Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

Monthly Archives: March 2013

Countdown Begins for HIPAA Omnibus Rule Compliance

Posted in Data Breach Notification, Data Compliance & Security, HIPAA/HITECH, Privacy Regulation

Written by Dianne J. Bourque and Stephanie D. Willis The HIPAA Omnibus Rule goes into effect today, which officially starts the clock for covered entities, business associates, and their subcontractors to begin updating their agreements, forms, policies, procedures, and practices to meet approaching compliance deadlines. Business Associate Agreement (BAA) and Data Use Agreement (DUA) compliance… Continue Reading

FTC Finally Updates Its “.com Disclosures” – Welcome to the Small Screen

Posted in Mobile Privacy, Online Advertising

Written by Amy Malone After rounds of comments and public workshops, the FTC has finally released an update to its digital advertising disclosure guidelines (here).  The FTC first released guidance on digital advertising in 2000 (see those guidelines here) and last May the FTC requested comments on how the guidelines could be updated.  The FTC points… Continue Reading

Privacy and Security Not the Only Concerns in the Cloud

Posted in Cloud Computing, Cybersecurity, Data Compliance & Security

Written by Jonathan Cain Security and privacy are the most frequently expressed concerns about cloud computing (defined for this article to include software as a service, platform as a service and storage as a service), but for companies that engage in research, design, development, manufacturing and servicing of items that are subject to U.S. export… Continue Reading

To the Nation’s Largest Banks: Thanks for Reading

Posted in Cybersecurity, Security

It seems that some of the nation’s largest public company banks must be avid readers of this blog and have taken to heart our 2013 prediction that the SEC would require greater disclosure related to data security risks and breaches.  In their recent annual reports, Goldman Sachs Group Inc., Citigroup, Inc., Bank of America Corp…. Continue Reading

Setback for Apple in iPhone MDL

Posted in Class Action Litigation

Written by Evan Nadel In a case about exposing user data, Apple suffered a setback due to its concealment of information in litigation.  Last week, in the multi-district litigation, In Re iPhone Application Litigation, Judge Lucy Koh of the Northern District of California denied Apple’s motion for summary judgment in a putative class action by… Continue Reading

Zip Code as Personal Information: The Massachusetts Round 2

Posted in Class Action Litigation, Data Compliance & Security, Privacy Litigation

Yesterday, the Massachusetts Supreme Judicial Court (“SJC”) ruled that zip codes constitute “personal identification information” under G.L. c. 93.  The question of law came to the SJC from the U.S. District Court for Massachusetts stemming from Tyler vs. Michaels Store, Inc, which was dismissed in January.  This ruling echoes California’s 2011 decision that the Song-Beverly… Continue Reading

FTC Staff Report Shines a Light on the Treacherous Road Ahead for Mobile Payments

Posted in Data Compliance & Security, Privacy Regulation, Security

Written by Jake Romero Perhaps we are being cynical, but if we imagine the current conversation between consumers and the makers of mobile payment applications, it would be something along the lines of: Mobile Payment Industry: “Hello Consumer, would you like to start using your mobile device to transmit payments and make purchases?” Consumer: “Thank… Continue Reading

DataGuidance: Cynthia Larose on Cybersecurity Framework

Posted in Data Compliance & Security

As published in DataGuidance USA: New cybersecurity framework has far-reaching effects on US economy President Obama issued – on 12 February 2013 – the long-awaited Executive Order entitled ‘Improving Infrastructure Cybersecurity’ (the Order), alongside Presidential Policy Directive/PPD 21, to establish a nation-wide ‘Cybersecurity Framework’ and ‘enhance the security and resilience of the Nation’s critical infrastructure’…. Continue Reading

A Birthday Tribute to Dr. Seuss

Posted in Cloud Computing

Cloud Security According to Dr. Seuss Credit and props to Graham Thompson, CCSK, CISSP (   The budget was tight. For hardware we could not pay. So we sat around thinking All that cold, cold, wet day.   I sat there with Sally We sat there, we two. And I said “How I wish we… Continue Reading