Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

Category Archives: Security

Subscribe to Security RSS Feed

Five Lessons from OCR’s Report to Congress on Breaches and HIPAA Rules Compliance

Posted in Cybersecurity, Data Breach, Data Breach Notification, HIPAA/HITECH, Privacy Regulation, Security

Written by Stephanie D. Willis and Dianne J. Bourque (republished from Mintz Levin’s Health Law Policy Matters blog)   Last week, the HHS Office of Civil Rights (OCR) released two reports required by the Health Information Technology for Economic and Clinical Health (HITECH) Act: (i) the Annual Report to Congress on Breaches of Unsecured Protected Information… Continue Reading

How Online Advertisers May Steal Your Personal Information: Recommendations for Protecting Consumers

Posted in Cybersecurity, Online Advertising, Security

Written by Adam Veness The United States Senate Permanent Subcommittee on Investigations recently released a report outlining six findings concerning online advertising risks to consumers’ personal information and four recommendations on how to protect consumers from these hidden hazards. FINDINGS 1) Consumers risk exposure to malware through everyday activity.  Consumers can incur malware attacks by… Continue Reading

SEC Cybersecurity Initiative: Five Steps ALL Broker-Dealers and Investment Advisers Should be Taking

Posted in Cybersecurity, Privacy Regulation, Security

Originally posted on the Mintz Levin Securities Litigation Matters blog Written by Bret Leone-Quick, Cynthia Larose, CIPP, Chip Phinney and Joel Rothman Last week, the U.S. Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) released a Risk Alert announcing its Cybersecurity Initiative.    What does this mean to broker-dealers and investment advisers and, even… Continue Reading

Data: Big, Borderless and Beyond Control? Five Things You Can Do

Posted in Cybersecurity, Data Breach, Data Compliance & Security, Employee Privacy, Security

Written by Amy Malone There’s been a lot of talk about big data over the last few years and the breaches at Target and Neiman Marcus have many companies running in circles trying to figure out how to protect their systems and their data.  So what are some of the big issues in our current… Continue Reading

On the Fifth Day of Privacy, the SEC Gave to Me…..

Posted in Cybersecurity, Data Breach, Privacy Litigation, Security

Sing it with me now….. FIVE GOLDEN RULES! Written by Adam Veness As public companies prepare for the New Year and the start of yet another annual reporting season, it is the perfect time to reflect on our 2013 prediction that the SEC would require greater disclosure relating to cybersecurity risks and data breaches.  As… Continue Reading

DoD Requires Safeguarding Technical Data

Posted in Cybersecurity, Data Compliance & Security, Security

The Department of Defense (DoD) has published its new final rule governing the security measures imposed on DoD unclassified technical information resident on or passing through the unclassified information systems of its contractors and subcontractors. This final rule will require contractors to safeguard unclassified controlled technical information and to report the compromise of such information… Continue Reading

As Black Friday approaches — 6 things you should think about when shopping online…..

Posted in Cybersecurity, Privacy Monday, Security

Holiday e-commerce is expected to jump this year by about 17% over last year, and shoppers will be flocking to mobile devices more often to make those purchases. It is also the time to be cautious and protect your personal data security.   We received a great “happy Thanksgiving…but….” email from our friends at Kroll, and… Continue Reading

Another major medical data breach in California

Posted in Data Breach, HIPAA/HITECH, Security

Written by Julia Siripurapu Or….why are health care institutions still leaving laptops containing PHI unencrypted???? The Los Angeles Times (the “Times”) reported this week the theft of two laptops from an administrative office of hospital group AHMC Healthcare Inc. (“AHMC”) in Alhambra, California that compromised the health data of approximately 729,000 individuals. The notice posted… Continue Reading

Washington Focus – Post-Labor Day

Posted in Legislation, Privacy Regulation, Security

Our Washington affiliate, ML Strategies, has prepared the following post-Labor Day Preview of important issues likely to receive attention in the remaining months of the year. CYBERSECURITY Cybersecurity continues to be a high priority for both Congress and the Administration in 2013.  After President Obama issued Executive Order 13636, Improving Critical Infrastructure Cybersecurity, the Department… Continue Reading

BOSTON: Join Us for “Cybersecurity: It’s Not Just for IT Anymore”

Posted in Class Action Litigation, Cybersecurity, Data Breach, Data Compliance & Security, Privacy Litigation, Privacy Regulation, Security

If you are in the Boston area (or will be on September 26), please join us for an afternoon discussion on cybersecurity and the growing risk to corporate directors.   It’s no longer just the purview of a company’s IT or compliance personnel.  Cybersecurity needs to be elevated to boardroom discussion and this seminar will cover what… Continue Reading

To the Nation’s Largest Banks: Thanks for Reading

Posted in Cybersecurity, Security

It seems that some of the nation’s largest public company banks must be avid readers of this blog and have taken to heart our 2013 prediction that the SEC would require greater disclosure related to data security risks and breaches.  In their recent annual reports, Goldman Sachs Group Inc., Citigroup, Inc., Bank of America Corp…. Continue Reading

FTC Staff Report Shines a Light on the Treacherous Road Ahead for Mobile Payments

Posted in Data Compliance & Security, Privacy Regulation, Security

Written by Jake Romero Perhaps we are being cynical, but if we imagine the current conversation between consumers and the makers of mobile payment applications, it would be something along the lines of: Mobile Payment Industry: “Hello Consumer, would you like to start using your mobile device to transmit payments and make purchases?” Consumer: “Thank… Continue Reading

President Signs Cybersecurity Executive Order

Posted in Data Compliance & Security, Security

“America must … face the rapidly growing threat from cyber-attacks. Now, we know hackers steal people’s identities and infiltrate private emails. We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air traffic control systems.  We cannot look back… Continue Reading

Data Privacy Day 2013 – Tip #2 – Dust off your information security policy (or start putting one in place…)

Posted in Data Breach, Data Breach Notification, Data Compliance & Security, Privacy Regulation, Security

Written by Amy Malone Do you have a comprehensive information security program?  Many businesses are still operating without one, leaving them open to preventable data breaches.  The importance of info security programs was yet again underscored by the recent settlement between Cbr Systems and the Federal Trade Commission regarding a breach that affected 300,000 consumers…. Continue Reading

Data Privacy Day 2013 – Passwords

Posted in Security

Something everyone can do for Data Privacy Day:  make it a point to change at least one password and make it “long and strong.”   Here are some tips for building strong passwords from David Sherry, Chief Information Security Officer at Brown University: To create a strong password, you should use a string of text… Continue Reading

International Data Privacy Day is Monday

Posted in Data Compliance & Security, Employee Privacy, Security

Time for some tips to keep your company (and your employees) safe online – Are your employees trained to maintain company privacy standards? Conduct employee training on privacy as it relates to employment, helping employees learn how to protect the privacy of clients’ and customers’ personal information and teaching employees how to manage their own… Continue Reading

HITECH Omnibus Rule Basics

Posted in HIPAA/HITECH, Privacy Regulation, Security

As we pore through the 562-page HITECH Omnibus Rule released by the Department of Health and Services late yesterday afternoon, here are some top line bullet points: Effective Date:  Rule becomes effective on March 26, 2013.  Covered entities and business associates must comply by September 23, 2013. Business Associates are now front and center – During… Continue Reading

Data Privacy Day Event – Brown University

Posted in Data Compliance & Security, Privacy Regulation, Security

In the run-up to International Data Privacy Day on January 28th, we’ll be posting information on events that may be of interest.   Our friends at Brown University have sent this invitation: You are cordially invited to attend a free Information Security Group colloquium in celebration of National Data Privacy Day at Brown University on Monday January 28, 2013 from 1-4 PM. “Perspectives on… Continue Reading

Cybersecurity in the 113th Congress

Posted in Data Breach, Data Breach Notification, Legislation, Privacy Regulation, Security

The 113th Congress will bring new leadership to the House Homeland Security Committee and the Senate Homeland Security and Government Affairs Committees — all responsible for cybersecurity issues.  President Obama is expected to release an Executive Order (based on the draft circulated in late November 2012) very soon, perhaps before the State of the Union… Continue Reading

Data Privacy and Security Issues for the Nonprofit

Posted in Data Compliance & Security, Privacy Regulation, Security

Can your organization answer “yes” to any of the following questions? Does your organization have personal information (credit card numbers, checks, other financial information) from donors? Does your organization have employees or volunteers for whom you have Social Security numbers? Has your organization signed a merchant agreement to be able to accept credit cards? Do… Continue Reading

National Cybersecurity Awareness Month — Cryptography is Going Mainstream

Posted in Security

Written by Sara Crasson The Privacy and Security Matters Blog continues to celebrate National Cybersecurity Awareness Month this October. The Internet has become a primary medium for everyday communication, but individuals rarely consider the potential data security problems.  Sending an e-mail or instant message is like dropping a postcard in the mail.  Many people handle… Continue Reading