Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

Monthly Archives: August 2013

Commerce GC: Notice-and Choice No Longer Sufficient

Posted in European Union, Privacy Regulation

Outgoing U.S. Commerce Department General Counsel Cameron Kerry used the opportunity of his final public remarks to emphasize that a unified U.S. privacy framework is essential to the future of the digital economy. Legislation should not wait for some data disaster to happen that undermines the trust essential to a successful digital economy. One byproduct of the unauthorized disclosures… Continue Reading

BOSTON: Join Us for “Cybersecurity: It’s Not Just for IT Anymore”

Posted in Class Action Litigation, Cybersecurity, Data Breach, Data Compliance & Security, Privacy Litigation, Privacy Regulation, Security

If you are in the Boston area (or will be on September 26), please join us for an afternoon discussion on cybersecurity and the growing risk to corporate directors.   It’s no longer just the purview of a company’s IT or compliance personnel.  Cybersecurity needs to be elevated to boardroom discussion and this seminar will cover what… Continue Reading

California “Do Not Track” Bill Stays on Track

Posted in Privacy Regulation

  As we predicted, the California Senate has approved A.B. 370, a bill that would require commercial websites or online services that collect personally identifiable information to disclose how that site or service responds to “do not track” signals or similar mechanisms.  Next, A.B. 370 will head back to the California Assembly, where the Assembly… Continue Reading

Privacy Monday – August 26, 2013

Posted in Privacy Monday

As the summer winds down, we find that privacy and security issues remain at the top of mind for companies, hackers, and regulators alike.   EMPLOYEE PERSONAL INFORMATION EXPOSED AT FED Bloomberg is reporting today on a large-scale exposure of the personal information of every employee of the Federal Reserve Bank.   According to the article, a… Continue Reading

You Can Have a Say on a New Mechanism for Obtaining Verifiable Parental Consent under the COPPA Rule

Posted in Children, Federal Trade Commission, Privacy Regulation

Written by Julia Siripurapu, CIPP Yesterday, the FTC published a Federal Register notice requesting public comment on the first new method for obtaining verifiable parental consent submitted for FTC approval by AssertID, Inc under the Voluntary Commission Approval Process provision of the COPPA Rule. The FTC is particularly interested in receiving comments on the questions… Continue Reading

Video Interview: Discussing the Intriguing California Personal Privacy Initiative

Posted in Data Compliance & Security, Privacy Regulation

Written by Jake Romero Following up on my recent post on story, I had the opportunity to speak with Colin O’Keefe of LXBN on an interesting California ballot initiative that would make consumers’ personal information private by default. In the brief interview, I describe the basics of the California Personal Privacy Initiative and explain its… Continue Reading

Privacy Monday – August 19, 2013

Posted in Privacy Monday, Uncategorized

After a brief August hiatus, Privacy Monday is back with privacy goofs, gaffes and tidbits to start your week. Department of Energy Hacked — Again Although the grid is supposed to be “critical infrastructure” as part of the Obama Administration’s cybersecurity Executive Order, the Department of Energy revealed that the agency’s systems had been infiltrated… Continue Reading

New Enforcement Guidance from the UK’s Information Commissioner’s Office

Posted in Data Compliance & Security, European Union, Mobile Privacy, Privacy Regulation

(LONDON) Who is on the ICO’s radar these days?  August seems to be the month for getting new guidance documents out the door at the United Kingdom’s Information Commissioner’s Office.  The UK ICO has just published guidance as to when it is likely to take regulatory action. The new guidance should be reassuring to companies… Continue Reading

Hiding in plain sight: Failure to scrub patient data from digital copiers returned to leasing company results in $1.2 million HIPAA settlement

Posted in Data Breach, Data Compliance & Security, Privacy Litigation, Privacy Regulation

Written by Kevin McGinty We’ve sounded warnings about the lowly copy machine before (here  and here).  The proliferation of digital devices in the workplace means that data security must extend beyond computer networks and laptops.  Seemingly old fashioned equipment, such as copiers, can hide sensitive legally-protected data.  Affinity Health Plan, a New York-based managed care company,… Continue Reading

New Tools from the UK’s Information Commissioner’s Office: How to Respond to Subject Access Requests

Posted in Data Compliance & Security, European Union, Legislation, Privacy Litigation, Privacy Regulation

Written by Susan Foster, Solicitor England & Wales/Admitted in California (LONDON) The UK ICO has come through yet again with some clear guidance as to how to apply the UK’s data protection laws in connection with requests by individuals for access to their personal data.  While we are waiting with bated breath for a final… Continue Reading

Summer Break is Over for California Senate, Which May Mean New “Do Not Track” Disclosure Requirements for You

Posted in Online Advertising

Written by Jake Romero  What did you do over your summer vacation?  Yes, the sad truth is that summer is almost over.  You can tell because there wasn’t a single superhero movie that opened at the box office last weekend (no, Smurfs2 does not count) and because the California Senate is preparing to reconvene from its summer… Continue Reading

How Secure Is Your Pop-Up?

Posted in Cloud Computing, Data Breach, Data Breach Notification

Written by Cynthia Larose Our headline today does not refer to those annoying ads that “pop-up” when you visit websites.  We’re talking about the hottest trend in seasonal retailing – the pop-up store.    These are the “here today, gone tomorrow” retail locations that you see during Halloween and Christmas seasons and are now everywhere capturing… Continue Reading

Huge FCRA Verdict Against Equifax Shows Potential Costs of Failing to Protect and Correct Consumer’s Credit History

Posted in Federal Trade Commission, Privacy Litigation

Written by Kevin McGinty Last week an Oregon jury awarded an individual plaintiff over $18 million in compensatory and punitive damages in what some sources have reported to be the first jury verdict in a case brought under the Fair Credit Reporting Act (“FCRA”), 15 U.S.C. § 1681a(c).  The plaintiff, Julie Miller, discovered problems with her… Continue Reading

Will California Voters Move US to Opt-In?

Posted in Data Compliance & Security, Privacy Regulation

Written by Jake Romero The California ballot measure process permits any California voter to propose a ballot initiative to the state’s Attorney General which, if enough signatures are gathered, will then appear on state-wide ballot for approval at the next election. A draft ballot initiative has been submitted to the California Attorney General that, if… Continue Reading

FTC v. Wyndham: Wyndham Calls for Back-Up

Posted in Data Breach Notification, Federal Trade Commission, Privacy Litigation, Privacy Regulation

Written by Adam Veness It appears that Wyndham Hotel & Resorts LLC (“Wyndham”) has received reinforcements in its defense against the Federal Trade Commission’s (the “FTC”) case.  A federal judge has agreed to allow the U.S. Chamber of Commerce and several other organizations to file an amicus curiae brief in support of dismissing the FTC’s… Continue Reading

Privacy Monday – August 5, 2013

Posted in Privacy Monday

Privacy bytes, gaffes, and goofs for the first Monday in August – New Hampshire Bank Victimized by Malware Manchester, NH-based St. Mary’s Bank, the oldest credit union in the United States, has begun notifying 115, 775 customers after malware was detected on several computers at the bank.  It was discovered that more than 23 workstations… Continue Reading

FTC Complaint: Medical Testing Lab Exposed Personal Data of Thousands Over Peer-to-Peer Network

Posted in Data Breach, Federal Trade Commission, Identity Theft

Written by Amy Malone Just before the Labor Day holiday, the Federal Trade Commission issued a press release announcing its complaint against LabMD, Inc., a company that performs medical testing for consumers around the country.  The complaint alleges that the company did not take reasonable measures to protect the security of consumers’ personal data.   The… Continue Reading

NJ Attorney General Settles with PulsePoint for $1 Million

Posted in Mobile Privacy, Privacy Litigation

Written by Amy Malone Digital marketing company, PulsePoint  entered into a Consent Order with the New Jersey Attorney General and agreed to pay $1 million, following an investigation of claims that PulsePoint bypassed privacy setting of Apple’s Safari browser to allow tracking of consumer activity. Last year, Google settled similar claims with the Federal Trade… Continue Reading