Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

Monthly Archives: March 2010

BREAKING NEWS: NJ Court Upholds Employee E-mail Privacy

Posted in Employee Privacy

In a precedent-setting decision, the New Jersey Supreme Court today ruled that a company should not have read e-mails a former employee sent to her lawyer from a private Web account through her employer’s computer (See November 5, 2009 Privacy and Security Information blog post). According to the Star-Ledger, the court, which determined the company’s… Continue Reading

Government “Outs” Mystery Retailers in Gonzalez Hack Case

Posted in Data Breach

Interesting post in today’s Wired: Threat Level blog about a motion in the Alberto Gonzalez hacking case that was unsealed on Monday. We now have the identities of the other two “mystery” retailers – J.C. Penney was “Company A” and Wet Seal was “Company B.” J.C. Penney argued unsuccessfully last week to keep the company’s… Continue Reading

More detail on Dave & Buster’s FTC Settlement

Posted in Legislation

As we blogged here last week, we were going to post our Client Alert with further details about the settlement and consent order reached by the restaurant chain Dave & Buster’s and the Federal Trade Commission relating to the breach suffered by the chain. Here is the alert — Privacy and Security Alert: Popular Restaurant… Continue Reading

French Senate Passes Breach Notice Bill

Posted in Legislation

The French Senate has overwhelmingly approved a major draft bill updating the country’s 1978 data protection act to, among other things, create the European Union’s strongest breach notification requirement and expand powers of the French data protection authority, known as “CNIL.” This bill also doubles monetary penalties for violations of the data protection law. It… Continue Reading

Privacy and Security Bits and Bytes

Posted in Data Breach

Some news items for the last Friday in March – Another state has joined the Payment Card Industry Data Security Standard (“PCI“) bandwagon. On March 22, 2010, Washington state became the third state to incorporate the into law. The Washington House and Senate passed HB 1149 and it has been signed into law by the… Continue Reading

HHS Announces Delay in Enforcement of HITECH Rules as Applied to Business Associates

Posted in Legislation

As we have discussed before, HHS’s Office of Civil Rights has let it be known that a proposed rule implementing the HITECH Act’s privacy and security provisions as they apply to business associate liability is in the works. The proposed rule will also deal with new limitations on the sale of protected health information, marketing,… Continue Reading

Restaurant Chain Settles FTC Data Breach Charges

Posted in Data Breach

Yesterday, the Federal Trade Commission (“FTC”) weighed in with another proposed settlement agreement requiring that the Dave & Buster’s restaurant chain that experienced a massive data breach in 2007 establish and maintain a comprehensive information security program as a condition of settling a consumer protection action arising out of that data breach. This is the… Continue Reading

TJX hacker sentenced to 20 years

Posted in Data Breach

A computer hacker has been sentenced to 20 years in prison for helping engineer one of the largest thefts of credit and debit card numbers in US history. http://www.boston.com/business/ticker/2010/03/tjx_hacker_sent.html

Senate Commerce Committee Approves Rockefeller-Snowe Cybersecurity Act

Posted in Data Compliance & Security

We will post a link to the amended legislation as soon as it is released by the Committee. The Senate Commerce Committee press release – WASHINGTON, D.C.—Senator John D. (Jay) Rockefeller IV, Chairman of the U.S. Senate Committee on Commerce, Science, and Transportation, and Senator Olympia J. Snowe (R-ME), a senior member of the committee,… Continue Reading

Boston ranks 2nd in U.S. cyber-crime study

Posted in Data Breach

A new study has Boston ranked No. 2 among U.S. cities as a “hotspot” of cybercrime. In a study published yesterday by California data security firm Symantec Corp. (Nasdaq: SYMC), Boston registered as the second-riskiest city in the U.S., after Seattle, due to its high concentration of cyber crimes and WiFi availability. Out of 50… Continue Reading

Quick Compliance Survey

Posted in Data Breach

No, we’re not “taking names” here. This is just a 10-question survey to gauge some basic compliance metrics. Please participate! Click here to take survey

International Cybercrime Reporting and Cooperation Act introduced this afternoon

Posted in Legislation

Senators Gillibrand and Hatch this afternoon introduced their cybersecurity bill, the International Cybercrime Reporting and Cooperation Act. The complete text of the bill is not yet available online, but the press release does include the details of the bill, which include: (1) an annual Presidential report on the state of other countries’ use of communication… Continue Reading

Massachusetts Data Security Compliance Workshop

Posted in Data Compliance & Security

In case your data security compliance plan is stuck in neutral, you have questions, or you haven’t started yet…there will be a free (!) breakfast hands-on workshop on Thursday in Tewksbury, MA. “Massachusetts Data Protection Law: Demystifying the Details” is being sponsored by the Merrimack Valley Venture Forum. The Merrimack Valley Venture Forum has assembled… Continue Reading

Maine Legislative Committee Votes to Repeal Marketing Law Aimed at Minors

Posted in Legislation

We have blogged about the on-again, off-again, then on-again (but revised) Maine “Act to Prevent Predatory Marketing Practices Against Minors”. Well, it’s now off. For good. Last week, a Maine legislative committee voted to repeal the controversial online marketing law, which was widely seen as unconstitutional, that restricts the data that can be collected from… Continue Reading

Privacy and Security Bits and Bytes

Posted in Data Compliance & Security

Our Friday afternoon feature is back (albeit on Thursday due to schedule tomorrow) – a quick round-up of bits and bytes related to data privacy and security. Don’t Ignore New Massachusetts Data Privacy Regs – a piece by Lora Bentley from ITBusinessEdge (for which the editor of this blog was interviewed) Your smart phone may… Continue Reading

Big Fines Coming in UK for Data Breaches

Posted in Data Breach

By Susan Foster, Mintz Levin London As of April 6, 2010, the UK’s Information Commissioner’s Office (ICO) can levy fines of up to £500,000 for breaches of the Data Protection Act 1998 that are: • serious in nature • deliberate or reckless, and • likely to cause substantial damage or distress to an individual. The… Continue Reading

Another Potential Privacy Pitfall on Facebook

Posted in Data Breach

Rumors are flying that Facebook will unveil a new geolocation sharing device next month. According to a post in Bits Blog in the New York Times, you will be able to share your location with friends without updating your status. Jared Newman in an article in PCWorld has a good point … “My gut reaction… Continue Reading

Breaking News – ID Theft Company to Pay $12 Million for Deceptive Advertising

Posted in Legislation

“[E]nough holes that you could drive a truck through it…..” That’s how Federal Trade Commission Chairman Jon Leibowitz described the identity theft protection offered to consumers by the widely-advertised LifeLock product and the claims made by the company that its service provided comprehensive identity theft protection. Those claims have cost the company $12 million dollars… Continue Reading

Major “goof” at Citibank

Posted in Data Breach

For all of you who have been struggling with data security compliance obligations from various fronts, and trying to handle complex technical issues such as encryption of portable devices and data “at rest” and “in transit” — here is a very big story regarding plain old everyday mail. If you are a Citibank customer, Citi… Continue Reading

Hotel Chain Hacked Again….

Posted in Data Breach

Wyndham Hotels and Resorts has apparently notified the U.S. Secret Service and several state attorneys that hackers stole customer names and payment card information from its computer system. Wyndham has since notified credit card companies so that affected cardholders’ accounts may be monitored. It also has hired a firm to investigate the breach and assist… Continue Reading

Today is the day……

Posted in Data Compliance & Security

After implementation delays and rule changes, new data protection regulations that are widely considered the most stringent in the nation take effect today. The Massachusetts data security regulations require institutions that hold personal data on Massachusetts citizens to encrypt that information and implement written data protection policies, reports the Boston Globe. Discussion continues and questions… Continue Reading