Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

Security

Subscribe to Security RSS Feed

On the Sixth Day of Privacy, the hackers gave to Sony……

Posted in 12 Days of Privacy, 201 CMR 17.00, Cybersecurity, Data Breach, Data Compliance & Security, Security

many more than six different hacks…….and headaches…… Written by Jonathan Ursprung With the holiday season in full swing, many of us are struggling with that age-old question: “what do you get for the person who has everything?”  Well, if that person happens to be your supreme leader, the answer may very well be “a massive download… Continue Reading

On the Third Day of Privacy, the Shareholders Gave to Me……

Posted in 12 Days of Privacy, Cybersecurity, Data Breach, Data Compliance & Security, Privacy Regulation, Security

…….Shareholder Proposals on Cybersecurity and Privacy: Another Country Heard From  Written by Megan Gates As the holiday season slips into the rear view mirror, another season looms large for public companies —- proxy season.  Adding to the ever-growing chorus of demands for increased transparency by public companies on cybersecurity and privacy matters, institutional shareholders have… Continue Reading

Global Internet Threat Activity

Posted in Cybersecurity, Data Breach, Data Compliance & Security, Identity Theft, Security

Often, privacy and security professionals are seen as “paranoid” or “Chicken Little” ….. statistics are pointing to something that more closely resembles the canary in the coal mine. A new Internet Security Threat Report provides an overview and analysis of the year’s global internet threat activity. The report is based on data from the Symantec™… Continue Reading

Privacy Monday (on Tuesday….) — November 17, 2014

Posted in Cybersecurity, European Union, Federal Trade Commission, Privacy Monday, Security

Sometimes the day just gets away from you… Here are three privacy & security things you should know for your week: 1.  FTC Cites TRUSTe With Misrepresenting Practices – Fines $200,000 Apparently TRUSTe hasn’t been quite so …. the fine is part of an agreed settlement with the FTC, under which the Commission has charged… Continue Reading

A Different Kind of “Virus”: FDA Follows NIST Framework in Cybersecurity Guidance for Medical Devices

Posted in Cybersecurity, Data Compliance & Security, Security

Written by Joshua T.  Foust In past posts  we’ve taken a close look at the Framework for Improving Critical Infrastructure Cybersecurity put forth by the National Institute of Standards and Technology (NIST), exploring its wide-ranging implications for companies across a number of different industries.  As we’ve explained elsewhere, cybersecurity is an increasingly hot issue for agencies… Continue Reading

It’s 11:30 PM, do you know where your data is? Privacy & Connected Devices

Posted in Cybersecurity, Security

Written by Kristina Eastham This marks the second week of National Cyber Security Awareness Month, and one focused on the Secure Development of IT Products, so it seems only appropriate to discuss security and The Internet of Things and a recent panel discussion on privacy and IoT. Last week, privacy and security professionals gathered at… Continue Reading

Privacy Monday – October 6, 2014

Posted in Cybersecurity, Data Breach, Privacy Monday, Security

A new month, a new Privacy Monday. JPMorgan Chase:  Baiting the Hook for Phishers  Cybercrime researchers say that the 83 million customer records (76 million consumer and 7 million small business) swiped from JPMC could be the fuel for years of fraud.  In its 10-K filing with the Securities and Exchange Commission, JPMC disclosed the nature and scope… Continue Reading

Notes from the Joint OCR/NIST HIPAA Security Conference

Posted in Cybersecurity, HIPAA/HITECH, Privacy Regulation, Security

Written by:  Dianne Bourque, Kimberly Gold, Kate Stewart, and Stephanie D. Willis  (original post in Mintz Levin’s Health Law & Policy Matters blog) As a service to our readers, we have distilled last week’s joint HHS Office of Civil Rights (OCR) andNational Institute of Standards in Technology (NIST) conference, “Safeguarding Health Information: Building Assurance through HIPAA Security” into three phrases:  (i) risk assessment, (ii)… Continue Reading

“Backoff” Update — More Widespread, PCI Council Issues Call to Action — If You Accept Credit Cards Via Point-of-Sale, You Need to Read This

Posted in Data Breach, Data Breach Notification, Security

Written by Cynthia Larose Some weeks ago, we wrote a piece “What You Need to Know About Backoff Malware:  The New Threat Targeting Retailers” .   It’s apparently gotten worse.   Any business utilizing point-of-sale (POS) terminals for “swiping” credit cards needs to pay attention to this threat and assess vulnerability.  Hospitals, physicians’ offices, veterinary clinics,  colleges… Continue Reading

Privacy Monday – August 18, 2014

Posted in Data Breach, Data Compliance & Security, Online Advertising, Privacy Monday, Privacy Regulation, Security

There is another retail data breach to talk about in this Privacy Monday post – privacy & security bits and bytes to start your week. Supermarket Chain Reports Data Breach Minnesota-based food retailer Supervalu Inc. has reported breach of its point-of-sale (POS) system, apparently by hackers.  A press release on the corporate website describes the… Continue Reading

Privacy Monday – August 11, 2014

Posted in Cybersecurity, Data Breach, Privacy Monday, Privacy Regulation, Security

    We are just two Mondays away from Labor Day, the traditional end of summer in the United States.  Here are some privacy tidbits to get your week started.  See especially Jake Romero’s piece on the new Delaware data destruction law.     Lack of Information on the Russian Hackers A company called Hold Security… Continue Reading

What You Need to Know About Backoff Malware: the New Threat Targeting Retailers

Posted in Cybersecurity, Privacy Monday, Security

Written by Jake Romero, CIPP The phrase “back off” is an implied threat typically reserved for bumper stickers and mud flaps, but if you are a retailer that permits the use of remote desktop applications in your business, the name Backoff should be considered much more intimidating.   According to a report released by the U.S…. Continue Reading

Five Lessons from OCR’s Report to Congress on Breaches and HIPAA Rules Compliance

Posted in Cybersecurity, Data Breach, Data Breach Notification, HIPAA/HITECH, Privacy Regulation, Security

Written by Stephanie D. Willis and Dianne J. Bourque (republished from Mintz Levin’s Health Law Policy Matters blog)   Last week, the HHS Office of Civil Rights (OCR) released two reports required by the Health Information Technology for Economic and Clinical Health (HITECH) Act: (i) the Annual Report to Congress on Breaches of Unsecured Protected Information… Continue Reading

How Online Advertisers May Steal Your Personal Information: Recommendations for Protecting Consumers

Posted in Cybersecurity, Online Advertising, Security

Written by Adam Veness The United States Senate Permanent Subcommittee on Investigations recently released a report outlining six findings concerning online advertising risks to consumers’ personal information and four recommendations on how to protect consumers from these hidden hazards. FINDINGS 1) Consumers risk exposure to malware through everyday activity.  Consumers can incur malware attacks by… Continue Reading

SEC Cybersecurity Initiative: Five Steps ALL Broker-Dealers and Investment Advisers Should be Taking

Posted in Cybersecurity, Privacy Regulation, Security

Originally posted on the Mintz Levin Securities Litigation Matters blog Written by Bret Leone-Quick, Cynthia Larose, CIPP, Chip Phinney and Joel Rothman Last week, the U.S. Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) released a Risk Alert announcing its Cybersecurity Initiative.    What does this mean to broker-dealers and investment advisers and, even… Continue Reading

Data: Big, Borderless and Beyond Control? Five Things You Can Do

Posted in Cybersecurity, Data Breach, Data Compliance & Security, Employee Privacy, Security

Written by Amy Malone There’s been a lot of talk about big data over the last few years and the breaches at Target and Neiman Marcus have many companies running in circles trying to figure out how to protect their systems and their data.  So what are some of the big issues in our current… Continue Reading

On the Fifth Day of Privacy, the SEC Gave to Me…..

Posted in Cybersecurity, Data Breach, Privacy Litigation, Security

Sing it with me now….. FIVE GOLDEN RULES! Written by Adam Veness As public companies prepare for the New Year and the start of yet another annual reporting season, it is the perfect time to reflect on our 2013 prediction that the SEC would require greater disclosure relating to cybersecurity risks and data breaches.  As… Continue Reading

DoD Requires Safeguarding Technical Data

Posted in Cybersecurity, Data Compliance & Security, Security

The Department of Defense (DoD) has published its new final rule governing the security measures imposed on DoD unclassified technical information resident on or passing through the unclassified information systems of its contractors and subcontractors. This final rule will require contractors to safeguard unclassified controlled technical information and to report the compromise of such information… Continue Reading

As Black Friday approaches — 6 things you should think about when shopping online…..

Posted in Cybersecurity, Privacy Monday, Security

Holiday e-commerce is expected to jump this year by about 17% over last year, and shoppers will be flocking to mobile devices more often to make those purchases. It is also the time to be cautious and protect your personal data security.   We received a great “happy Thanksgiving…but….” email from our friends at Kroll, and… Continue Reading

Another major medical data breach in California

Posted in Data Breach, HIPAA/HITECH, Security

Written by Julia Siripurapu Or….why are health care institutions still leaving laptops containing PHI unencrypted???? The Los Angeles Times (the “Times”) reported this week the theft of two laptops from an administrative office of hospital group AHMC Healthcare Inc. (“AHMC”) in Alhambra, California that compromised the health data of approximately 729,000 individuals. The notice posted… Continue Reading

Washington Focus – Post-Labor Day

Posted in Legislation, Privacy Regulation, Security

Our Washington affiliate, ML Strategies, has prepared the following post-Labor Day Preview of important issues likely to receive attention in the remaining months of the year. CYBERSECURITY Cybersecurity continues to be a high priority for both Congress and the Administration in 2013.  After President Obama issued Executive Order 13636, Improving Critical Infrastructure Cybersecurity, the Department… Continue Reading

BOSTON: Join Us for “Cybersecurity: It’s Not Just for IT Anymore”

Posted in Class Action Litigation, Cybersecurity, Data Breach, Data Compliance & Security, Privacy Litigation, Privacy Regulation, Security

If you are in the Boston area (or will be on September 26), please join us for an afternoon discussion on cybersecurity and the growing risk to corporate directors.   It’s no longer just the purview of a company’s IT or compliance personnel.  Cybersecurity needs to be elevated to boardroom discussion and this seminar will cover what… Continue Reading