Photo of Cynthia Larose

Cynthia Larose is a Member in Mintz Levin’s Corporate Group and leads our Privacy and Security practice. She is a Certified Information Privacy Professional, working with clients in various industries to develop comprehensive information security programs on the front end, and providing timely counsel when it becomes necessary to respond to a data breach.

Mintz Levin Benefits attorney Patricia Moran recently authored an article for  the Society for Human Resources Management’s latest publication describing the cybersecurity risks involved with 401(k) Plan sponsorship.  The article is a great resource for employers who sponsor 401(k) or other retirement plans, especially those who share employees’ sensitive information with third party administrators. For the full story, click here.

We’ve discussed privacy compliance with regulations, legal requirements, etc. in the space since this blog’s inception.   “Privacy by design” – while not a new concept – is certainly enjoying a new spot in the sunshine thanks to the European Union’s General Data Protection Regulation (“GDPR”) (93 days and counting…) and its codification of “privacy by design and default” in Article 25.

Privacy can also be a key differentiator and a competitive advantage.  Read on for some points that can help drive your data privacy/data management program. Continue Reading How to Leverage Privacy as a Key Competitive Advantage

Mintz Levin’s TCPA and Consumer Calling Practice Team has published its latest TCPA Digest.

This month’s issue examines an FCC rulemaking proceeding concerning whether providers should be required to establish a challenge mechaniskm for incorrectly blocked robocalls.  In addition, the Digest examines the factors defendants should consider in whether to make an early offer of judgment (a “Rule 68” offer) in a TCPA class action and relevant case law about early offers.

The TCPA Digest can be read here.

 

 

In case you had not heard, the European Union is replacing its current privacy laws with a new, comprehensive General Data Protection Regulation (GDPR), which takes effect May 25, 2018. The essential principles of the EU’s privacy laws are unchanged, but the new Regulation imposes many new obligations on many more entities – all backed up by fines modeled on European antitrust laws. US Life Sciences companies are likely to find that the GDPR applies to their use of personal information that originated in the EU. This post suggests some pragmatic steps companies can take to assess and begin to meet their GDPR obligations.   We’ll be presenting the next webinar in our GDPR series particularly targeted to life sciences and biotech companies and that will be coming up in March.  Watch this space for more information and registration.

Step 1 – Confirm that the GDPR Applies Continue Reading Practical GDPR Steps for US-Headquartered Life Sciences Companies

Happy 2018.  You may notice a new widget in the right sidebar of our home page.  Now you have a reminder as to just how close we are to the GDPR D-Day.    GDPR is real.   GDPR is here.

To brush up on your GDPR, or to help you get moving in the right direction, here is a link to all of the content from our 2017 GDPR webinar series.   Each edition includes a link to the recording and slides.   We will continue to produce targeted content throughout 2018, so stay tuned.

 

Link here to read our latest edition of the Monthly TCPA Digest, providing insights and news related to the Telephone Consumer Protection Act (TCPA). This month’s issue examines four recent rulings from Seventh Circuit trial courts regarding an FCC rule under the TCPA that mandates opt-out language on solicited faxes, or those sent with the recipient’s consent. The first two district court rulings rejected the D.C. Circuit’s holding invalidating the rule, while the two most recent rulings upheld the appellate decision. In addition, we cover FCC activity related to robocalls and whether mortgage holders’ calls to borrowers in disaster-affected areas violate the TCPA’s consent requirements.

If you have suggestions for topics you’d like to see featured in the Monthly TCPA Digest, or any questions about the issue, please reach to Mintz Levin’s TCPA and Consumer Calling Practice team.

Biometric data is a hotbed of activity these days.  We’ve discussed the frenetic pace at which class actions are being filed in Illinois under the Biometric Information Privacy Act.   Today, Brian Lam wrote in our sister blog, Sports Law Matters, about the issues surrounding the increasing use of biometric data in sports to track just about everything.

Read the article here.

 

Athletes and their Biometric Data – Who Owns It and How It Can Be Used

Since last September, the Mintz Levin Privacy Webinar Series has focused on the upcoming EU General Data Protection Regulation (GDPR) to help businesses understand the reach and scope of the GDPR and prepare for the potentially game-changing privacy regulation. The GDPR will affect how US businesses handle and process personal data originating in the EU and may require changes to business process.

Getting Your Contracts Ready for GDPR (11/16/2017)

This webinar, the eighth in our EU General Data Protection Regulation Series, reviews the GDPR’s express contract requirements and discusses additional matters that you may want to address in your contracts.

Handling Human Resources Data Under Privacy Shield and the GDPR (10/5/2017)

This webinar, the seventh in our EU General Data Protection Regulation Series, reviews current options for transferring personal data, including under Privacy Shield, and previews the new landscape under GDPR.

Access, Correction and Erasure: How to Minimize the Burden (2/16/2017)

This webinar, the sixth in our EU General Data Protection Regulation Series, considers companies’ obligations to give individuals access to their data and to correct or erase it.  We explore the new data portability requirements. The webinar concludes with some suggestions on how to make these requirements less burdensome.

Transferring Data from the EU (1/12/2017)

This webinar, the fifth in our EU General Data Protection Regulation Series, explores the ways in which the Regulation creates new avenues for data transfers, and narrows others. In particular, we consider sector-specific Commission decisions, privacy seals/certifications, the exception for non-repetitive, limited transfers, and the outlook for BCRs and Model Clauses.

Data Protection Officers: Do You Need One? (12/15/2016)

This webinar, the fourth in our EU General Data Protection Regulation Series, examines the criteria that dictate whether or not your organization needs to appoint a Data Protection Officer. We discuss the role of the DPO, the significance of the “independence” requirement, and the qualifications required to hold the position.

Good-bye to the Cure-all: The New Rules on Consent (11/10/2016)

This webinar, the third in our EU General Data Protection Regulation Series, reviews the new restrictions on relying on user consent to data processing and data transfers. In addition to the general “imbalance of power” problem, we consider the implications of the Directive on unfair terms in consumer contracts and changes that may need to be made to terms of use and privacy policies when dealing with consumers.

Accountability, Data Security, Data Impact Assessments and Breach Notification Requirements (10/13/2016)

This webinar, the second in our EU General Data Protection Regulation Series, focuses on the data security and accountability requirements of the Regulation, including reviews and documentation of internal policies and procedures and data impact assessments. We also explore the breach notification requirements and actions that companies can take in advance to mitigate the need for breach notification.

One-Stop Shopping Mall? The New Regulatory Structure (9/14/2016)

This webinar, the first in our EU General Data Protection Regulation Series, explains the powers and role of the new European Data Protection Board, how a “lead supervisory authority” will be designated for each controller, and how the lead supervisory authority will interact with other interested supervisory authorities. We also look at the complaint process from the point of view of the individual who is claiming a violation, and explore the likely role that will be played by public interest organizations bringing group complaints.