal government.  These recommendations will affect not only suppliers to… Continue Reading

Look North, Marketers – Canadian Anti-Spam Law is Coming

Posted in Data Compliance & Security, Privacy Regulation

Written by Cynthia Larose The US CAN-SPAM Act is old hat for marketers in the US.    But it is time to revisit email marketing compliance programs if you send email north of the US border.  Canada’s anti-spam law (known as “CASL”) has been debated for years but is finally coming into effect.   Industry Canada released its… Continue Reading

On the 9th Day of Privacy, the European Union Gave to Me . . .

Posted in Data Breach Notification, Data Compliance & Security, Employee Privacy, European Union, Legislation, Privacy Regulation

. . .  a delayed delivery notice for the biggest package of the holiday season! Written by Susan Foster, Solicitor, England & Wales/Admitted in California, CIPP-E (LONDON) Major changes are on the way in Europe that will have a significant impact on companies anywhere in the world that collect or process personal data of residents… Continue Reading

On the Fourth Day of Privacy, the Internet gave to me….

Posted in Data Compliance & Security, Federal Trade Commission

Editor’s comment:  Today’s version of “four calling birds” might look more like: your refrigerator, your smartphone, your home security system and your energy management system…..all connected to the Internet of Things Written by Jonathan Cain, CIPP/G Web cameras, burglar alarms, fitness monitors, smartphones, and a host of other internet connected devices all have the potential to… Continue Reading

DoD Requires Safeguarding Technical Data

Posted in Cybersecurity, Data Compliance & Security, Security

The Department of Defense (DoD) has published its new final rule governing the security measures imposed on DoD unclassified technical information resident on or passing through the unclassified information systems of its contractors and subcontractors. This final rule will require contractors to safeguard unclassified controlled technical information and to report the compromise of such information… Continue Reading

On the Second Day of Privacy, California Gave to Me……

Posted in Children, Data Breach Notification, Data Compliance & Security, Legislation, Privacy Regulation

Well, the headlines don’t exactly work with the traditional tune, but blame the editor for that….. Written by Jake Romero, CIPP/US 2013 was a busy year for California.  We passed a budget with a surplus, let Kim and Kanye get engaged in one of our stadiums and panicked over possibly losing Sriracha sauce.  At the… Continue Reading

European Commission Proposes New Ground Rules for US Safe Harbor

Posted in Data Compliance & Security, European Union, Legislation

Written by Susan Foster, Solicitor England & Wales/Admitted in California (LONDON) The European Commission, which has the authority to make changes to the US Safe Harbor program, has published a paper titled “Rebuilding Trust in EU-US Data Flows” that sets out the changes that the Commission would like to see the US adopt.  While it… Continue Reading

Google pays BIG to state Attorney Generals for Improper Consumer Tracking

Posted in Class Action Litigation, Data Compliance & Security, Federal Trade Commission, Privacy Litigation, Privacy Regulation

Written by Julia Siripurapu Earlier this month, Google, Inc. (“Google” or “Company”) entered into an  agreement with the Attorney Generals of 37 states and the District of Columbia, settling allegations of violation of  the participating states’ consumer protection or applicable computer abuse statutes (the “Settlement Agreement”). Here’s what got the tech giant in trouble: Google… Continue Reading

Privacy Monday: October 28, 2103 — NIST Cybersecurity “Framework” Published for Comment

Posted in Cybersecurity, Data Compliance & Security, Privacy Monday

Written by Jonathan Cain The National Institute of Standards and Technology (NIST) has published its preliminary cybersecurity “Framework” that it was directed to develop in Executive Order 13636. The Executive Order requires that NIST develop and publish a cybersecurity Framework to protect national critical infrastructure through a “prioritized, flexible, repeatable, performance-based, and cost-effective approach, including information… Continue Reading

FTC and the “Internet of Things”: Franchisor on the hook

Posted in Data Compliance & Security, Federal Trade Commission, Privacy Regulation

Written by Amy Malone Last fall the Federal Trade Commission brought cases against a software developer and rent-to-own stores that secretly monitored people in their homes.  The developer provided the stores with software that had a “Detective Mode” that once enabled allowed the stores to log key strokes, capture screen shots, take pictures using the… Continue Reading

Key EU Parliament Committee Endorses Revised Draft of Data Protection Regulation

Posted in Data Compliance & Security, European Union, Legislation

Written by Susan Foster, Solicitor England & Wales/Admitted in California (LONDON) As widely expected, the European Parliament’s Committee on  Civil Liberties, Justice and Home Affairs (LIBE) voted today in favor of a revised, even tougher draft of the Data Protection Regulation that will (if finally adopted) replace the EU’s current laws regarding the collection and… Continue Reading