Header graphic for print
Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

Data Breach

Subscribe to Data Breach RSS Feed

(So) What if there’s no Safe Harbor 2.0?

Posted in Data Breach, Data Breach Notification, Data Compliance & Security, EDPS, Employee Privacy, EU Data Protection Regulation, European Court of Justice, European Union, Federal Trade Commission, Legislation, Privacy Regulation, Safe Harbor

There’s no doubt businesses in the EU and US would breathe a sigh of relief if a new Safe Harbor agreement is put in place between before European data protection authorities start prosecuting companies for potentially illegal personal data transfers to the US.  But if it doesn’t happen, the US is actually not any worse… Continue Reading

Cybersecurity Tops SEC Office of Compliance Inspections 2016 Examination Priorities

Posted in Cybersecurity, Data Breach, Privacy Regulation, Securities & Exchange Commission

The 2016 lists are starting to be released by regulatory agencies in the United States, giving a heads’ up to covered entities as to what compliance issues will take front and center this year.  Once again, the Office of Compliance Inspection (OCIE) of the US Securities & Exchange Commission (SEC) has put cybersecurity on the top… Continue Reading

The EU Commission’s spin on the new General Data Protection Regulation

Posted in Data Breach, Data Breach Notification, Data Compliance & Security, EDPS, EU Data Protection Regulation, European Union, Events and Webinars, Safe Harbor, Uncategorized

The European Union Commission has issued a fact sheet on the new General Data Protection Regulation (final post-trilogue text available via Statewatch).  The Commission claims that the Regulation is good for individuals and good for business.  We’ll leave that to readers . . . and history . . . .to decide. As regulations go, the… Continue Reading

Key EU Parliamentary Committee Votes to Adopt the General Data Protection Regulation

Posted in Data Breach, Data Breach Notification, Data Compliance & Security, EDPS, Employee Privacy, EU Data Protection Regulation, European Union

As expected, the EU Parliament’s Committee on Civil Liberties, Justice and Home Affairs (also known as LIBE) voted today to adopt the new General Data Protection Regulation (see the summary we provided yesterday here).  A LIBE press release announced the vote with the proclamation “New EU rules on data protection put the citizen back in the driving seat.”  The vote was… Continue Reading

The General Data Protection Regulation in Bullet Points

Posted in Data Breach, Data Breach Notification, Data Compliance & Security, EDPS, Employee Privacy, EU Data Protection Regulation, European Union, Privacy Regulation, Safe Harbor, Security, Social Media

Updated at 8:50 pm GMT on 16 December 2015. The new General Data Protection Regulation is effectively a “done deal” following the final trilogue meeting on December 15.  One might assume based on UK media coverage that the biggest change in EU privacy law is that kids under 16 will need their parent’s consent to… Continue Reading

HIPAA and Health Care Data Privacy – 2015 in Review

Posted in Cybersecurity, Data Breach

As the year winds down, we look back with a mixture of nostalgia and queasiness on the major Health Insurance Portability and Accountability Act (HIPAA) events that defined 2015. Incredibly large data breaches became disturbingly routine, calling into question the ability of insurers and providers to protect their increasingly large troves of sensitive health information…. Continue Reading

Wyndham and FTC Settle Case Over “Unfair” Data Security Practices

Posted in Cybersecurity, Data Breach, Federal Trade Commission, Privacy Litigation, Security

The years-long saga of the Federal Trade Commission’s suit against Wyndham Hotels over data breaches that occurred at least as early as April 2008 is finally coming to an end with a proposed settlement filed today with the court.  The original complaint, which is summarized in this post from 2012, alleged that Wyndham’s claims to… Continue Reading

Happy Holidays: VTech data breach affects over 11 million parents and children worldwide

Posted in Children, Cybersecurity, Data Breach, Privacy Litigation

The recent data breach of Hong Kong-based electronic toy manufacturer VTech Holdings Limited (“VTech” or the “Company”) is making headlines around the world for good reason: it exposed sensitive personal information of over 11 million parents and children users of VTech’s Learning Lodge app store, Kid Connect network, and PlanetVTech in 16 countries! VTech’s Learning… Continue Reading

Target and Card Issuers Reach Final Data Breach Settlement

Posted in Class Action Litigation, Data Breach, Privacy Litigation

Two years after the massive holiday season theft of customers’ payment card data from Target point of sale terminals, the Target data breach litigation appears to be entering its final act.  On Tuesday, December 1, Target entered into a settlement agreement with a class of banks and financial institutions that issued the credit and debit… Continue Reading

Wednesday Webinar: Tricks, But No Treats – A Halloween Visit to the Frightening World of Data Security Litigation

Posted in Class Action Litigation, Cybersecurity, Data Breach, Events and Webinars, Privacy Litigation, Security

To take a step back from our continuing analysis of the situation and developments in Europe,  there are other things going on in the privacy and data security world!   Our October Wednesday Webinar is coming up and we will take a walk on the wild side:  data security litigation.    Registration is open now! Read more –

Strike Suit Offers Conjectures, And Little More, About Scottrade Data Breach

Posted in Class Action Litigation, Cybersecurity, Data Breach, Data Breach Notification, Identity Theft, Privacy Litigation

As reported on Friday in the Krebs on Security blog, online broker Scottrade had sent an e-mail to customers earlier that day stating that it recently had learned from law enforcement officials that Scottrade was one of a number of financial services companies that had been victimized by data thieves.  That very same day saw… Continue Reading

Sony: Stipulation Announces (but does not disclose) Employee Data Breach Class Settlement

Posted in Class Action Litigation, Data Breach, Employee Privacy, Identity Theft, Privacy Litigation

This Is The End? Settlement appears imminent in an employee class action against Sony Pictures Entertainment (“SPE”) arising from disclosure of their personally identifiable information (“PII”) in a massive data breach allegedly perpetrated by North Korean hackers in retaliation for SPE’s release of “The Interview,” a satirical comedy depicting an attempt on the life of… Continue Reading

Banks’ Class Certification Motion Trumpets Target Data Security Failings, Ignores Impact of Card Association Settlements

Posted in Class Action Litigation, Data Breach, Privacy Litigation

Card-issuing banks are forging ahead with their lawsuit against Target arising from the 2013 holiday shopping season data breach.  Their July 1 motion for class certification has just been unsealed, allowing a glimpse at plaintiffs’ version of the events during November and December 2013 that resulted in theft of payment card data for 40 million Target… Continue Reading

The Third Party Vendor Risk to Your Data – Wednesday Webinar

Posted in Data Breach, Events and Webinars, Security

Risks to sensitive data have never been greater. With the rise in cyber attacks and data breaches, outsourcing to third parties can present an exponential threat to corporations. New regulations, technologies, standards, and security threats require organizations to implement robust vendor oversight to meet and stay ahead of the latest risks and challenges from new… Continue Reading

Privacy Monday – August 24, 2015 – Breaking News: FTC vs. Wyndham Update

Posted in Cybersecurity, Data Breach, Federal Trade Commission, Privacy Litigation, Privacy Monday

Rather than our usual Privacy Monday “bits and bytes,” we have a breaking story relating to the ongoing Wyndham/FTC saga. Today, Wyndham Worldwide Corp. lost a critical round in the Third Circuit.   Anticipated since April, 2014, the three-judge panel upheld U.S. District Judge Esther Salas’ ruling that the Federal Trade Commission (FTC) has the authority… Continue Reading

Breaking News: Target to Settle Data Breach Claims of Visa Card Issuers for $67 Million

Posted in Class Action Litigation, Data Breach, Privacy Litigation

Target has announced that it has entered into a settlement with Visa to resolve claims of issuers of Visa credit and debit cards arising from Target’s November 2013 data breach.  The proposed settlement will pay issuers of Visa payment cards up to $67 million to reimburse losses associated with the theft of card numbers from… Continue Reading

Privacy Monday – August 17, 2015: Three Bytes for End of Summer

Posted in Cybersecurity, Data Breach, EU Data Protection Regulation, Events and Webinars, Federal Trade Commission, HIPAA/HITECH

It’s Privacy Monday again – and summer is winding down. Here are three bytes of privacy/security information to start your week: 1.  House Committee Releases HHS Breach Investigation If you are subject to HIPAA and the oversight of the Department of Health and Human Services (HHS), schadenfreude will probably best describe your reaction. A report… Continue Reading

Neiman Marcus Chides Seventh Circuit Panel

Posted in Class Action Litigation, Data Breach, Privacy Litigation

Neiman Marcus Petition Claims that Seventh Circuit Decision Invents Harm to Find Standing to Bring Data Breach Claims Retailer Neiman Marcus has filed a petition seeking en banc review by the entire Seventh Circuit of the decision by a three-judge panel of that court in Remijas v. Neiman Marcus Group, LLC reversing dismissal of consumer data… Continue Reading

Massachusetts Appeals Court Set to Consider Scope of Employer Liability for Employee Data Breaches

Posted in Cybersecurity, Data Breach, Employee Privacy, Uncategorized

By Breton Leone-Quick Many of the highest-profile and headline-catching data breaches involve external breaches of a company’s electronic systems. But the reality that these headlines obscure is the fact that internal data breaches are generally more prevalent and represent a primary source of concern for data security managers. The legal liability of employers for data… Continue Reading

Data Breach = Class Action Suit. Again.

Posted in Class Action Litigation, Data Breach, Data Breach Notification, HIPAA/HITECH

Originally posted in Mintz Levin’s Health Law & Policy Matters Blog Written by Jordan Cohen In yet another data breach affecting millions of individuals, UCLA Health System (“UCLA”) reported on Friday – July 17, 2015 – that hackers had accessed portions of its health network that contained personal information, including names, addresses, dates of birth, social security numbers, medical record… Continue Reading

Change in the Prevailing Winds in Consumer Data Breach Cases?

Posted in Class Action Litigation, Data Breach, Privacy Litigation

Seventh Circuit Rules Consumers Have Standing to Sue in Neiman Marcus Payment Card Data Breach Case In Remijas v. Neiman Marcus Group, LLC, the Seventh Circuit reversed a district court decision dismissing consumer payment card data breach claims for lack of standing.  The appellate panel held that injuries consisting of 1) lost time and money resolving… Continue Reading

Privacy Monday – July 20, 2015: Hack Attack on Adultery Site Ashley Madison

Posted in Cybersecurity, Data Breach, Data Breach Notification, HIPAA/HITECH, Privacy Monday

It’s Monday!   Once again, data breaches and hacks are front and center, so here are three stories you should know about to start your week. 1.    The Site that Promises “Discreet Encounters” Hacked — Karma? If you have not heard the provocative ad campaign launched by a site called AshleyMadison, it may surprise… Continue Reading