Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

Monthly Archives: April 2014

The Digital Side of Corporate Risk Management

Posted in Cybersecurity, Data Breach Notification

Companies today need to be thinking of cyber risk management as part of their overall corporate risk management. The first step for companies is knowing the privacy laws in their industry as well as across states, says Mintz Levin’s Cynthia Larose, editor of this blog and chair of the Privacy & Security Practice, in “Corporate Risk… Continue Reading

We have seen this movie before ….. and we all should know that it does not end well.

Posted in Data Breach, HIPAA/HITECH, Privacy Regulation

This was originally posted on Mintz Levin’s Health Law & Policy Matters blog: Written by: Kimberly J. Gold How much is the cost of doing nothing when it comes to encryption of sensitive data?   In the case of electronic protected health information, about $2 million. Two companies have been hit with fines equaling a total of almost… Continue Reading

FTC Updates COPPA FAQs to Address Education Space

Posted in Children, Privacy Regulation

Written by Julia Siripurapu, CIPP The FTC has just published updates to the COPPA FAQs, the Commission’s compliance guide for businesses and consumers, to address the applicability of COPPA and the Amended COPPA Rule to educational institutions and businesses that provide online services, including mobile apps, to educational institutions. The “COPPA and Schools” FAQs cover in… Continue Reading

NYC Women in Intellectual Property Discuss Cybersecurity

Posted in Cybersecurity, Data Breach, Data Compliance & Security, European Union, Federal Trade Commission

Written by Andowah Newton Yesterday, Mintz Levin attended a panel breakfast sponsored by the New York City Bar’s Committee on Women in Intellectual Property.  The panel featured two practitioners, one from the public sector and one from the private sector.  The panel was moderated by Karen Greenberg, Director at Fordham Law’s Center.   Some takeaways that we… Continue Reading

Get your updated Mintz Matrix!

Posted in Data Breach, Data Breach Notification

As our readers know, we maintain a summary of the US state data breach notification laws, which we refer to as the “Mintz Matrix.”   We update the Mintz Matrix on a quarterly basis, or more frequently if developments dictate. We’ve updated the Mintz Levin State Data Breach Notification Matrix to reflect recent changes to Kentucky’s… Continue Reading

Video Interview: Discussing Heartbleed with LXBN TV

Posted in Cybersecurity, Security

As a follow-up to our commentary here on the headline-grabbing Heartbleed bug, I had the opportunity to discuss the subject with Colin O’Keefe of LXBN. In the brief interview, I explain how companies should respond to the bug and the uncertainty surrounding the liability they may face.

Target Becomes a Target: Proposed California Bill Aims to Make Retailers Liable for Data Breach Incidents

Posted in Data Breach, Data Breach Notification, Privacy Regulation

Written by Jake Romero, CIPP/US Following a string of high-profile data breaches and new data suggesting that approximately 21.3 million customer accounts have been exposed by data breach incidents over the past two years, the California legislature has introduced legislation aimed at making retailers responsible for certain costs in connection with data breach incidents.  If… Continue Reading

Aggressive Liability Theory Does Not Eliminate Obstacles To Banks’ Claims In Target Data Breach Class Action

Posted in Class Action Litigation, Data Breach, Privacy Litigation

Written by Kevin McGinty The latest salvo in the Target data breach litigation is a class action brought by credit card issuing banks advancing a creative and somewhat misleading construction of the Minnesota’s Plastic Card Security Act.  The banks allege that there was a violation of the statute’s prohibition on retaining PIN, security code and… Continue Reading

Is Your HIPAA Compliance Program Going Out the Window with XP?

Posted in HIPAA/HITECH

Written by Dianne Bourque and Cynthia Larose April 8, 2014 marks the end of Microsoft’s support for the Windows XP operating system, which means the end of security updates from Microsoft and the beginning of new vulnerability to hackers and other intruders into systems still utilizing the operating system. But does the end of Windows… Continue Reading

New Draft Processor to Sub-processor Model Clauses (Art. 29 Working Party)

Posted in Cloud Computing, European Union, Privacy Regulation

Written by Susan Foster, Solicitor England & Wales/Admitted in California  (LONDON) The Art. 29 Working Party, a key advisory body to the EU Commission, recently proposed draft model clauses to cover the transfer of personal data from EEA data processors to non-EEA sub-processors. The draft model clauses have the potential to bring greater certainty to… Continue Reading

Privacy Monday: April 4, 2014 — Fandango and Credit Karma and What They Should Mean to Your Mobile App

Posted in Federal Trade Commission, Mobile Privacy, Privacy Monday

Welcome to the first Monday in April. Our Privacy Monday is a report on the Federal Trade Commission’s latest privacy notice-related settlements with Fandango and Credit Karma.   These settlements should be reviewed by any company with (or planning to have) mobile applications and reinforces our mantra:  Say what you do, and do what you say.   … Continue Reading

When You Care Enough to Spy on the Very Best: NSA Greeting Card Program is First Step in Rebranding Campaign

Posted in Uncategorized

Written by Jake Romero If you’ve had a birthday in the past two weeks, you may have received a greeting card from an unlikely source; the National Security Agency.  Following President Obama’s call for large-scale reform of the NSA, the agency has initiated a rebranding campaign in the hopes of winning back the trust and… Continue Reading

Banks Withdraw Lawsuits Against Target and Trustwave

Posted in Uncategorized

UPDATE  to our story yesterday: In what apparently is a big “oops,” two banks that took legal action against Target over its recent data breach have withdrawn their claims.  The suits were withdrawn due to an erroneous allegation against Trustwave, a security vendor also named in the suit. Green Bank of Houston filed a notice of dismissal Monday… Continue Reading