Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

Privacy Regulation

Subscribe to Privacy Regulation RSS Feed

On The Eighth Day of Privacy, Health Care Systems (Over)Shared Data

Posted in 12 Days of Privacy, HIPAA/HITECH, Privacy Regulation

When is “sharing” too much of a good thing?  And will it get worse for health care systems in 2015?  Read on….. Written by Stephanie D. Willis Data sharing has become a point of sharp focus in the efforts to improve the quality and efficiency of health services in the United States.  Given all that has… Continue Reading

On the Seventh Day of Privacy, federal agencies gave to me…..

Posted in 12 Days of Privacy, Cybersecurity, Data Breach Notification, Federal Trade Commission, Privacy Regulation

Questions of Authority – who will be the federal regulatory cop on the privacy beat?  FTC?   FCC?  Privacy, Data Security Jurisdiction Questions to the Forefront in 2015 Written by Christopher Harvie As privacy and data security gain more visibility among policy-makers, questions of federal agency authority and jurisdiction are also gaining a higher profile. Since… Continue Reading

On the Fifth Day of Privacy, California (and Delaware) gave to me

Posted in 12 Days of Privacy, Children, Cloud Computing, Data Breach Notification, Legislation, Privacy Regulation

sing it with me now…. Five Golden Rules…….(well, five new privacy laws/requirements) There are five significant new privacy laws/amendments that will be effective as of New Year’s Day — January 1, 2015 — and four are from California.    Pull up a chair, brew that cup of tea.  It’s time to review and prepare.

On the Third Day of Privacy, the Shareholders Gave to Me……

Posted in 12 Days of Privacy, Cybersecurity, Data Breach, Data Compliance & Security, Privacy Regulation, Security

…….Shareholder Proposals on Cybersecurity and Privacy: Another Country Heard From  Written by Megan Gates As the holiday season slips into the rear view mirror, another season looms large for public companies —- proxy season.  Adding to the ever-growing chorus of demands for increased transparency by public companies on cybersecurity and privacy matters, institutional shareholders have… Continue Reading

Privacy Monday: December 8, 2104 – The Twelve Days of Privacy 2014

Posted in 12 Days of Privacy, Cybersecurity, Data Compliance & Security, EU Data Protection Regulation, Insurance, Legislation, Mobile Privacy, Privacy Litigation, Privacy Monday, Privacy Regulation, Uncategorized

Our series last year was a reader favorite, so we decided to put our prognosticator hats on again and present:   Rather than look back at 2014, starting tomorrow, the Privacy & Security blog will count down The 12 Days of Privacy, looking ahead to what we might expect in 2015 and what we might… Continue Reading

EU sets sights on Google.com search results

Posted in EU Data Protection Regulation, European Union, Privacy Regulation, Social Media

Written by Susan Foster, Solicitor England & Wales/Admitted in California  (LONDON) The highly influential Article 29 Working Party, composed in part of representatives of the EU’s national data protection offices, has announced that the right to be forgotten applies to .com as well as country-specific search results. The Google Spain decision (discussed here) held that… Continue Reading

Notes from the Joint OCR/NIST HIPAA Security Conference

Posted in Cybersecurity, HIPAA/HITECH, Privacy Regulation, Security

Written by:  Dianne Bourque, Kimberly Gold, Kate Stewart, and Stephanie D. Willis  (original post in Mintz Levin’s Health Law & Policy Matters blog) As a service to our readers, we have distilled last week’s joint HHS Office of Civil Rights (OCR) andNational Institute of Standards in Technology (NIST) conference, “Safeguarding Health Information: Building Assurance through HIPAA Security” into three phrases:  (i) risk assessment, (ii)… Continue Reading

UK Information Commissioner’s Office Launches Consultation on Privacy Seal Program

Posted in European Union, Privacy Regulation

Written by Susan Foster, Solicitor England & Wales/Admitted in California  (LONDON) The UK’s Information Commissioner’s Office (ICO) is accepting comments from the public on a proposed UK privacy seal program.  The deadline for comments is October 3, 2014. The ICO intends to endorse at least one privacy seal program in 2015.   Privacy seal programs are… Continue Reading

Google, the House of Lords and the timing of the EU Data Protection Regulation

Posted in EU Data Protection Regulation, European Court of Justice, European Union, Privacy Regulation, Social Media

Written by Susan Foster, Solicitor England & Wales/Admitted in California  (LONDON) Could the European Court of Justice’s May 13, 2014 Google Spain decision delay the adoption of the EU Data Protection Regulation? In the Google Spain “Right to be Forgotten” case, the ECJ held that Google must remove links to a newspaper article containing properly… Continue Reading

Privacy Monday – August 18, 2014

Posted in Data Breach, Data Compliance & Security, Online Advertising, Privacy Monday, Privacy Regulation, Security

There is another retail data breach to talk about in this Privacy Monday post – privacy & security bits and bytes to start your week. Supermarket Chain Reports Data Breach Minnesota-based food retailer Supervalu Inc. has reported breach of its point-of-sale (POS) system, apparently by hackers.  A press release on the corporate website describes the… Continue Reading

Privacy Monday – August 11, 2014

Posted in Cybersecurity, Data Breach, Privacy Monday, Privacy Regulation, Security

    We are just two Mondays away from Labor Day, the traditional end of summer in the United States.  Here are some privacy tidbits to get your week started.  See especially Jake Romero’s piece on the new Delaware data destruction law.     Lack of Information on the Russian Hackers A company called Hold Security… Continue Reading

Honing in on the new rules for the transfer of personal data outside of the EEA

Posted in European Union, Privacy Regulation

Written by Susan Foster, Solicitor England & Wales/Admitted in California  (LONDON) Although no major legislative milestones for the EU Data Protection Regulation have occurred since March 2014 (see status update here), there has been some progress over the late spring and early summer of 2014.  One key item that will be of interest to US… Continue Reading

No news doesn’t mean it’s gone away: Timing Update for the EU Data Protection Regulation

Posted in EU Data Protection Regulation, European Union, Privacy Regulation, Uncategorized

Written by Susan Foster, Solicitor England & Wales/Admitted in California  (LONDON) With no major legislative milestones since the March 2014 EU Parliamentary vote endorsing the LIBE draft of the new Data Protection Legislation, observers from outside the EU might understandably wonder whether the legislative process has derailed somehow.  But it hasn’t – the train has… Continue Reading

COPPA Update: FTC Provides More Flexibility on Obtaining Verifiable Parental Consent

Posted in Children, Privacy Regulation

Written by Julia Siripurapu, CIPP/US Some clarification and a bit more flexibility was forthcoming late last week from the Federal Trade Commission to help ease compliance with the “new” COPPA. In its recent update to three FAQs in Section H (Verifiable Parental Consent) of the COPPA FAQs , the FTC provided important information on the topic of… Continue Reading

Changes in Breach Notification Risk Assessments Under HIPAA

Posted in Data Breach Notification, Data Compliance & Security, HIPAA/HITECH, Privacy Regulation

Reposted from Mintz Levin’s Health Law & Policy Matters blog The American Bar Association Health Law Section’s July 2014 eSource publication includes an article by Dianne Bourque, Kimberly Gold, and Stephanie Willis that provides examples of how risk assessments under the Breach Notification Rule have changed since the HIPAA Omnibus Rule went into effect in September 2013.   The examples analyzed… Continue Reading

Backlash Over Facebook Timeline Experiment Serves as a Reminder: User Expectations Still Trump Fine Print

Posted in Federal Trade Commission, Privacy Litigation, Privacy Regulation

Written by Jake Romero, CIPP If you are one of the approximately 1.3 billion people who use Facebook, you’ve likely experienced the phenomenon where a single event (like Luiz Suarez biting that Italian guy or pretty much anything involving TSA) manages to raise the ire of a large number of your Facebook friends, causing them… Continue Reading

Privacy Monday – June 30, 2014

Posted in Data Breach Notification, Privacy Monday, Privacy Regulation, Uncategorized

Not only the last Monday in June, but the last day of June.    There are quite a few privacy-related things taking effect tomorrow, July 1.   Some reminders: Florida Amendments to Data Breach Notification Law The Florida Information Protection Act of 2014 (“FIPA”) takes effect tomorrow.   The FIPA essentially repeals Florida’s existing data breach notification law and… Continue Reading

Five Lessons from OCR’s Report to Congress on Breaches and HIPAA Rules Compliance

Posted in Cybersecurity, Data Breach, Data Breach Notification, HIPAA/HITECH, Privacy Regulation, Security

Written by Stephanie D. Willis and Dianne J. Bourque (republished from Mintz Levin’s Health Law Policy Matters blog)   Last week, the HHS Office of Civil Rights (OCR) released two reports required by the Health Information Technology for Economic and Clinical Health (HITECH) Act: (i) the Annual Report to Congress on Breaches of Unsecured Protected Information… Continue Reading

Round Two for Snapchat: Agreement with the Maryland Attorney General Settling Claims of Consumer Deception and COPPA Violations

Posted in Children, Privacy Regulation

Written by Julia Siripurapu, CIPP Just a little over a month after settling charges of false promises of disappearing user messages (among other things) with the Federal Trade Commission (“FTC”), mobile app developer Snapchat, Inc. (“Snapchat” or “Company”) announced (blog post) that on June 12th  the Company entered into an agreement with the Office of… Continue Reading

Calling All Boards of Directors: Four Recommendations from the SEC

Posted in Cyber Risks Boardroom Series, Cybersecurity, Privacy Regulation

Written by Adam Veness SEC Commissioner Luis Aguilar recently spoke at the New York Stock Exchange Conference “Cyber Risks and the Boardroom.”  In his speech, Commissioner Aguilar emphasized the importance of cybersecurity and how fast the need for cybersecurity has grown in such a short time period, pointing out that U.S. companies experienced a 42%… Continue Reading

My company isn’t a search engine. Why should I care about Google Spain?

Posted in Data Breach, Data Compliance & Security, EU Data Protection Regulation, European Court of Justice, European Union, Legislation, Privacy Litigation, Privacy Regulation

Written by Susan Foster, Solicitor England & Wales/Admitted in California  (LONDON) Google – along with the rest of us – is still considering the implications of the European Court of Justice’s May 13, 2014 decision that Google must remove links to a newspaper article containing properly published information about a Spanish individual on the basis… Continue Reading

“Selfie” Assessment – 4 Key Lessons from Snapchat’s Settlement with the FTC

Posted in Data Breach, Federal Trade Commission, Privacy Regulation

Written by Jake Romero, CIPP/US As a country we are quickly approaching a time in which most adults will be disqualified from being elected to public office because of something they posted on their social media account while growing up.  Against this backdrop of over-sharing, Snapchat, Inc. won over the hearts of its users with… Continue Reading