Header graphic for print

Privacy & Security Matters

Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

Privacy Monday – February 23, 2015

Posted By Cynthia Larose on Posted in Events and Webinars, Privacy Monday

It’s another Privacy Monday!

Privacy in the Workplace Webinar

Our next Wednesday Webinar is coming up on February 25th, with a focus on privacy in the workplace. Our workplace is everywhere these days, which makes employment and privacy compliance even more challenging. Jen Rubin and Gauri Punjabi will discuss developments in the workplace privacy field, including statutory developments, mobile device regulation, social media’s impact on workplace privacy, recruiting and hiring, and some practical advice to keep your workplace policies in compliance with rapid legal developments.  Register here!

 

Are You Attending the IAPP Global Summit in D.C.?  Pre-Game with Mintz!

In the wake of the Anthem breach, we’ll be presenting a timely seminar in our Washington, D.C. office on Tuesday, March 3rd:  HACKED!  What to Do When It Happens to You

This roundtable, featuring national subject matter experts from the United States Secret Service and the Federal Bureau of Investigation, as well as forensic and legal professionals, will provide unique and important insights, tips, and advice on current cyber threats affecting your business and what to do when the cyber-thief strikes and the opportunity for in-person, live discussion with law enforcement officials.  Early registration (here) is encouraged, because space is limited.

Tweet Like Email linkedin
Comments Off

Two Upcoming Privacy/Cybersecurity Events – Register Now!

Posted By Cynthia Larose on Posted in Cybersecurity, Data Breach, Employee Privacy, Events and Webinars, Security

The Mintz Levin Privacy & Data Security Team invites you to register and join us at two upcoming events:

Our next Wednesday Webinar is coming up on February 25th, with a focus on privacy in the workplace. Our workplace is everywhere these days, which makes employment and privacy compliance even more challenging. Jen Rubin and Gauri Punjabi will discuss developments in the workplace privacy field, including statutory developments, mobile device regulation, social media’s impact on workplace privacy, recruiting and hiring, and some practical advice to keep your workplace policies in compliance with rapid legal developments.  Register here!

In the wake of the Anthem breach, we’ll be presenting a timely seminar in our Washington, D.C. office on Tuesday, March 3rd:  HACKED!  What to Do When It Happens to You

This roundtable, featuring national subject matter experts from the United States Secret Service and the Federal Bureau of Investigation, as well as forensic and legal professionals, will provide unique and important insights, tips, and advice on current cyber threats affecting your business and what to do when the cyber-thief strikes and the opportunity for in-person, live discussion with law enforcement officials.  Early registration (here) is encouraged, because space is limited.

Cybersecurity Executive Order: Not Much New

Posted By Jonathan Cain on Posted in Cybersecurity, Cybersecurity, Data Compliance & Security, Uncategorized

President Obama’s February 13 Executive Order, “Promoting Private Sector Cybersecurity Information Sharing” (the “EO”), turns out to be light on new measures to improve cybersecurity, but focused heavily on adjustments to prior Executive Orders implementing the rules for handling classified information.  This focus introduces concerns about government agencies picking winners and losers in the cybersecurity business by giving some access to data while keeping others out of the room when information about pending cyber threats and technical responses is being discussed.  Privacy concerns received only a passing mention in the EO, which irritated civil liberties groups.  Liability limitations for private companies sharing cyber security data received no attention at all, which irritated data industry players. Continue Reading

California May Limit Law Enforcement’s Warrantless Data Collection

Posted By Peter Day and Cynthia Larose on Posted in Cybersecurity, Privacy Regulation

Eager to retain its spot among the principal laboratories for domestic privacy legislation, California’s legislature is set to debate Senate Bill 178, legislation restricting state law enforcement agencies from requesting data without a warrant. Five other states have adopted similar legislation in recent months, and California’s proposal largely follows that trend. Continue Reading

Could the Anthem Hack Happen in NY? New Report Highlights Risk for NY Insurers

Posted By Cynthia Larose on Posted in Cybersecurity, Data Breach, HIPAA/HITECH, Security

The New York State Department of Financial Services (the “Department”) recently released a “Report on Cyber Security in the Insurance Sector” (the “Report”). The Report was released on February 8, 2015,  just four days after Anthem first reported the breach of its database estimated to contain as many as 80 million customer records. While the Report does not directly address the Anthem breach (the Department addressed Anthem’s breach in a separate alert), its findings provide a detailed look at the current cyber security landscape in which the Anthem breach occurred.

The Report analyzes survey data collected  from 43 insurance entities that collectively hold a staggering $3.2 trillion of combined assets. Of these 43 entities, 21 are health insurance providers, 12 are property and casualty insurance providers, and 10 are life insurance providers. The Report’s questions address six main topics: (1) the insurer’s information security framework; (2) the use and frequency of penetration testing and results; (3) the budget and costs associated with cyber security; (4) corporate governance around cyber security; (5) the frequency, nature, cost of, and response to cyber security breaches; and (6) the company’s future plans on cyber security.   In an effort to obtain a broader understanding of the context of these cyber security programs within the insurers’ overall risk management strategy, the Report also analyzes the statutorily required enterprise risk management (“ERM”) reports that certain insurers filed with the Department.

To read more on the Report, head over to our sister blog, Mintz Levin’s Health Law & Policy Matters.

Register for our next Wednesday Webinar — February 25

Posted By Cynthia Larose on Posted in Employee Privacy, Events and Webinars, HIPAA/HITECH, Identity Theft, Mobile Privacy, Privacy Litigation, Security, Social Media

Registration is open for the next installment in the Mintz Levin Privacy & Security Group Wednesday Webinar series —

This webinar,  scheduled for Wednesday, February 25,  will focus on privacy in the workplace. Our workplace is everywhere these days, which makes employment and privacy compliance even more challenging. Jen Rubin and Gauri Punjabi will discuss developments in the workplace privacy field, including statutory developments, mobile device regulation, social media’s impact on workplace privacy, recruiting and hiring, and some practical advice to keep your workplace policies in compliance with rapid legal developments.

Save the date and register online here!

Continue Reading

The Anthem Data Breach: The Fallout and What’s Next

Posted By Cynthia Larose and Kevin M. McGinty on Posted in Class Action Litigation, Cybersecurity, Data Breach, Data Breach Notification, HIPAA/HITECH, Identity Theft

By now (unless you have been under a snow drift), you have likely heard about the apparent intrusion into a database at the nation’s largest health insurer, Anthem, Inc.  Rather than reiterate the facts as currently known (see Anthem’s dedicated website for updates), we’ll look at the fallout and what’s next. Continue Reading

Tweet Like Email linkedin
Comments Off
Tags: ,

Who’s your role model for EU privacy notices? The latest Google Undertaking

Posted By Susan Foster on Posted in European Union, Mobile Privacy, Online Advertising, Uncategorized

When small and mid-size companies start expanding their apps or web presence into Europe, they need to start thinking about EU data protection laws.  It’s tempting to take a look at what one or two of the “big guys” do about EU data protection compliance and think that whatever  the big guys do in Europe must be good enough.  But the ongoing saga between Google and the EU’s data protection authorities shows that this approach shouldn’t be adopted uncritically.

In the latest Google EU privacy development, Google has signed an undertaking (binding commitment) with the UK’s data protection office (the ICO) to make a number of changes to its privacy policy.  Google has been in dialogue with EU data protection offices both at the country level and through the Article 29 Working Party since Google adopted a unified privacy policy across its products and businesses in 2012.  While the ICO has recognized that Google has made progress since 2012, the ICO has recently determined that “further improvements” are needed.  Google has agreed to a number of specific requirements, including:

  • Making it easier for users to find information about Google’s privacy policy.
  • Describing its data processing activities more clearly in its privacy policy, including clarifying the types of information that it processes, the purposes, and how users can exercise their rights.
  • Providing “clear, unambiguous and comprehensive information” regarding its data processing,” including an “exhaustive list of the types of data . . . and purposes.”
  • Providing more information about its use of anonymous identifiers (a next-generation tracking/behavioral profiling technology that’s being developed and may eventually replace cookies).
  • Educating its employees better concerning notice and consent requirements.
  • Making sure that users are equally protected regardless of what device they are using (mobile phones, tablets, desktops, and any new devices that are invented).

Google has committed to putting these changes into effect by June 30, 2015.  In the meantime, Google’s undertaking provides a useful spotlight on the areas of EU data protection compliance that the ICO (and other data protection offices) think require significant attention.

REMINDER – Surviving a HIPAA Audit – TOMORROW

Posted By Cynthia Larose on Posted in Uncategorized

Don’t forget our webinar (rescheduled due to the Blizzard of 2015) on tips to prepare for (and survive) the HIPAA audits that are coming ..

 

Register here!

Tweet Like Email linkedin
Comments Off

Privacy Monday – February 2, 2015

Posted By Cynthia Larose on Posted in Privacy Monday

Happy Groundhog Day!   While we were recovering from last night’s heart-attack Super Bowl 2015,  Punxsutawney Phil saw his shadow this morning …. predicting 6 more weeks of winter, for an already winter-weary US. #sixmoreweeksofwinter

Three things you should know on this Privacy Monday:

Over 110,000 Facebook Uses Hit With Malware
Cybercriminals are targeting Facebook users with malware embedded in videos that are pushed to their timeline and in which their friends are tagged. Security researchers from Bitdefender say victims are taken to a video, which redirects them to a site that analyzes their operating system for weaknesses and eventually installs malicious software that give hackers access to their machines.   The malware is described in a post via the Full Disclosure mailing list.    Read more about the malware at CSO Online.
Continue Reading