Not only the last Monday in June, but the last day of June. There are quite a few privacy-related things taking effect tomorrow, July 1. Some reminders: Florida Amendments to Data Breach Notification Law The Florida Information Protection Act of 2014 (“FIPA”) takes effect tomorrow. The FIPA essentially repeals Florida’s existing data breach notification law and… Continue Reading
Data Breach Notification
Subscribe to Data Breach Notification RSS FeedWyndham Gets Life Preserver in Data Breach Case
Posted in Data Breach, Data Breach Notification, Federal Trade Commission, Privacy LitigationWritten by Adam Veness New Jersey U.S. District Judge Esther Salas agreed to allow Wyndham Hotels and Resorts LLC to immediately appeal to the Third Circuit a ruling affirming the FTC’s authority to bring data security cases. We have been following this case since the beginning, and you can see our last post here. Judge Salas… Continue Reading
D’oh! OCR Confirms that Medical Records Should Not be Left in the Driveway
Posted in Data Breach, Data Breach Notification, HIPAA/HITECHWritten by Dianne J. Bourque (reprinted from Mintz Levin’s Health Law Policy Matters blog) The most recent Office for Civil Rights (“OCR”) HIPAA enforcement action serves as an important reminder to health care providers of the security risks associated with a mishandled medical records custody transfer and the risks of leaving paper records in the… Continue Reading
Five Lessons from OCR’s Report to Congress on Breaches and HIPAA Rules Compliance
Posted in Cybersecurity, Data Breach, Data Breach Notification, HIPAA/HITECH, Privacy Regulation, SecurityWritten by Stephanie D. Willis and Dianne J. Bourque (republished from Mintz Levin’s Health Law Policy Matters blog) Last week, the HHS Office of Civil Rights (OCR) released two reports required by the Health Information Technology for Economic and Clinical Health (HITECH) Act: (i) the Annual Report to Congress on Breaches of Unsecured Protected Information… Continue Reading
Record $4.8 Million HIPAA Fine Assessed
Posted in Data Breach Notification, HIPAA/HITECHIn the largest Health Insurance Portability and Accountability Act (HIPAA) settlement to date, two New York hospitals have agreed to pay $4.8 million to settle allegations that they failed to secure thousands of patients’ electronic protected health information (ePHI) held on their shared network. Our sister blog, Health Law Policy Matters, provides an analysis of the incidents and… Continue Reading
Privacy Monday - May 12, 2014
Posted in Data Breach, Data Breach Notification, Data Compliance & Security, Privacy Monday, Privacy RegulationAnother busy week in the privacy/security world. We have some bits and bytes to start your week: Verizon 2014 Data Breach Investigation Report - Something Old, Something New Verizon is out with its 2014 edition of the comprehensive Data Breach Investigation Report (DBIR). You can get your copy here for your reading pleasure — or… Continue Reading
Minnesota Proposes Expansive Amendment to Data Breach Notification Law
Posted in Data Breach, Data Breach Notification, LegislationTwo days ago, we heard that Target Corporation has brought in an information security heavy hitter to oversee the company’s post-breach data security and technology operations. Now we learn that its home base of operations, Minnesota, is the latest state to propose a legislative reaction to the Target data breach. The Minnesota legislature has introduced an… Continue Reading
The Digital Side of Corporate Risk Management
Posted in Cybersecurity, Data Breach NotificationCompanies today need to be thinking of cyber risk management as part of their overall corporate risk management. The first step for companies is knowing the privacy laws in their industry as well as across states, says Mintz Levin’s Cynthia Larose, editor of this blog and chair of the Privacy & Security Practice, in “Corporate Risk… Continue Reading
Get your updated Mintz Matrix!
Posted in Data Breach, Data Breach NotificationAs our readers know, we maintain a summary of the US state data breach notification laws, which we refer to as the “Mintz Matrix.” We update the Mintz Matrix on a quarterly basis, or more frequently if developments dictate. We’ve updated the Mintz Levin State Data Breach Notification Matrix to reflect recent changes to Kentucky’s… Continue Reading
Privacy & Security Bits and Bytes
Posted in Cybersecurity, Data Breach, Data Breach Notification, SecurityThere has been so much news swirling in the data privacy and security world in the last few days, that it has been difficult to keep up. We’ll give you a roundup here for your Friday and weekend reading. Heartbleed - Where Are We? By now, you should know whether your web-facing applications… Continue Reading
Target Becomes a Target: Proposed California Bill Aims to Make Retailers Liable for Data Breach Incidents
Posted in Data Breach, Data Breach Notification, Privacy RegulationWritten by Jake Romero, CIPP/US Following a string of high-profile data breaches and new data suggesting that approximately 21.3 million customer accounts have been exposed by data breach incidents over the past two years, the California legislature has introduced legislation aimed at making retailers responsible for certain costs in connection with data breach incidents. If… Continue Reading
Privacy Monday - March 31, 2014 OPENING DAY!
Posted in Cybersecurity, Data Breach, Data Breach Notification, Employee Privacy, UncategorizedLast Monday in March (Opening Day for you baseball fans) - some privacy/security bits and bytes to close out the month. Microsoft: “We won’t access private e-mail accounts … Promise.” Microsoft has committed to no longer accessing the private e-mail accounts of its users after criticism that the company looked at the e-mail of a former employee… Continue Reading
Risky Business: Target Discloses Data Breach and New Risk Factors in 8-K Filing… Kind Of
Posted in Data Breach, Data Breach Notification, Privacy RegulationWritten by Adam Veness After Target Corporation’s (NYSE: TGT) net earnings dropped 46% in its fourth quarter compared to the same period last year, Target finally answered the 441 million dollar question – To 8-K, or not to 8-K? Target filed its much anticipated Current Report on Form 8-K on February 26th, just over two… Continue Reading
“Sophisticated” Breach Exposes 300,000 Student Records at University of Maryland: 3 Questions You Should Ask
Posted in Cybersecurity, Data Breach, Data Breach NotificationOfficials at the University of Maryland (“University” or “UMD”) announced that UMD was the victim of a significant security breach that took place on Tuesday, February 18 (the “Breach” or “Incident”). The Incident, characterized as a “sophisticated computer security attack” by both the University’s President and the Chief Information Officer, exposed records containing the… Continue Reading
Federal Data Security Breach Notification – is 2014 the Year?
Posted in Data Breach Notification, Privacy RegulationWritten by Amy Malone Data privacy legislation has been introduced regularly, but has yet to pass, could this be the year? The recent breaches at Target and Neiman Marcus (see our posts here, here, here) have drawn national attention and may be the impetus needed to pass the legislation. Currently two bills addressing data breaches… Continue Reading
Some Reading for #DPD2014
Posted in Cybersecurity, Data Breach, Data Breach Notification, Data Compliance & SecurityWe have some reading to add to your Data Privacy Day (#DPD2014) activities: New California Data Breach Notification Requirements BNA Privacy and Security Law Report Privacy Policies: How to Effectively Communicate with Consumers Privacy 101: The Best Defense is A Good Offense
To 8-K, or not to 8-K? For Target, that is indeed the question.
Posted in Data Breach, Data Breach NotificationWritten by Adam Veness and Cynthia Larose As anyone with a pulse and a computer, television or carrier pigeon knows, Target Corporation (NYSE: TGT) suffered a major data breach in December – the extent of which is still being uncovered – and pegs the latest number of customers that have had their personal information stolen anywhere… Continue Reading
The Number of The Day: 70 Million (at least)
Posted in Data Breach, Data Breach NotificationThe Target data breach story keeps getting worse. The December pre-Christmas disclosure was the theft of up to 40 million Target shoppers’ credit and debit card information in what appeared to have been a hack of the Target point-of-sale system that allowed the thieves to swipe magnetic card data as customers checked out. … Continue Reading
On the 12th Day of Privacy, ISO gave to me….
Posted in Data Breach, Data Breach NotificationNo, not this ISO — THIS ISO Written by Nancy Adams, CPCU The question is not whether a company will be the target of a data breach, but when. Verizon’s most recent Data Breach Investigation Report states that, in 2012, there were over 47,000 reported security incidents, which resulted in 621 confirmed data disclosures and at… Continue Reading
On the 9th Day of Privacy, the European Union Gave to Me . . .
Posted in Data Breach Notification, Data Compliance & Security, Employee Privacy, European Union, Legislation, Privacy Regulation. . . a delayed delivery notice for the biggest package of the holiday season! Written by Susan Foster, Solicitor, England & Wales/Admitted in California, CIPP-E (LONDON) Major changes are on the way in Europe that will have a significant impact on companies anywhere in the world that collect or process personal data of residents… Continue Reading
On the Second Day of Privacy, California Gave to Me……
Posted in Children, Data Breach Notification, Data Compliance & Security, Legislation, Privacy RegulationWell, the headlines don’t exactly work with the traditional tune, but blame the editor for that….. Written by Jake Romero, CIPP/US 2013 was a busy year for California. We passed a budget with a surplus, let Kim and Kanye get engaged in one of our stadiums and panicked over possibly losing Sriracha sauce. At the… Continue Reading
Privacy Monday - November 11, 2013
Posted in Data Breach, Data Breach Notification, Privacy MondayFirst and foremost, this is Veterans’ Day in the US. Let’s take a moment to thank all of those who served and who still serve, and honor the memory of those who gave their all. Businesses are offering special deals to veterans today — here’s a good list. Nice gesture, but let’s remember them… Continue Reading
Privacy Monday - October 21, 2013
Posted in Data Breach Notification, Data Compliance & Security, European Union, Mobile Privacy, Privacy MondayPrivacy tidbits and bytes for this Monday — App Developers - Put this on your calendar! Now that the US government shutdown is over, the Federal Trade Commission (FTC) has announced its participation in a workshop with the Application Developers Alliance and the California Attorney General’s office on best practices for mobile app privacy. The Mobile Privacy… Continue Reading
Changes to California’s Privacy Laws: What They Mean for Your Business
Posted in Data Breach Notification, Data Compliance & Security, Privacy RegulationThe federal government may be completely unable to pass laws, but that certainly isn’t the case with the State of California, which has just completed a data privacy hat trick by passing three significant laws addressing a broad subset of data privacy issues. The big question: is your online and/or mobile business ready for the… Continue Reading
