Header graphic for print
Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

Data Compliance & Security

Subscribe to Data Compliance & Security RSS Feed

(So) What if there’s no Safe Harbor 2.0?

Posted in Data Breach, Data Breach Notification, Data Compliance & Security, EDPS, Employee Privacy, EU Data Protection Regulation, European Court of Justice, European Union, Federal Trade Commission, Legislation, Privacy Regulation, Safe Harbor

There’s no doubt businesses in the EU and US would breathe a sigh of relief if a new Safe Harbor agreement is put in place between before European data protection authorities start prosecuting companies for potentially illegal personal data transfers to the US.  But if it doesn’t happen, the US is actually not any worse… Continue Reading

The EU Commission’s spin on the new General Data Protection Regulation

Posted in Data Breach, Data Breach Notification, Data Compliance & Security, EDPS, EU Data Protection Regulation, European Union, Events and Webinars, Safe Harbor, Uncategorized

The European Union Commission has issued a fact sheet on the new General Data Protection Regulation (final post-trilogue text available via Statewatch).  The Commission claims that the Regulation is good for individuals and good for business.  We’ll leave that to readers . . . and history . . . .to decide. As regulations go, the… Continue Reading

Key EU Parliamentary Committee Votes to Adopt the General Data Protection Regulation

Posted in Data Breach, Data Breach Notification, Data Compliance & Security, EDPS, Employee Privacy, EU Data Protection Regulation, European Union

As expected, the EU Parliament’s Committee on Civil Liberties, Justice and Home Affairs (also known as LIBE) voted today to adopt the new General Data Protection Regulation (see the summary we provided yesterday here).  A LIBE press release announced the vote with the proclamation “New EU rules on data protection put the citizen back in the driving seat.”  The vote was… Continue Reading

The General Data Protection Regulation in Bullet Points

Posted in Data Breach, Data Breach Notification, Data Compliance & Security, EDPS, Employee Privacy, EU Data Protection Regulation, European Union, Privacy Regulation, Safe Harbor, Security, Social Media

Updated at 8:50 pm GMT on 16 December 2015. The new General Data Protection Regulation is effectively a “done deal” following the final trilogue meeting on December 15.  One might assume based on UK media coverage that the biggest change in EU privacy law is that kids under 16 will need their parent’s consent to… Continue Reading

Data Breach Planning in 10 Easy Steps: How to Think Like A Litigator

Posted in Class Action Litigation, Data Compliance & Security, Events and Webinars, Privacy Litigation, Privacy Monday

For the first Monday in November, we have 10 easy steps to make sure that your data breach incident response planning is viewed from that pesky point of view of a litigator. Fail to plan = plan to fail. Big problems first, small problems later (don’t let the perfect be the enemy of the good)…. Continue Reading

EU Parliament Committee calls on the Commission for immediate action on US data transfers

Posted in Data Compliance & Security, EU Data Protection Regulation, European Court of Justice, European Union, Legislation, Safe Harbor, Social Media

The EU Parliament committee that is charged with considering data protection matters (LIBE) has issued a press release calling on the European Commission to take action before the end of 2015 to come up with alternatives to Safe Harbor.  Importantly, LIBE has also called on the Commission to reassess whether the European Court of Justice’s… Continue Reading

Safe Harbor Invalidated – What’s Next on the Chopping Block?

Posted in Data Compliance & Security, Employee Privacy, EU Data Protection Regulation, European Court of Justice, European Union, Privacy Regulation, Safe Harbor, Social Media

  As I reported earlier today, the Court of Justice of the EU (ECJ) has declared Safe Harbor invalid.  The full decision is now available online  in English here (other languages also available at curia.europa.eu by searching on C-362/14). There are two key elements of the ECJ’s decision.  The first is that national data protection… Continue Reading

EU Top Court Invalidates Safe Harbor and Sends Facebook Case Back to Irish Data Protection Authority

Posted in Data Compliance & Security, EU Data Protection Regulation, European Court of Justice, European Union, Federal Trade Commission, Privacy Regulation, Safe Harbor, Social Media

UPDATE: Here’s a link to the English-language version of the ECJ’s full decision: Schrems Safe Harbor Decision A press release issued by the Court of Justice of the EU (ECJ) regarding its decision in the Schrems Safe Harbor case (C-362/14) confirms that the ECJ has declared Safe Harbor invalid.  The ECJ has sent the case back… Continue Reading

EU-US Safe Harbor Program and the Court of Justice of the EU’s Decision — Protect Your Business!

Posted in Data Compliance & Security, EU Data Protection Regulation, European Court of Justice, European Union, Events and Webinars, Safe Harbor

Since the Snowden revelations, trouble has been brewing for the EU-US Safe Harbor program and companies which utilize this program to make transfers of personal information from the EU to the US legal under EU privacy laws. On October 6, the uncertainty generated last week by Advocate General Yves Bot’s opinion invalidating Safe Harbor will… Continue Reading

Court of Justice of the EU Decision on Safe Harbor Expected October 6

Posted in Data Compliance & Security, EU Data Protection Regulation, European Court of Justice, European Union, Safe Harbor

    The European Court of Justice (ECJ) has announced that it will release its decision in the Schrems Safe Harbor case on Tuesday, October 6.  It is highly unusual for the ECJ to issue a decision so quickly after publication of the Advocate General’s opinion on a case.  However, the ECJ seems to be… Continue Reading

ECJ Advocate General’s Safe Harbor Opinion Points Towards Imminent End of Safe Harbor As We Know It

Posted in Data Compliance & Security, EU Data Protection Regulation, European Court of Justice, European Union, Safe Harbor

  Does your company rely on Safe Harbor to transfer personal data from Europe to the US?  If so, it’s time to think about alternatives to Safe Harbor – and fast. The European Union’s Data Protection Directive (1998) prohibits the transfer of personal information outside of the European Economic Area unless the receiving country ensures… Continue Reading

Back to School – and the SEC Cybersecurity Exams (Register now for our September Privacy Webinar!)

Posted in Cybersecurity, Data Compliance & Security, Events and Webinars, Privacy Regulation

It’s back to school time – time to put away the flip flops and beach chairs and settle back into the routine.   To help motivate you, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) has announced a new round of cybersecurity examinations!   This comes on the heels of the… Continue Reading

Recognizable Faces Disappear from Facial Recognition Meetings

Posted in Data Compliance & Security, Privacy Regulation

    Facing “industry stakeholders [that] were unable to agree on any concrete scenario” in which affirmative consent should be obtained from individuals before employing facial recognition technologies, nine consumer advocacy organizations made an about-face and withdrew from the multistakeholder process coordinated by the National Telecommunications and Information Administration (“NTIA”). These organizations, which include the… Continue Reading

New Hampshire Establishes Privacy Protections for Student Online Personal Information

Posted in Children, Data Compliance & Security, Privacy Regulation, Security

California again has provided a model of privacy legislation for other states to follow.  New Hampshire Governor Maggie Hassan recently signed into law House Bill 520 (the “Bill”), a bipartisan effort to establish guidelines for the protection of student online personal information. Who is covered by the Bill? Modeled after California’s Student Online Personal Information… Continue Reading

Data Breach Affects Millions of Current and Former Government Workers

Posted in Class Action Litigation, Data Breach, Data Compliance & Security, Employee Privacy, Identity Theft, Privacy Litigation, Security

The U.S. Office of Personnel Management (OPM) announced that hackers have stolen the personal information of approximately 4 million current and former federal employees, including names, birthdates and social security numbers.  OPM serves as the human resources department -and holds employee records – for the entire federal government, ranging from security clearances to the identities… Continue Reading

The NAI Issues Privacy Guidelines For Interest-Based Advertising, Ad Delivery and Reporting

Posted in Data Compliance & Security, Online Advertising

The Network Advertising Initiative (NAI) has issued guidance for its members on the use of non-cookie technologies for Interest-Based Advertising (IBA) and Ad Delivery and Reporting (ADR) (Guidance). The NAI is a self-regulatory organization for third-party digital advertising companies. Consistent with the NAI Code of Conduct (NAI Code) which was designed based on the Fair… Continue Reading

Privacy Monday – May 18, 2015

Posted in Children, Cybersecurity, Data Breach, Data Breach Notification, Data Compliance & Security, Events and Webinars, Mobile Privacy, Online Advertising, Privacy Monday, Security, Uncategorized

It’s Monday morning — do you know your privacy/security status? Here are a few bits and bytes to start your week. SEC to Registered Investment Advisers and Broker-Dealers:  It’s Your Turn to Pay Attention to Cybersecurity The Division of Investment Management of the Securities & Exchange Commission (SEC) has weighed in on cybersecurity of registered investment companies… Continue Reading

Breaking Down the DOJ Cybersecurity Unit’s Guidance on Responding to Cyberattacks

Posted in Cybersecurity, Data Breach, Data Compliance & Security, Privacy Litigation, Security

Another federal agency has weighed in with “guidance” on cybersecurity preparation and breach response.  The Department of Justice (DOJ) is the latest to issue guidance on how companies should respond to data breaches.   The guidance is not perfect, and in some respects is simply a recitation of existing best practices, but it is still valuable because… Continue Reading

Responding to Insider Data Theft

Posted in Cybersecurity, Data Compliance & Security, Events and Webinars, Security

Our 2015 monthly Privacy Issues Wednesday webinar series continued this month with Jonathan Cain and Paul Pelletier’s Responding to Insider Data Theft & Disclosure presentation.  Jonathan and Paul discussed how distinguishing the insider threat differs from the techniques used to identify and stop hackers, creating an environment that deters insiders from stealing data, and the… Continue Reading

Cross-Device Tracking: The New World

Posted in Data Compliance & Security, Federal Trade Commission, Mobile Privacy, Online Advertising, Uncategorized

Facebook does it.  Google does it.  It’s everywhere in the mobile ad ecosystem.  And your smartphone does it more often than you know, according to a study released on Monday by Carnegie Mellon. Now, Federal authorities have turned their attention to cross-device and cross-service tracking of consumers over the last several days and weeks. Speaking at… Continue Reading

State Data Breach Notification Law Updates

Posted in Cybersecurity, Data Breach Notification, Data Compliance & Security, Privacy Regulation

State legislatures are not waiting for Congressional action on a national data breach notification standard. Montana — Montana has amended its 10-year old breach notification law (see Mintz Matrix) to expand the definition of “personal information” and require notice to the state attorney general’s consumer protection office.  H.B. 74, signed into law by Governor Bullock,… Continue Reading

Privacy Monday – March 2, 2015: How is Your Cyber Resilience?

Posted in Cloud Computing, Cybersecurity, Data Compliance & Security, Privacy Monday, Security

Welcome to March (and in the Northeast, the arrival of meteorological spring is welcome indeed……) We start this month with a question:  Have you looked at your cyber resilience? The Federal Financial Institutions Examination Council (FFIEC) recently described “cyber resilience” as an organization’s ability to recover critical IT systems and resume normal business operations in… Continue Reading

Cybersecurity Executive Order: Not Much New

Posted in Cybersecurity, Data Compliance & Security, Uncategorized

President Obama’s February 13 Executive Order, “Promoting Private Sector Cybersecurity Information Sharing” (the “EO”), turns out to be light on new measures to improve cybersecurity, but focused heavily on adjustments to prior Executive Orders implementing the rules for handling classified information.  This focus introduces concerns about government agencies picking winners and losers in the cybersecurity… Continue Reading