Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

Category Archives: Security

Subscribe to Security RSS Feed

Notes from the Joint OCR/NIST HIPAA Security Conference

Posted in Cybersecurity, HIPAA/HITECH, Privacy Regulation, Security

Written by:  Dianne Bourque, Kimberly Gold, Kate Stewart, and Stephanie D. Willis  (original post in Mintz Levin’s Health Law & Policy Matters blog) As a service to our readers, we have distilled last week’s joint HHS Office of Civil Rights (OCR) andNational Institute of Standards in Technology (NIST) conference, “Safeguarding Health Information: Building Assurance through HIPAA Security” into three phrases:  (i) risk assessment, (ii)… Continue Reading

“Backoff” Update — More Widespread, PCI Council Issues Call to Action — If You Accept Credit Cards Via Point-of-Sale, You Need to Read This

Posted in Data Breach, Data Breach Notification, Security

Written by Cynthia Larose Some weeks ago, we wrote a piece “What You Need to Know About Backoff Malware:  The New Threat Targeting Retailers” .   It’s apparently gotten worse.   Any business utilizing point-of-sale (POS) terminals for “swiping” credit cards needs to pay attention to this threat and assess vulnerability.  Hospitals, physicians’ offices, veterinary clinics,  colleges… Continue Reading

Privacy Monday – August 18, 2014

Posted in Data Breach, Data Compliance & Security, Online Advertising, Privacy Monday, Privacy Regulation, Security

There is another retail data breach to talk about in this Privacy Monday post – privacy & security bits and bytes to start your week. Supermarket Chain Reports Data Breach Minnesota-based food retailer Supervalu Inc. has reported breach of its point-of-sale (POS) system, apparently by hackers.  A press release on the corporate website describes the… Continue Reading

Privacy Monday – August 11, 2014

Posted in Cybersecurity, Data Breach, Privacy Monday, Privacy Regulation, Security

    We are just two Mondays away from Labor Day, the traditional end of summer in the United States.  Here are some privacy tidbits to get your week started.  See especially Jake Romero’s piece on the new Delaware data destruction law.     Lack of Information on the Russian Hackers A company called Hold Security… Continue Reading

What You Need to Know About Backoff Malware: the New Threat Targeting Retailers

Posted in Cybersecurity, Privacy Monday, Security

Written by Jake Romero, CIPP The phrase “back off” is an implied threat typically reserved for bumper stickers and mud flaps, but if you are a retailer that permits the use of remote desktop applications in your business, the name Backoff should be considered much more intimidating.   According to a report released by the U.S…. Continue Reading

Five Lessons from OCR’s Report to Congress on Breaches and HIPAA Rules Compliance

Posted in Cybersecurity, Data Breach, Data Breach Notification, HIPAA/HITECH, Privacy Regulation, Security

Written by Stephanie D. Willis and Dianne J. Bourque (republished from Mintz Levin’s Health Law Policy Matters blog)   Last week, the HHS Office of Civil Rights (OCR) released two reports required by the Health Information Technology for Economic and Clinical Health (HITECH) Act: (i) the Annual Report to Congress on Breaches of Unsecured Protected Information… Continue Reading

How Online Advertisers May Steal Your Personal Information: Recommendations for Protecting Consumers

Posted in Cybersecurity, Online Advertising, Security

Written by Adam Veness The United States Senate Permanent Subcommittee on Investigations recently released a report outlining six findings concerning online advertising risks to consumers’ personal information and four recommendations on how to protect consumers from these hidden hazards. FINDINGS 1) Consumers risk exposure to malware through everyday activity.  Consumers can incur malware attacks by… Continue Reading

SEC Cybersecurity Initiative: Five Steps ALL Broker-Dealers and Investment Advisers Should be Taking

Posted in Cybersecurity, Privacy Regulation, Security

Originally posted on the Mintz Levin Securities Litigation Matters blog Written by Bret Leone-Quick, Cynthia Larose, CIPP, Chip Phinney and Joel Rothman Last week, the U.S. Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) released a Risk Alert announcing its Cybersecurity Initiative.    What does this mean to broker-dealers and investment advisers and, even… Continue Reading

Data: Big, Borderless and Beyond Control? Five Things You Can Do

Posted in Cybersecurity, Data Breach, Data Compliance & Security, Employee Privacy, Security

Written by Amy Malone There’s been a lot of talk about big data over the last few years and the breaches at Target and Neiman Marcus have many companies running in circles trying to figure out how to protect their systems and their data.  So what are some of the big issues in our current… Continue Reading

On the Fifth Day of Privacy, the SEC Gave to Me…..

Posted in Cybersecurity, Data Breach, Privacy Litigation, Security

Sing it with me now….. FIVE GOLDEN RULES! Written by Adam Veness As public companies prepare for the New Year and the start of yet another annual reporting season, it is the perfect time to reflect on our 2013 prediction that the SEC would require greater disclosure relating to cybersecurity risks and data breaches.  As… Continue Reading

DoD Requires Safeguarding Technical Data

Posted in Cybersecurity, Data Compliance & Security, Security

The Department of Defense (DoD) has published its new final rule governing the security measures imposed on DoD unclassified technical information resident on or passing through the unclassified information systems of its contractors and subcontractors. This final rule will require contractors to safeguard unclassified controlled technical information and to report the compromise of such information… Continue Reading

As Black Friday approaches — 6 things you should think about when shopping online…..

Posted in Cybersecurity, Privacy Monday, Security

Holiday e-commerce is expected to jump this year by about 17% over last year, and shoppers will be flocking to mobile devices more often to make those purchases. It is also the time to be cautious and protect your personal data security.   We received a great “happy Thanksgiving…but….” email from our friends at Kroll, and… Continue Reading

Another major medical data breach in California

Posted in Data Breach, HIPAA/HITECH, Security

Written by Julia Siripurapu Or….why are health care institutions still leaving laptops containing PHI unencrypted???? The Los Angeles Times (the “Times”) reported this week the theft of two laptops from an administrative office of hospital group AHMC Healthcare Inc. (“AHMC”) in Alhambra, California that compromised the health data of approximately 729,000 individuals. The notice posted… Continue Reading

Washington Focus – Post-Labor Day

Posted in Legislation, Privacy Regulation, Security

Our Washington affiliate, ML Strategies, has prepared the following post-Labor Day Preview of important issues likely to receive attention in the remaining months of the year. CYBERSECURITY Cybersecurity continues to be a high priority for both Congress and the Administration in 2013.  After President Obama issued Executive Order 13636, Improving Critical Infrastructure Cybersecurity, the Department… Continue Reading

BOSTON: Join Us for “Cybersecurity: It’s Not Just for IT Anymore”

Posted in Class Action Litigation, Cybersecurity, Data Breach, Data Compliance & Security, Privacy Litigation, Privacy Regulation, Security

If you are in the Boston area (or will be on September 26), please join us for an afternoon discussion on cybersecurity and the growing risk to corporate directors.   It’s no longer just the purview of a company’s IT or compliance personnel.  Cybersecurity needs to be elevated to boardroom discussion and this seminar will cover what… Continue Reading

To the Nation’s Largest Banks: Thanks for Reading

Posted in Cybersecurity, Security

It seems that some of the nation’s largest public company banks must be avid readers of this blog and have taken to heart our 2013 prediction that the SEC would require greater disclosure related to data security risks and breaches.  In their recent annual reports, Goldman Sachs Group Inc., Citigroup, Inc., Bank of America Corp…. Continue Reading

FTC Staff Report Shines a Light on the Treacherous Road Ahead for Mobile Payments

Posted in Data Compliance & Security, Privacy Regulation, Security

Written by Jake Romero Perhaps we are being cynical, but if we imagine the current conversation between consumers and the makers of mobile payment applications, it would be something along the lines of: Mobile Payment Industry: “Hello Consumer, would you like to start using your mobile device to transmit payments and make purchases?” Consumer: “Thank… Continue Reading

President Signs Cybersecurity Executive Order

Posted in Data Compliance & Security, Security

“America must … face the rapidly growing threat from cyber-attacks. Now, we know hackers steal people’s identities and infiltrate private emails. We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air traffic control systems.  We cannot look back… Continue Reading

Data Privacy Day 2013 – Tip #2 – Dust off your information security policy (or start putting one in place…)

Posted in Data Breach, Data Breach Notification, Data Compliance & Security, Privacy Regulation, Security

Written by Amy Malone Do you have a comprehensive information security program?  Many businesses are still operating without one, leaving them open to preventable data breaches.  The importance of info security programs was yet again underscored by the recent settlement between Cbr Systems and the Federal Trade Commission regarding a breach that affected 300,000 consumers…. Continue Reading

Data Privacy Day 2013 – Passwords

Posted in Security

Something everyone can do for Data Privacy Day:  make it a point to change at least one password and make it “long and strong.”   Here are some tips for building strong passwords from David Sherry, Chief Information Security Officer at Brown University: To create a strong password, you should use a string of text… Continue Reading

International Data Privacy Day is Monday

Posted in Data Compliance & Security, Employee Privacy, Security

Time for some tips to keep your company (and your employees) safe online – Are your employees trained to maintain company privacy standards? Conduct employee training on privacy as it relates to employment, helping employees learn how to protect the privacy of clients’ and customers’ personal information and teaching employees how to manage their own… Continue Reading