Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

Security

Subscribe to Security RSS Feed

Breaking News: Executive Order Signed Relating to “Significant Malicious Cyber-Enabled Activities”

Posted in Cybersecurity, Security

President Obama today signed an Executive Order granting authority to the Department of the Treasury’s Office of Foreign Assets Control (OFAC) to impose sanctions on individuals and entities determined to be “responsible for or complicit in malicious cyber-enabled activities” that result in harms “reasonably likely to result in, or have materially contributed to, a significant threat… Continue Reading

Responding to Insider Data Theft

Posted in Cybersecurity, Data Compliance & Security, Events and Webinars, Security

Our 2015 monthly Privacy Issues Wednesday webinar series continued this month with Jonathan Cain and Paul Pelletier’s Responding to Insider Data Theft & Disclosure presentation.  Jonathan and Paul discussed how distinguishing the insider threat differs from the techniques used to identify and stop hackers, creating an environment that deters insiders from stealing data, and the… Continue Reading

Privacy Monday – March 2, 2015: How is Your Cyber Resilience?

Posted in Cloud Computing, Cybersecurity, Data Compliance & Security, Privacy Monday, Security

Welcome to March (and in the Northeast, the arrival of meteorological spring is welcome indeed……) We start this month with a question:  Have you looked at your cyber resilience? The Federal Financial Institutions Examination Council (FFIEC) recently described “cyber resilience” as an organization’s ability to recover critical IT systems and resume normal business operations in… Continue Reading

Two Upcoming Privacy/Cybersecurity Events – Register Now!

Posted in Cybersecurity, Data Breach, Employee Privacy, Events and Webinars, Security

The Mintz Levin Privacy & Data Security Team invites you to register and join us at two upcoming events: Our next Wednesday Webinar is coming up on February 25th, with a focus on privacy in the workplace. Our workplace is everywhere these days, which makes employment and privacy compliance even more challenging. Jen Rubin and Gauri Punjabi will discuss developments… Continue Reading

Could the Anthem Hack Happen in NY? New Report Highlights Risk for NY Insurers

Posted in Cybersecurity, Data Breach, HIPAA/HITECH, Security

The New York State Department of Financial Services (the “Department”) recently released a “Report on Cyber Security in the Insurance Sector” (the “Report”). The Report was released on February 8, 2015,  just four days after Anthem first reported the breach of its database estimated to contain as many as 80 million customer records. While the… Continue Reading

Register for our next Wednesday Webinar — February 25

Posted in Employee Privacy, Events and Webinars, HIPAA/HITECH, Identity Theft, Mobile Privacy, Privacy Litigation, Security, Social Media

Registration is open for the next installment in the Mintz Levin Privacy & Security Group Wednesday Webinar series — This webinar,  scheduled for Wednesday, February 25,  will focus on privacy in the workplace. Our workplace is everywhere these days, which makes employment and privacy compliance even more challenging. Jen Rubin and Gauri Punjabi will discuss… Continue Reading

Cybersecurity and Privacy in State of the Union Address

Posted in Children, Cybersecurity, Data Breach, Data Breach Notification, Data Compliance & Security, Legislation, Privacy Regulation, Security

As expected in his State of the Union address last night, President Obama made it very clear that cybersecurity is on his agenda for 2015.  After stating that:  “No foreign nation, no hacker should be able to shut down our networks, steal our trade secrets or invade the privacy of American families, especially our kids,”… Continue Reading

Privacy Monday – January 12, 2015

Posted in Cybersecurity, Data Breach Notification, Data Compliance & Security, Employee Privacy, Federal Trade Commission, Legislation, Privacy Monday, Privacy Regulation, Security

Three privacy/security stories that you should know as you start your week:   President Obama to Offer Cybersecurity/Privacy Previews to State of the Union Proposals In a series of speeches this week, President Obama will preview important issues to appear in his January 20th State of the Union address.    A White House official said… Continue Reading

Save the Date — HIPAA Audit Preparedness Webinar January 28, 2015

Posted in Data Breach Notification, Data Compliance & Security, HIPAA/HITECH, Privacy Regulation, Security

The First Rule of How to Survive a HIPAA Audit:  Be Prepared 2015 is bringing along with it the start of the HHS Office for Civil Rights random audit program to assess compliance with the HIPAA privacy, security and breach notification rules.   It is anticipated that 300-400 business associates will be the subject of a… Continue Reading

On the Twelfth Day of Privacy, My True Love Gave to Me …. 12 Different Types of Wearables!

Posted in 12 Days of Privacy, Cybersecurity, Data Breach, Data Compliance & Security, Privacy Regulation, Security

And what will that new gadget be spilling about you??  Written by Julia Siripurapu, CIPP There is no doubt that wearable devices are among the hottest gifts of the season! From fitness bands and smart watches to wearable cameras and the Google Glass, there is definitely someone on your list (including you!) who may benefit… Continue Reading

On the Ninth Day of Privacy, my true love gave to me….

Posted in 12 Days of Privacy, Mobile Privacy, Privacy Regulation, Security

a tracking device in my car …. she is now my ex-true love…. Written by Jonathan Cain A year ago, privacy and data security issues in the media were all about credit cards and identity theft.  Concerns about privacy related to location data were, at least among the general public and Congress, somewhere in a… Continue Reading

On the Sixth Day of Privacy, the hackers gave to Sony……

Posted in 12 Days of Privacy, 201 CMR 17.00, Cybersecurity, Data Breach, Data Compliance & Security, Security

many more than six different hacks…….and headaches…… Written by Jonathan Ursprung With the holiday season in full swing, many of us are struggling with that age-old question: “what do you get for the person who has everything?”  Well, if that person happens to be your supreme leader, the answer may very well be “a massive download… Continue Reading

On the Third Day of Privacy, the Shareholders Gave to Me……

Posted in 12 Days of Privacy, Cybersecurity, Data Breach, Data Compliance & Security, Privacy Regulation, Security

…….Shareholder Proposals on Cybersecurity and Privacy: Another Country Heard From  Written by Megan Gates As the holiday season slips into the rear view mirror, another season looms large for public companies —- proxy season.  Adding to the ever-growing chorus of demands for increased transparency by public companies on cybersecurity and privacy matters, institutional shareholders have… Continue Reading

Global Internet Threat Activity

Posted in Cybersecurity, Data Breach, Data Compliance & Security, Identity Theft, Security

Often, privacy and security professionals are seen as “paranoid” or “Chicken Little” ….. statistics are pointing to something that more closely resembles the canary in the coal mine. A new Internet Security Threat Report provides an overview and analysis of the year’s global internet threat activity. The report is based on data from the Symantec™… Continue Reading

Privacy Monday (on Tuesday….) — November 17, 2014

Posted in Cybersecurity, European Union, Federal Trade Commission, Privacy Monday, Security

Sometimes the day just gets away from you… Here are three privacy & security things you should know for your week: 1.  FTC Cites TRUSTe With Misrepresenting Practices – Fines $200,000 Apparently TRUSTe hasn’t been quite so …. the fine is part of an agreed settlement with the FTC, under which the Commission has charged… Continue Reading

A Different Kind of “Virus”: FDA Follows NIST Framework in Cybersecurity Guidance for Medical Devices

Posted in Cybersecurity, Data Compliance & Security, Security

Written by Joshua T.  Foust In past posts  we’ve taken a close look at the Framework for Improving Critical Infrastructure Cybersecurity put forth by the National Institute of Standards and Technology (NIST), exploring its wide-ranging implications for companies across a number of different industries.  As we’ve explained elsewhere, cybersecurity is an increasingly hot issue for agencies… Continue Reading

It’s 11:30 PM, do you know where your data is? Privacy & Connected Devices

Posted in Cybersecurity, Security

Written by Kristina Eastham This marks the second week of National Cyber Security Awareness Month, and one focused on the Secure Development of IT Products, so it seems only appropriate to discuss security and The Internet of Things and a recent panel discussion on privacy and IoT. Last week, privacy and security professionals gathered at… Continue Reading

Privacy Monday – October 6, 2014

Posted in Cybersecurity, Data Breach, Privacy Monday, Security

A new month, a new Privacy Monday. JPMorgan Chase:  Baiting the Hook for Phishers  Cybercrime researchers say that the 83 million customer records (76 million consumer and 7 million small business) swiped from JPMC could be the fuel for years of fraud.  In its 10-K filing with the Securities and Exchange Commission, JPMC disclosed the nature and scope… Continue Reading

Notes from the Joint OCR/NIST HIPAA Security Conference

Posted in Cybersecurity, HIPAA/HITECH, Privacy Regulation, Security

Written by:  Dianne Bourque, Kimberly Gold, Kate Stewart, and Stephanie D. Willis  (original post in Mintz Levin’s Health Law & Policy Matters blog) As a service to our readers, we have distilled last week’s joint HHS Office of Civil Rights (OCR) and National Institute of Standards in Technology (NIST) conference, “Safeguarding Health Information: Building Assurance through HIPAA Security” into three phrases:  (i) risk assessment, (ii)… Continue Reading

“Backoff” Update — More Widespread, PCI Council Issues Call to Action — If You Accept Credit Cards Via Point-of-Sale, You Need to Read This

Posted in Data Breach, Data Breach Notification, Security

Written by Cynthia Larose Some weeks ago, we wrote a piece “What You Need to Know About Backoff Malware:  The New Threat Targeting Retailers” .   It’s apparently gotten worse.   Any business utilizing point-of-sale (POS) terminals for “swiping” credit cards needs to pay attention to this threat and assess vulnerability.  Hospitals, physicians’ offices, veterinary clinics,  colleges… Continue Reading

Privacy Monday – August 18, 2014

Posted in Data Breach, Data Compliance & Security, Online Advertising, Privacy Monday, Privacy Regulation, Security

There is another retail data breach to talk about in this Privacy Monday post – privacy & security bits and bytes to start your week. Supermarket Chain Reports Data Breach Minnesota-based food retailer Supervalu Inc. has reported breach of its point-of-sale (POS) system, apparently by hackers.  A press release on the corporate website describes the… Continue Reading

Privacy Monday – August 11, 2014

Posted in Cybersecurity, Data Breach, Privacy Monday, Privacy Regulation, Security

    We are just two Mondays away from Labor Day, the traditional end of summer in the United States.  Here are some privacy tidbits to get your week started.  See especially Jake Romero’s piece on the new Delaware data destruction law.     Lack of Information on the Russian Hackers A company called Hold Security… Continue Reading

What You Need to Know About Backoff Malware: the New Threat Targeting Retailers

Posted in Cybersecurity, Privacy Monday, Security

Written by Jake Romero, CIPP The phrase “back off” is an implied threat typically reserved for bumper stickers and mud flaps, but if you are a retailer that permits the use of remote desktop applications in your business, the name Backoff should be considered much more intimidating.   According to a report released by the U.S…. Continue Reading

Five Lessons from OCR’s Report to Congress on Breaches and HIPAA Rules Compliance

Posted in Cybersecurity, Data Breach, Data Breach Notification, HIPAA/HITECH, Privacy Regulation, Security

Written by Stephanie D. Willis and Dianne J. Bourque (republished from Mintz Levin’s Health Law Policy Matters blog)   Last week, the HHS Office of Civil Rights (OCR) released two reports required by the Health Information Technology for Economic and Clinical Health (HITECH) Act: (i) the Annual Report to Congress on Breaches of Unsecured Protected Information… Continue Reading