Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

Category Archives: Data Compliance & Security

Subscribe to Data Compliance & Security RSS Feed

NIST Issues Draft Report Enumerating Risks and Protections to Consider When Evaluating Mobile Apps for Your Enterprise

Posted in Cybersecurity, Data Compliance & Security, Mobile Privacy

Written by:  Stephanie D. Willis  As the world recovers from the excitement leading up to Tuesday’s Apple Live Event announcement of the new iPhone 6 and Apple Watch, mobile app developers are chomping at the bit to create software that leverages the new operating system and Apple’s widely-anticipated “HealthKit,” a purportedly secure platform that allows… Continue Reading

NIST Seeks Comments on Cybersecurity Framework

Posted in Cybersecurity, Data Compliance & Security

The National Institute of Standards and Technology (NIST), publishers of the Framework for Improving Critical Infrastructure Cybersecurity (the “Framework”) last February, have published a Request for Information in the Federal Register seeking comments on industry experience with the Framework to date.  Comments are solicited in three areas:  the current awareness of the existence and content… Continue Reading

Data Privacy and Security Roundtable: Anticipating the Inevitable

Posted in Cybersecurity, Data Breach, Data Breach Notification, Data Compliance & Security, Events and Webinars

Technology, retail, medical, financial services, education ….. and more experience data losses on a daily basis through employee negligence, poor controls, insider attacks, advanced persistent threats from malevolent outsiders or computer viruses. Join Mintz Levin Privacy team members and other privacy and security experts in San Francisco on September 30 for a roundtable discussion of… Continue Reading

Wearable Devices in the Workplace Challenge Data Security and Privacy

Posted in Cybersecurity, Data Compliance & Security, Employee Privacy

  Wearable devices, including health and activity monitors, video and audio recorders, location trackers, and other interconnected devices in the form of watches, wristbands, glasses, rings, bracelets, belts, gloves, earrings and shoes are being heavily promoted in the next wave of consumer electronics. It is estimated that 90 million wearable data devices (“WDD”) will be… Continue Reading

Privacy Monday – August 18, 2014

Posted in Data Breach, Data Compliance & Security, Online Advertising, Privacy Monday, Privacy Regulation, Security

There is another retail data breach to talk about in this Privacy Monday post – privacy & security bits and bytes to start your week. Supermarket Chain Reports Data Breach Minnesota-based food retailer Supervalu Inc. has reported breach of its point-of-sale (POS) system, apparently by hackers.  A press release on the corporate website describes the… Continue Reading

Changes in Breach Notification Risk Assessments Under HIPAA

Posted in Data Breach Notification, Data Compliance & Security, HIPAA/HITECH, Privacy Regulation

Reposted from Mintz Levin’s Health Law & Policy Matters blog The American Bar Association Health Law Section’s July 2014 eSource publication includes an article by Dianne Bourque, Kimberly Gold, and Stephanie Willis that provides examples of how risk assessments under the Breach Notification Rule have changed since the HIPAA Omnibus Rule went into effect in September 2013.   The examples analyzed… Continue Reading

Privacy Monday – June 23, 2014

Posted in Cybersecurity, Data Breach, Data Compliance & Security, Privacy Monday

DC Update from Politico Morning Tech “DATA BREACH DRAFT DELAYED – The thorny issue of FTC enforcement has slowed efforts to release a draft of Rep. Lee Terry’s data breach bill, according to sources close to the process. Terry had hoped to release the draft he’s been working on with Democrats John Dingell and Peter… Continue Reading

My company isn’t a search engine. Why should I care about Google Spain?

Posted in Data Breach, Data Compliance & Security, EU Data Protection Regulation, European Court of Justice, European Union, Legislation, Privacy Litigation, Privacy Regulation

Written by Susan Foster, Solicitor England & Wales/Admitted in California  (LONDON) Google – along with the rest of us – is still considering the implications of the European Court of Justice’s May 13, 2014 decision that Google must remove links to a newspaper article containing properly published information about a Spanish individual on the basis… Continue Reading

Privacy Monday – May 12, 2014

Posted in Data Breach, Data Breach Notification, Data Compliance & Security, Privacy Monday, Privacy Regulation

Another busy week in the privacy/security world.  We have some bits and bytes to start your week: Verizon 2014 Data Breach Investigation Report – Something Old, Something New Verizon is out with its 2014 edition of the comprehensive Data Breach Investigation Report (DBIR).   You can get your copy here for your reading pleasure — or… Continue Reading

Regulators Speak at IAPP Breakfast Meeting in NYC

Posted in Cybersecurity, Data Breach, Data Compliance & Security, Federal Trade Commission

Written by Andowah Newton Some important takeaways to start your weekend: Data Breach Incidents—Especially “Ransom” Incidents, are on the Rise—One panelist observed that the New York State Attorney General’s Office received reports of approximately 900 data breach incidents during the past year alone.  There has been a significant increase in reports of “ransom” incidents, in… Continue Reading

The latest thinking from Europe (while we are waiting for the Regulation)

Posted in Data Compliance & Security, European Union, Privacy Regulation

Written by Susan Foster, Solicitor England & Wales/Admitted in California  (LONDON) Privacy practitioners from the US and Europe gathered in London on April 30 and May 1 to discuss current thinking about privacy policy, regulation and compliance at the IAPP’s European Data Protection Intensive conference. In the background to the current discussions, of course, we… Continue Reading

Privacy Monday – April 28, 2014

Posted in Cybersecurity, Data Compliance & Security, Privacy Monday

For the last Monday in April, we have a few privacy and security bits and bytes to start your week. Trending Now – 5 Things Every Company’s Data Security Program Should Include JD Supra Perspectives has published a short article (disclosure: quoting this author) that can get people talking this week. Get it here and circulate… Continue Reading

NYC Women in Intellectual Property Discuss Cybersecurity

Posted in Cybersecurity, Data Breach, Data Compliance & Security, European Union, Federal Trade Commission

Written by Andowah Newton Yesterday, Mintz Levin attended a panel breakfast sponsored by the New York City Bar’s Committee on Women in Intellectual Property.  The panel featured two practitioners, one from the public sector and one from the private sector.  The panel was moderated by Karen Greenberg, Director at Fordham Law’s Center.   Some takeaways that we… Continue Reading

Privacy Monday – March 24, 2014

Posted in Cybersecurity, Data Breach, Data Compliance & Security, Privacy Monday

Welcome to March Madness — although if your brackets look anything like mine do this morning, it is not particularly “welcome.”   Let’s just say that there is no danger of my winning Warren Buffet’s $1 billion. Privacy and cybersecurity continue to be hot topics and the breaches roll on.   Here are some privacy and security… Continue Reading

Data: Big, Borderless and Beyond Control? Five Things You Can Do

Posted in Cybersecurity, Data Breach, Data Compliance & Security, Employee Privacy, Security

Written by Amy Malone There’s been a lot of talk about big data over the last few years and the breaches at Target and Neiman Marcus have many companies running in circles trying to figure out how to protect their systems and their data.  So what are some of the big issues in our current… Continue Reading

Complaint from BBB Triggers HarperCollins COPPA-Compliance Measures

Posted in Children, Data Compliance & Security, Online Advertising

Written by Julia Siripurapu The Children’s Advertising Review Unit (CARU) announced (press release) that  it has recommended that HarperCollins Publishers Ltd. (the “Company”) modify its information collection practices on its Ruby Redfort child-directed website (the “Site”) to better protect the privacy of children under 13  (“Children”) and that the  Company has agreed to do so…. Continue Reading

California Moves to Restrict Collection of Consumer Personal Information Online: the Process, History and Politics Behind Senate Bill 383

Posted in Data Compliance & Security, Legislation, Privacy Litigation, Privacy Regulation

Written by Jake Romero The California Senate has passed a bill restricting the information that certain online retailers can collect in connection with consumer purchases.  Senate Bill 383 would amend Sections 1747.02 and 1747.08 of the California Civil Code to address the collection of customer information in connection with credit card purchases in online transactions… Continue Reading

Federal IT Acquisition Policy Recommendations Focus on Cybersecurity

Posted in Cybersecurity, Data Compliance & Security

The Department of Defense and the General Services Administration, which together spend more than $500 billion annually on information technology, have released a joint report to the White House recommending steps to upgrade the cybersecurity requirements of acquisitions of information technology and services throughout the federal government.  These recommendations will affect not only suppliers to… Continue Reading

Look North, Marketers – Canadian Anti-Spam Law is Coming

Posted in Data Compliance & Security, Privacy Regulation

Written by Cynthia Larose The US CAN-SPAM Act is old hat for marketers in the US.    But it is time to revisit email marketing compliance programs if you send email north of the US border.  Canada’s anti-spam law (known as “CASL”) has been debated for years but is finally coming into effect.   Industry Canada released its… Continue Reading

On the 9th Day of Privacy, the European Union Gave to Me . . .

Posted in Data Breach Notification, Data Compliance & Security, Employee Privacy, European Union, Legislation, Privacy Regulation

. . .  a delayed delivery notice for the biggest package of the holiday season! Written by Susan Foster, Solicitor, England & Wales/Admitted in California, CIPP-E (LONDON) Major changes are on the way in Europe that will have a significant impact on companies anywhere in the world that collect or process personal data of residents… Continue Reading

On the Fourth Day of Privacy, the Internet gave to me….

Posted in Data Compliance & Security, Federal Trade Commission

Editor’s comment:  Today’s version of “four calling birds” might look more like: your refrigerator, your smartphone, your home security system and your energy management system…..all connected to the Internet of Things Written by Jonathan Cain, CIPP/G Web cameras, burglar alarms, fitness monitors, smartphones, and a host of other internet connected devices all have the potential to… Continue Reading

DoD Requires Safeguarding Technical Data

Posted in Cybersecurity, Data Compliance & Security, Security

The Department of Defense (DoD) has published its new final rule governing the security measures imposed on DoD unclassified technical information resident on or passing through the unclassified information systems of its contractors and subcontractors. This final rule will require contractors to safeguard unclassified controlled technical information and to report the compromise of such information… Continue Reading