Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

Category Archives: Privacy Regulation

Subscribe to Privacy Regulation RSS Feed

Google, the House of Lords and the timing of the EU Data Protection Regulation

Posted in EU Data Protection Regulation, European Court of Justice, European Union, Privacy Regulation, Social Media

Written by Susan Foster, Solicitor England & Wales/Admitted in California  (LONDON) Could the European Court of Justice’s May 13, 2014 Google Spain decision delay the adoption of the EU Data Protection Regulation? In the Google Spain “Right to be Forgotten” case, the ECJ held that Google must remove links to a newspaper article containing properly… Continue Reading

Privacy Monday – August 18, 2014

Posted in Data Breach, Data Compliance & Security, Online Advertising, Privacy Monday, Privacy Regulation, Security

There is another retail data breach to talk about in this Privacy Monday post – privacy & security bits and bytes to start your week. Supermarket Chain Reports Data Breach Minnesota-based food retailer Supervalu Inc. has reported breach of its point-of-sale (POS) system, apparently by hackers.  A press release on the corporate website describes the… Continue Reading

Privacy Monday – August 11, 2014

Posted in Cybersecurity, Data Breach, Privacy Monday, Privacy Regulation, Security

    We are just two Mondays away from Labor Day, the traditional end of summer in the United States.  Here are some privacy tidbits to get your week started.  See especially Jake Romero’s piece on the new Delaware data destruction law.     Lack of Information on the Russian Hackers A company called Hold Security… Continue Reading

Honing in on the new rules for the transfer of personal data outside of the EEA

Posted in European Union, Privacy Regulation

Written by Susan Foster, Solicitor England & Wales/Admitted in California  (LONDON) Although no major legislative milestones for the EU Data Protection Regulation have occurred since March 2014 (see status update here), there has been some progress over the late spring and early summer of 2014.  One key item that will be of interest to US… Continue Reading

No news doesn’t mean it’s gone away: Timing Update for the EU Data Protection Regulation

Posted in EU Data Protection Regulation, European Union, Privacy Regulation, Uncategorized

Written by Susan Foster, Solicitor England & Wales/Admitted in California  (LONDON) With no major legislative milestones since the March 2014 EU Parliamentary vote endorsing the LIBE draft of the new Data Protection Legislation, observers from outside the EU might understandably wonder whether the legislative process has derailed somehow.  But it hasn’t – the train has… Continue Reading

COPPA Update: FTC Provides More Flexibility on Obtaining Verifiable Parental Consent

Posted in Children, Privacy Regulation

Written by Julia Siripurapu, CIPP/US Some clarification and a bit more flexibility was forthcoming late last week from the Federal Trade Commission to help ease compliance with the “new” COPPA. In its recent update to three FAQs in Section H (Verifiable Parental Consent) of the COPPA FAQs , the FTC provided important information on the topic of… Continue Reading

Changes in Breach Notification Risk Assessments Under HIPAA

Posted in Data Breach Notification, Data Compliance & Security, HIPAA/HITECH, Privacy Regulation

Reposted from Mintz Levin’s Health Law & Policy Matters blog The American Bar Association Health Law Section’s July 2014 eSource publication includes an article by Dianne Bourque, Kimberly Gold, and Stephanie Willis that provides examples of how risk assessments under the Breach Notification Rule have changed since the HIPAA Omnibus Rule went into effect in September 2013.   The examples analyzed… Continue Reading

Backlash Over Facebook Timeline Experiment Serves as a Reminder: User Expectations Still Trump Fine Print

Posted in Federal Trade Commission, Privacy Litigation, Privacy Regulation

Written by Jake Romero, CIPP If you are one of the approximately 1.3 billion people who use Facebook, you’ve likely experienced the phenomenon where a single event (like Luiz Suarez biting that Italian guy or pretty much anything involving TSA) manages to raise the ire of a large number of your Facebook friends, causing them… Continue Reading

Privacy Monday – June 30, 2014

Posted in Data Breach Notification, Privacy Monday, Privacy Regulation, Uncategorized

Not only the last Monday in June, but the last day of June.    There are quite a few privacy-related things taking effect tomorrow, July 1.   Some reminders: Florida Amendments to Data Breach Notification Law The Florida Information Protection Act of 2014 (“FIPA”) takes effect tomorrow.   The FIPA essentially repeals Florida’s existing data breach notification law and… Continue Reading

Five Lessons from OCR’s Report to Congress on Breaches and HIPAA Rules Compliance

Posted in Cybersecurity, Data Breach, Data Breach Notification, HIPAA/HITECH, Privacy Regulation, Security

Written by Stephanie D. Willis and Dianne J. Bourque (republished from Mintz Levin’s Health Law Policy Matters blog)   Last week, the HHS Office of Civil Rights (OCR) released two reports required by the Health Information Technology for Economic and Clinical Health (HITECH) Act: (i) the Annual Report to Congress on Breaches of Unsecured Protected Information… Continue Reading

Round Two for Snapchat: Agreement with the Maryland Attorney General Settling Claims of Consumer Deception and COPPA Violations

Posted in Children, Privacy Regulation

Written by Julia Siripurapu, CIPP Just a little over a month after settling charges of false promises of disappearing user messages (among other things) with the Federal Trade Commission (“FTC”), mobile app developer Snapchat, Inc. (“Snapchat” or “Company”) announced (blog post) that on June 12th  the Company entered into an agreement with the Office of… Continue Reading

Calling All Boards of Directors: Four Recommendations from the SEC

Posted in Cyber Risks Boardroom Series, Cybersecurity, Privacy Regulation

Written by Adam Veness SEC Commissioner Luis Aguilar recently spoke at the New York Stock Exchange Conference “Cyber Risks and the Boardroom.”  In his speech, Commissioner Aguilar emphasized the importance of cybersecurity and how fast the need for cybersecurity has grown in such a short time period, pointing out that U.S. companies experienced a 42%… Continue Reading

My company isn’t a search engine. Why should I care about Google Spain?

Posted in Data Breach, Data Compliance & Security, EU Data Protection Regulation, European Court of Justice, European Union, Legislation, Privacy Litigation, Privacy Regulation

Written by Susan Foster, Solicitor England & Wales/Admitted in California  (LONDON) Google – along with the rest of us – is still considering the implications of the European Court of Justice’s May 13, 2014 decision that Google must remove links to a newspaper article containing properly published information about a Spanish individual on the basis… Continue Reading

“Selfie” Assessment – 4 Key Lessons from Snapchat’s Settlement with the FTC

Posted in Data Breach, Federal Trade Commission, Privacy Regulation

Written by Jake Romero, CIPP/US As a country we are quickly approaching a time in which most adults will be disqualified from being elected to public office because of something they posted on their social media account while growing up.  Against this backdrop of over-sharing, Snapchat, Inc. won over the hearts of its users with… Continue Reading

Privacy Monday – May 12, 2014

Posted in Data Breach, Data Breach Notification, Data Compliance & Security, Privacy Monday, Privacy Regulation

Another busy week in the privacy/security world.  We have some bits and bytes to start your week: Verizon 2014 Data Breach Investigation Report – Something Old, Something New Verizon is out with its 2014 edition of the comprehensive Data Breach Investigation Report (DBIR).   You can get your copy here for your reading pleasure — or… Continue Reading

SEC Cybersecurity Initiative: Five Steps ALL Broker-Dealers and Investment Advisers Should be Taking

Posted in Cybersecurity, Privacy Regulation, Security

Originally posted on the Mintz Levin Securities Litigation Matters blog Written by Bret Leone-Quick, Cynthia Larose, CIPP, Chip Phinney and Joel Rothman Last week, the U.S. Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) released a Risk Alert announcing its Cybersecurity Initiative.    What does this mean to broker-dealers and investment advisers and, even… Continue Reading

The latest thinking from Europe (while we are waiting for the Regulation)

Posted in Data Compliance & Security, European Union, Privacy Regulation

Written by Susan Foster, Solicitor England & Wales/Admitted in California  (LONDON) Privacy practitioners from the US and Europe gathered in London on April 30 and May 1 to discuss current thinking about privacy policy, regulation and compliance at the IAPP’s European Data Protection Intensive conference. In the background to the current discussions, of course, we… Continue Reading

We have seen this movie before ….. and we all should know that it does not end well.

Posted in Data Breach, HIPAA/HITECH, Privacy Regulation

This was originally posted on Mintz Levin’s Health Law & Policy Matters blog: Written by: Kimberly J. Gold How much is the cost of doing nothing when it comes to encryption of sensitive data?   In the case of electronic protected health information, about $2 million. Two companies have been hit with fines equaling a total of almost… Continue Reading

FTC Updates COPPA FAQs to Address Education Space

Posted in Children, Privacy Regulation

Written by Julia Siripurapu, CIPP The FTC has just published updates to the COPPA FAQs, the Commission’s compliance guide for businesses and consumers, to address the applicability of COPPA and the Amended COPPA Rule to educational institutions and businesses that provide online services, including mobile apps, to educational institutions. The “COPPA and Schools” FAQs cover in… Continue Reading

Target Becomes a Target: Proposed California Bill Aims to Make Retailers Liable for Data Breach Incidents

Posted in Data Breach, Data Breach Notification, Privacy Regulation

Written by Jake Romero, CIPP/US Following a string of high-profile data breaches and new data suggesting that approximately 21.3 million customer accounts have been exposed by data breach incidents over the past two years, the California legislature has introduced legislation aimed at making retailers responsible for certain costs in connection with data breach incidents.  If… Continue Reading

New Draft Processor to Sub-processor Model Clauses (Art. 29 Working Party)

Posted in Cloud Computing, European Union, Privacy Regulation

Written by Susan Foster, Solicitor England & Wales/Admitted in California  (LONDON) The Art. 29 Working Party, a key advisory body to the EU Commission, recently proposed draft model clauses to cover the transfer of personal data from EEA data processors to non-EEA sub-processors. The draft model clauses have the potential to bring greater certainty to… Continue Reading

Over 20 Million Customer Accounts Affected by Data Breaches in California; Attorney General Harris Promises Increased Enforcement

Posted in Cybersecurity, Data Breach, Privacy Regulation

Written by Jake Romero, CIPP/US When you think of catastrophic events that take place online and have a devastating effect on millions of people, you probably think of HBO Go crashing during the True Detective finale.  However, California Attorney General Kamala Harris wants to remind you that you should be thinking about data breaches.  New… Continue Reading

Privacy Monday – March 10, 2014

Posted in Cybersecurity, Privacy Monday, Privacy Regulation

We hope that you remembered to “spring forward” over the weekend — Today’s Privacy Monday is a bit longer than usual – but an important read, particularly if you are a mobile app developer. California Public Utilities Commission Declines to Develop New Regulations and Standards for Wireless Carriers and Mobile App Providers  . . …. Continue Reading

Risky Business: Target Discloses Data Breach and New Risk Factors in 8-K Filing… Kind Of

Posted in Data Breach, Data Breach Notification, Privacy Regulation

Written by Adam Veness After Target Corporation’s (NYSE: TGT) net earnings dropped 46% in its fourth quarter compared to the same period last year, Target finally answered the 441 million dollar question – To 8-K, or not to 8-K?  Target filed its much anticipated Current Report on Form 8-K on February 26th, just over two… Continue Reading