Header graphic for print
Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

Data Breach Notification

Subscribe to Data Breach Notification RSS Feed

Breach Response Portal Added by Massachusetts Regulator

Posted in 201 CMR 17.00, Data Breach Notification

If you have had to provide data breach notices across any number of states (and who hasn’t….), you would know that they vary widely in how those notices must be provided to state regulators.   In some states (for example, California, North Carolina, Indiana, and New York), the Attorney General’s office has established an online portal that… Continue Reading

FCC Broadband Privacy and Security Proposed Rulemaking Underway

Posted in Data Breach Notification, Data Compliance & Security, Federal Communications Commission, Privacy Regulation, Security

As we reported last month, the FCC was preparing a proposed rulemaking (NPRM) to establish privacy and data security requirements for broadband internet access service (BIAS) providers.  The FCC has now released that proposal with comments and reply comments due May 27th and June 27th respectively. The brief background to this proposal is that in… Continue Reading

The April 2016 Update — The Mintz Matrix

Posted in Data Breach, Data Breach Notification, Mintz Matrix, Privacy Monday, Privacy Regulation

In 2004, Mintz Levin created a compendium of state data breach notification laws and has been updating it on a regular basis ever since. Our latest update is available here, and it should be part of your incident response “toolbox” and part of your planning. Some changes of note Tennessee is our most recent state to amend its… Continue Reading

California by the Numbers (Part 2): How to Stay out of the 2017 Report

Posted in Cybersecurity, Data Breach, Data Breach Notification, Privacy Regulation, Security, Uncategorized

Yesterday, we reviewed the staggering numbers in California Attorney General Kamala Harris’ 2016 Data Breach Report. In addition to providing a comprehensive analysis of four years of data breaches, the report provides what is an answer to the vexing question of what her office considers to be “reasonable security.”

California by the Numbers (Part 1): 24 Million Compromised in 2015

Posted in Cybersecurity, Data Breach, Data Breach Notification, Data Compliance & Security, Security

Look for Part 2 tomorrow:  Recommendations on how to stay out of future reports California Attorney General Kamala Harris has released a report of the data breaches that have been reported to her office from 2012 until 2015. Although the California data breach notification law took effect in 2003, beginning in 2012, businesses and government… Continue Reading

(So) What if there’s no Safe Harbor 2.0?

Posted in Data Breach, Data Breach Notification, Data Compliance & Security, EDPS, Employee Privacy, EU Data Protection Regulation, European Court of Justice, European Union, Federal Trade Commission, Legislation, Privacy Regulation, Safe Harbor

There’s no doubt businesses in the EU and US would breathe a sigh of relief if a new Safe Harbor agreement is put in place between before European data protection authorities start prosecuting companies for potentially illegal personal data transfers to the US.  But if it doesn’t happen, the US is actually not any worse… Continue Reading

The EU Commission’s spin on the new General Data Protection Regulation

Posted in Data Breach, Data Breach Notification, Data Compliance & Security, EDPS, EU Data Protection Regulation, European Union, Events and Webinars, Safe Harbor, Uncategorized

The European Union Commission has issued a fact sheet on the new General Data Protection Regulation (final post-trilogue text available via Statewatch).  The Commission claims that the Regulation is good for individuals and good for business.  We’ll leave that to readers . . . and history . . . .to decide. As regulations go, the… Continue Reading

Key EU Parliamentary Committee Votes to Adopt the General Data Protection Regulation

Posted in Data Breach, Data Breach Notification, Data Compliance & Security, EDPS, Employee Privacy, EU Data Protection Regulation, European Union

As expected, the EU Parliament’s Committee on Civil Liberties, Justice and Home Affairs (also known as LIBE) voted today to adopt the new General Data Protection Regulation (see the summary we provided yesterday here).  A LIBE press release announced the vote with the proclamation “New EU rules on data protection put the citizen back in the driving seat.”  The vote was… Continue Reading

The General Data Protection Regulation in Bullet Points

Posted in Data Breach, Data Breach Notification, Data Compliance & Security, EDPS, Employee Privacy, EU Data Protection Regulation, European Union, Privacy Regulation, Safe Harbor, Security, Social Media

Updated at 8:50 pm GMT on 16 December 2015. The new General Data Protection Regulation is effectively a “done deal” following the final trilogue meeting on December 15.  One might assume based on UK media coverage that the biggest change in EU privacy law is that kids under 16 will need their parent’s consent to… Continue Reading

Strike Suit Offers Conjectures, And Little More, About Scottrade Data Breach

Posted in Class Action Litigation, Cybersecurity, Data Breach, Data Breach Notification, Identity Theft, Privacy Litigation

As reported on Friday in the Krebs on Security blog, online broker Scottrade had sent an e-mail to customers earlier that day stating that it recently had learned from law enforcement officials that Scottrade was one of a number of financial services companies that had been victimized by data thieves.  That very same day saw… Continue Reading

Data Breach = Class Action Suit. Again.

Posted in Class Action Litigation, Data Breach, Data Breach Notification, HIPAA/HITECH

Originally posted in Mintz Levin’s Health Law & Policy Matters Blog Written by Jordan Cohen In yet another data breach affecting millions of individuals, UCLA Health System (“UCLA”) reported on Friday – July 17, 2015 – that hackers had accessed portions of its health network that contained personal information, including names, addresses, dates of birth, social security numbers, medical record… Continue Reading

Privacy Monday – July 20, 2015: Hack Attack on Adultery Site Ashley Madison

Posted in Cybersecurity, Data Breach, Data Breach Notification, HIPAA/HITECH, Privacy Monday

It’s Monday!   Once again, data breaches and hacks are front and center, so here are three stories you should know about to start your week. 1.    The Site that Promises “Discreet Encounters” Hacked — Karma? If you have not heard the provocative ad campaign launched by a site called AshleyMadison, it may surprise… Continue Reading

Privacy Monday – May 18, 2015

Posted in Children, Cybersecurity, Data Breach, Data Breach Notification, Data Compliance & Security, Events and Webinars, Mobile Privacy, Online Advertising, Privacy Monday, Security, Uncategorized

It’s Monday morning — do you know your privacy/security status? Here are a few bits and bytes to start your week. SEC to Registered Investment Advisers and Broker-Dealers:  It’s Your Turn to Pay Attention to Cybersecurity The Division of Investment Management of the Securities & Exchange Commission (SEC) has weighed in on cybersecurity of registered investment companies… Continue Reading

Privacy Monday – May 4, 2015: Shaping Up — Update on the EU’s Draft General Data Protection Regulation

Posted in Data Breach, Data Breach Notification, EU Data Protection Regulation, European Union, Events and Webinars, Uncategorized

On this Privacy Monday, we can definitely say that the long winter of our discontent (at least for some of our readers) is over.    Happy spring! In case you missed it,  last Wednesday we presented the fourth in our Wednesday Webinar series on the progress of the EU draft Data Protection Regulation and what we… Continue Reading

Precedent and the Price Explain Why Target and the Consumer Class Agreed to an Early Data Breach Settlement

Posted in Class Action Litigation, Data Breach, Data Breach Notification, Privacy Litigation, Uncategorized

On March 18, 2015 – just three months after denial of a motion to dismiss consumer claims arising from Target’s 2013 data breach – Target and the consumer class filed papers seeking approval of a settlement.  The proposed settlement agreement creates a  $10 million cash fund to be paid out to class members claiming actual damages arising from… Continue Reading

State Data Breach Notification Law Updates

Posted in Cybersecurity, Data Breach Notification, Data Compliance & Security, Privacy Regulation

State legislatures are not waiting for Congressional action on a national data breach notification standard. Montana — Montana has amended its 10-year old breach notification law (see Mintz Matrix) to expand the definition of “personal information” and require notice to the state attorney general’s consumer protection office.  H.B. 74, signed into law by Governor Bullock,… Continue Reading

More than Employees Bargained For: Do Union Employees Have a Right to Bargain Over Company Data Breaches?

Posted in Data Breach, Data Breach Notification

Originally posted to Mintz Levin’s Employment Matters Blog These days most employers manage a vast amount of electronic information about their employees, including the employees’ personal identifying information. But, what obligations do employers have to unionized employees with respect to managing that information and bargaining with them in the event of a breach of their private… Continue Reading

Target Data Breach Price Tag: $252 Million and Counting

Posted in Class Action Litigation, Cybersecurity, Data Breach, Data Breach Notification, Privacy Litigation

In a recently-released Form 8-K filing announcing fourth quarter and year-end financial results, Target Corporation reported that expenses incurred in 2014 relating to its 2013 data breach totaled over $191 million.  Those expenses were offset by $46 million in insurance proceeds, resulting in a $145 million charge against Target’s 2014 operating results.  The expenses incurred… Continue Reading

The Anthem Data Breach: The Fallout and What’s Next

Posted in Class Action Litigation, Cybersecurity, Data Breach, Data Breach Notification, HIPAA/HITECH, Identity Theft

By now (unless you have been under a snow drift), you have likely heard about the apparent intrusion into a database at the nation’s largest health insurer, Anthem, Inc.  Rather than reiterate the facts as currently known (see Anthem’s dedicated website for updates), we’ll look at the fallout and what’s next.

Cybersecurity and Privacy in State of the Union Address

Posted in Children, Cybersecurity, Data Breach, Data Breach Notification, Data Compliance & Security, Legislation, Privacy Regulation, Security

As expected in his State of the Union address last night, President Obama made it very clear that cybersecurity is on his agenda for 2015.  After stating that:  “No foreign nation, no hacker should be able to shut down our networks, steal our trade secrets or invade the privacy of American families, especially our kids,”… Continue Reading

White House Proposes National Data Breach Notification Standard

Posted in Cybersecurity, Data Breach, Data Breach Notification, Federal Trade Commission, Legislation, Privacy Regulation

Written by Cynthia Larose, CIPP and Ari Moskowitz, CIPP This has been a big week for cybersecurity announcements from Washington.   In what the White House has called a series of “SOTU Spoilers,” President Obama announced his intention to follow through on some of the recommendations in his administration’s Big Data report — the culmination of… Continue Reading

Privacy Monday – January 12, 2015

Posted in Cybersecurity, Data Breach Notification, Data Compliance & Security, Employee Privacy, Federal Trade Commission, Legislation, Privacy Monday, Privacy Regulation, Security

Three privacy/security stories that you should know as you start your week:   President Obama to Offer Cybersecurity/Privacy Previews to State of the Union Proposals In a series of speeches this week, President Obama will preview important issues to appear in his January 20th State of the Union address.    A White House official said… Continue Reading