Written by Jake Romero Do you ever find yourself worrying that, given the types of things minors deem appropriate to post on social networking Web sites like Facebook and Twitter, our country won’t be able to produce an electable candidate for president in 40 years? If so, you’ll be glad to know that the California… Continue Reading
Category Archives: Privacy Regulation
Subscribe to Privacy Regulation RSS FeedJuly 1 COPPA Compliance Deadline is Approaching
Posted in Children, Federal Trade Commission, Privacy RegulationWritten by Julia Siripurapu Today, the FTC sent more than ninety (90) “educational” letters to domestic and foreign businesses whose Web sites and online services (including mobile apps) appear to collect personal information from children that are 12 years old and under, in an attempt to help the businesses come into compliance with the amendments… Continue Reading
Enter, the APPS Act
Posted in Mobile Privacy, Privacy RegulationWritten by Amy Malone U.S. Rep. Hank Johnson, a Democrat from Georgia, has introduced a mobile privacy bill that if passed will require mobile application developers to maintain privacy policies, obtain consent from consumers before collecting data, and securely maintain the data they collect. The Application Privacy, Protection and Security Act of 2013, or the… Continue Reading
EU Data Protection Regulation: and the horizon recedes again . . .
Posted in European Union, Legislation, Privacy RegulationWritten by Susan Foster, Solicitor England & Wales/Admitted in California (LONDON) We recently wrote that a crucial committee vote on the new EU Data Protection Regulation had been pushed back until May 29-30. The vote has been delayed again until an unspecified future date, although Jan Phillip Albrecht, the MEP who is one of the… Continue Reading
FTC on COPPA: No Delay
Posted in Children, Federal Trade Commission, Privacy RegulationThis afternoon, the Federal Trade Commission (FTC) unanimously rejected requests from industry organizations to delay the July 1 date for compliance with the amendments to the Children’s Online Privacy Protection Act (COPPA). In its response letter, the Commission noted that the updated rule has been in the works for three years and the July… Continue Reading
UPDATE: About California’s Right to Know Act — Silicon Valley No Longer Worried
Posted in Privacy RegulationWe just wrote the other day about the proposed California Right to Know Act – There is breaking news today out of Sacramento that Assemblywoman Bonnie Lowenthal has withdrawn her bill. For more, see “Silicon Valley tech firms win privacy battle” And more here
Understanding HIPAA: OCR Publishes New Provider and Consumer Guides
Posted in HIPAA/HITECH, Privacy RegulationWritten by Kimberly Gold (Originally posted in Mintz Levin’s Health Law Policy Matters blog) Understanding the complexities of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules is often a challenge for health care providers and consumers. Recognizing the widespread confusion surrounding the interpretation of the rules, the U.S. Department… Continue Reading
About California’s Right to Know Act of 2013 – What, Me Worry?
Posted in Privacy RegulationWritten by Jake Romero If you got Google, Facebook and Microsoft into a room and asked them to compile a list of things that they are most afraid of, that list would probably look something like this: Bees Getting into a Twitter fight with a Justin Bieber fan California’s Right to Know Act of 2013… Continue Reading
War of Words Regarding Implementation of Amendments to COPPA – UPDATE
Posted in Children, Federal Trade Commission, Privacy RegulationUPDATE — The Federal Trade Commission has published its promised COPPA FAQs here. Volley #1 – Trade Associations to FTC: Please Delay! The long-awaited amendments to the Children’s Online Privacy Protection Act (COPPA) have been the subject of much discussion and debate. Last week, Federal Trade Commission (FTC) Chairwoman Edith Ramirez received letters… Continue Reading
“Red Flag” Compliance Requirements Come to Investment Advisors, Broker-Dealers – UPDATE
Posted in Data Compliance & Security, Identity Theft, Privacy RegulationUPDATE: We have prepared a detailed Client Alert as a guide to getting started with these new Red Flag Rules and compliance obligations. You can read it here. It has been several years since the Federal Trade Commission’s Red Flag Rule took effect; and the banking regulators have had the Red Flag… Continue Reading
EU versus Google: A test case for the viability of a global data protection policy?
Posted in European Union, Privacy RegulationWritten by Susan Foster, Solicitor England & Wales/Admitted in California (LONDON) The EU has escalated its existing investigation of Google’s global privacy policy, a policy covering all of Google’s services that was introduced by Google last year. Up until April 3, the French data protection authority, CNIL, had effectively been tasked with engaging with Google… Continue Reading
Countdown Begins for HIPAA Omnibus Rule Compliance
Posted in Data Breach Notification, Data Compliance & Security, HIPAA/HITECH, Privacy RegulationWritten by Dianne J. Bourque and Stephanie D. Willis The HIPAA Omnibus Rule goes into effect today, which officially starts the clock for covered entities, business associates, and their subcontractors to begin updating their agreements, forms, policies, procedures, and practices to meet approaching compliance deadlines. Business Associate Agreement (BAA) and Data Use Agreement (DUA) compliance… Continue Reading
FTC Staff Report Shines a Light on the Treacherous Road Ahead for Mobile Payments
Posted in Data Compliance & Security, Privacy Regulation, SecurityWritten by Jake Romero Perhaps we are being cynical, but if we imagine the current conversation between consumers and the makers of mobile payment applications, it would be something along the lines of: Mobile Payment Industry: “Hello Consumer, would you like to start using your mobile device to transmit payments and make purchases?” Consumer: “Thank… Continue Reading
Activity at the Federal Trade Commission
Posted in Federal Trade Commission, Privacy Litigation, Privacy RegulationWritten by Amy Malone There is much going on at the Federal Trade Commission (FTC) these days, particularly in the privacy arena. In addition to the settlements discussed below, today the White House confirmed that President Obama will nominate Edith Ramirez as Chair of the FTC, replacing outgoing Chairman Jon Leibowitz. Path Settlement: Path, a… Continue Reading
The New HIPAA Omnibus Rule & Your Liability — A Detailed Review
Posted in Data Breach Notification, Data Compliance & Security, HIPAA/HITECH, Privacy RegulationBy Alden J. Bianchi, Dianne J. Bourque, Kimberly J. Gold, and Cynthia J. Larose As we have reported in this blog (here, here, here, here, and here), the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently released final regulations containing modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules (Omnibus… Continue Reading
Detailed Summary of Cybersecurity Executive Order
Posted in Privacy Regulation, SecurityOur colleagues in our Washington, DC office have prepared a detailed summary of the President’s Cybersecurity Executive Order. Read Summary of Final Cybersecurity Executive Order
REMINDER — Webinar: The New HIPAA Omnibus Rule and Your Liability: TOMORROW
Posted in HIPAA/HITECH, Legislation, Privacy RegulationDon’t forget to register! Mintz Levin is presenting a webinar on January 30,2013 to discuss the impact of the HIPAA Omnibus Rule - the first, sweeping overhaul of the HIPAA privacy and security rules in a decade. Covered entities will want to participate to catch up on the finer details. Business associates and downstream entities – e.g., subcontractors, cloud providers, data storage… Continue Reading
OCR Releases Sample Business Associate Agreement Provisions
Posted in Data Breach Notification, Data Compliance & Security, HIPAA/HITECH, Privacy RegulationWritten By Kimberly Gold The Department of Health and Human Services, Office for Civil Rights (OCR) has posted on its website sample business associate agreement provisions to help covered entities and business associates comply with the new business associate agreement requirements under the final HIPAA Omnibus Rule. The HIPAA Omnibus Rule modified the minimum required… Continue Reading
Data Privacy Day 2013 Post #3 — Look out for the Maryland Privacy Police!
Posted in Data Compliance & Security, Legislation, Privacy RegulationMaryland’s Attorney General, Douglas Gansler, announced today that Maryland has a new Internet Privacy Unit to monitor the data collection practices of online companies. According to the Attorney General’s press release, the Internet Privacy Unit will monitor companies to ensure they are in compliance with state and federal consumer protection laws, including the Children’s Online Privacy… Continue Reading
Data Privacy Day 2013 – Tip #2 – Dust off your information security policy (or start putting one in place…)
Posted in Data Breach, Data Breach Notification, Data Compliance & Security, Privacy Regulation, SecurityWritten by Amy Malone Do you have a comprehensive information security program? Many businesses are still operating without one, leaving them open to preventable data breaches. The importance of info security programs was yet again underscored by the recent settlement between Cbr Systems and the Federal Trade Commission regarding a breach that affected 300,000 consumers…. Continue Reading
Canada’s Anti-Spam Law is a Step Closer
Posted in Privacy RegulationUS marketers who have been paying attention to anti-spam developments north of the border are concerned about proposed new Canadian regulations. If you have not been paying attention, it’s probably time that you did. We have a guest post today discussing the progress of those regulations. CANADA’S ANTI-SPAM LAW IS A STEP CLOSER Written by: ARIANE… Continue Reading
The Sony data breach fine: A hand-slap from London now, but what would it have been under the proposed new EU Data Protection Regulation?
Posted in Data Breach, Data Breach Notification, European Union, Privacy RegulationWritten by Sue Foster, Mintz Levin – London The UK Information Commissioner’s Office (ICO) has fined Sony £250,000 for the widely publicized 2011 security breach during (see here, here, and here) which hackers gained access to personal data (including credit card information) of over 77 million users. For a company of Sony’s size, £250,000 is a hand-slap —… Continue Reading
Webinar: The New HIPAA Omnibus Rule and Your Liability
Posted in HIPAA/HITECH, Privacy RegulationMintz Levin is presenting a webinar on January 30,2013 to discuss the impact of the HIPAA Omnibus Rule – the first, sweeping overhaul of the HIPAA privacy and security rules in a decade. Covered entities will want to participate to catch up on the finer details. Business associates and downstream entities – e.g., subcontractors, cloud… Continue Reading
HIPAA Omnibus Rule Reference Chart
Posted in HIPAA/HITECH, Privacy RegulationBy Dianne J. Bourque, Kimberly J. Gold, Ellen L. Janos, Julie K. Lappas, James Sasso, Kate F. Stewart, and Stephanie D. Willis Mintz Levin is pleased to provide this section-by-section analysis of the HIPAA Omnibus Rule. The chart lists provisions of the proposed privacy, security, and enforcement rules mandated by the Health Information Technology for… Continue Reading
