Header graphic for print
Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

Privacy Regulation

Subscribe to Privacy Regulation RSS Feed

Innocents Abroad: Privacy Considerations for Employers

Posted in Data Compliance & Security, Employee Privacy, EU Data Protection Regulation, European Union, Privacy Regulation, Secure Traveling, Uncategorized

Mintz Levin’s Immigration Law Blog is running a series titled “Innocents Abroad” addressing issues in an increasingly globalized economy where employers assign employees all over the globe. These are big questions, reflecting some of the practical concerns in our international marketplace.  The series focuses on the well-intentioned Global HR Director, Ned Help, who will raise hot topics and… Continue Reading

PCI DSS 3.2: It’s here, what does it mean for you?

Posted in Cybersecurity, Privacy Regulation

The Payment Card Industry Security Standards Council (PCI SSC) has released a new version of its data security standard for the protection of cardholder data, the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS applies to all entities involved in payment card processing, including merchants, processors, acquirers, issuers, and service providers as well… Continue Reading

Get Ready for those HIPAA Audits – New Audit Protocol (and a Mintz Tool!)

Posted in HIPAA/HITECH, Privacy Regulation, Security

At long last, the Department of Health and Human Services Office for Civil Rights (OCR) has released a revamped audit protocol that now addresses the requirements of the 2013 Omnibus Final Rule. OCR will be using the audit protocol for its impending Phase 2 audits of covered entities and business associates, which are set to begin… Continue Reading

Article 29 Working Party Opinions on Privacy Shield and Surveillance

Posted in EDPS, EU Data Protection Regulation, European Court of Justice, European Union, Events and Webinars, Judicial Redress Act, Privacy Regulation, Privacy Shield, Safe Harbor, Uncategorized

The Article 29 Working Party has released opinions on Privacy Shield and “essential guarantees” under EU law relating to surveillance, here and here. Please join us in our webinar at 1 pm EDT today to learn more about the Article 29 Working Party’s opinion on Privacy Shield (register here).  We will look at the opinion’s likely… Continue Reading

FCC Broadband Privacy and Security Proposed Rulemaking Underway

Posted in Data Breach Notification, Data Compliance & Security, Federal Communications Commission, Privacy Regulation, Security

As we reported last month, the FCC was preparing a proposed rulemaking (NPRM) to establish privacy and data security requirements for broadband internet access service (BIAS) providers.  The FCC has now released that proposal with comments and reply comments due May 27th and June 27th respectively. The brief background to this proposal is that in… Continue Reading

The April 2016 Update — The Mintz Matrix

Posted in Data Breach, Data Breach Notification, Mintz Matrix, Privacy Monday, Privacy Regulation

In 2004, Mintz Levin created a compendium of state data breach notification laws and has been updating it on a regular basis ever since. Our latest update is available here, and it should be part of your incident response “toolbox” and part of your planning. Some changes of note Tennessee is our most recent state to amend its… Continue Reading

FCC Announces Broadband Privacy Proposal

Posted in Federal Communications Commission, Federal Trade Commission, Privacy Regulation

  FCC Chairman Tom Wheeler has announced that a proposed rulemaking is being circulated among the Commissioners that would establish privacy and data security requirements applicable to providers of broadband Internet access service (BIAS).  The Notice of Proposed Rulemaking (NPRM) itself will not be released to the public until the end of March when it… Continue Reading

Verizon Settles Supercookie Probe with FCC

Posted in Federal Communications Commission, Mobile Privacy, Privacy Regulation, Uncategorized

Verizon Wireless has reached a settlement with the Federal Communications Commission over Verizon’s insertion of unique identifier headers (“UIDH”), also known as “supercookies,” to track customers’ mobile Internet traffic without their knowledge or consent.  Verizon inserted UIDH into customers’ web traffic and associated the UIDH with customer proprietary information to create profiles and deliver targeted… Continue Reading

Apple vs. FBI: The House Judiciary Committee Hearing and Takeaways

Posted in Cybersecurity, Mobile Privacy, Privacy Litigation, Privacy Regulation, Security, Uncategorized

Among the major headlines dominating not only the recent news cycle, but also this week’s RSA Conference in San Francisco, has been Apple’s challenge to the federal government’s request that Apple assist in unlocking the iPhone recovered from the perpetrators of the shootings in San Bernardino.  On March 1, 2016, the House Judiciary Committee held… Continue Reading

California by the Numbers (Part 2): How to Stay out of the 2017 Report

Posted in Cybersecurity, Data Breach, Data Breach Notification, Privacy Regulation, Security, Uncategorized

Yesterday, we reviewed the staggering numbers in California Attorney General Kamala Harris’ 2016 Data Breach Report. In addition to providing a comprehensive analysis of four years of data breaches, the report provides what is an answer to the vexing question of what her office considers to be “reasonable security.”

Ransomware Strikes California Hospital – Could You Be Next?

Posted in Cybersecurity, Data Compliance & Security, HIPAA/HITECH, Identity Theft, Privacy Regulation, Security, Uncategorized

In a chain of events that should be a wake-up call to any entity using and storing critical health information (and indeed, ANY kind of critical information), Hollywood Presbyterian Medical Center (“HPMC”) has announced that it paid hackers $17,000 to end a ransomware attack on the hospital’s computer systems. On February 5, HPMC fell victim to an attack… Continue Reading

Commission Press Release and FTC Fact Sheet outlines the new EU-US “Privacy Shield”

Posted in European Court of Justice, European Union, Privacy Regulation, Privacy Shield, Safe Harbor

Update: The US Commerce Department has released a “fact sheet” on the new Privacy Shield agreement.   The European Commission has issued a press release that gives an outline of some key changes to the EU-US safe harbor, now dubbed the “Privacy Shield.”  The new accord still needs to be reviewed by the Article 29 Working… Continue Reading

Running Aground in the Surveillance Safe Harbor – Podcast Available

Posted in EU Data Protection Regulation, European Court of Justice, European Union, Federal Trade Commission, Privacy Regulation, Safe Harbor

If you would like to learn more about the politics and law behind the current Safe Harbor 2.0 negotiations, download the podcast of Running Aground in the Surveillance Safe Harbor, a teleforum hosted by the Federalist Society.  The podcast features moderator Matthew R.A. Heiman, Vice President, Chief Compliance & Audit Officer, Tyco International; Stewart A. Baker, Partner, Steptoe &… Continue Reading

(So) What if there’s no Safe Harbor 2.0?

Posted in Data Breach, Data Breach Notification, Data Compliance & Security, EDPS, Employee Privacy, EU Data Protection Regulation, European Court of Justice, European Union, Federal Trade Commission, Legislation, Privacy Regulation, Safe Harbor

There’s no doubt businesses in the EU and US would breathe a sigh of relief if a new Safe Harbor agreement is put in place between before European data protection authorities start prosecuting companies for potentially illegal personal data transfers to the US.  But if it doesn’t happen, the US is actually not any worse… Continue Reading

Ringing Off The Hook: TCPA Issues Still At Forefront As Calendar Turns To 2016

Posted in Class Action Litigation, Federal Communications Commission, Privacy Regulation, US Supreme Court

We may only be three weeks into 2016, but the Telephone Consumer Protection Act (“TCPA”) has already received a considerable amount of attention this year. Yesterday, the U.S. Supreme Court determined in Campbell-Ewald Co. v. Gomez, that a defendant could not cut off a TCPA class action lawsuit by making an offer of settlement to the… Continue Reading

Cybersecurity Tops SEC Office of Compliance Inspections 2016 Examination Priorities

Posted in Cybersecurity, Data Breach, Privacy Regulation, Securities & Exchange Commission

The 2016 lists are starting to be released by regulatory agencies in the United States, giving a heads’ up to covered entities as to what compliance issues will take front and center this year.  Once again, the Office of Compliance Inspection (OCIE) of the US Securities & Exchange Commission (SEC) has put cybersecurity on the top… Continue Reading

Happy New Year – Cybersecurity Information Sharing Act

Posted in Cybersecurity, Legislation, Privacy Regulation, Security, Uncategorized

  Just at the end of 2015, the Cybersecurity Information Sharing Act (CISA) was enacted into law as part of the omnibus spending measure passed by Congress and signed by President Obama at right before Christmas.  The legislation combines elements from the versions of CISA that passed the House in April of 2015 and the… Continue Reading

The General Data Protection Regulation in Bullet Points

Posted in Data Breach, Data Breach Notification, Data Compliance & Security, EDPS, Employee Privacy, EU Data Protection Regulation, European Union, Privacy Regulation, Safe Harbor, Security, Social Media

Updated at 8:50 pm GMT on 16 December 2015. The new General Data Protection Regulation is effectively a “done deal” following the final trilogue meeting on December 15.  One might assume based on UK media coverage that the biggest change in EU privacy law is that kids under 16 will need their parent’s consent to… Continue Reading

Industry Groups to DC Court: Hang Up on FCC Expanded TCPA Rules

Posted in Federal Communications Commission, Privacy Regulation

Written by Paul Abbott Industry groups representing a diverse range of companies in the retail, technology, financial, and utility industries filed eight amicus briefs last week in the D.C. Circuit supporting challenges to the Federal Communications Commission’s (“FCC”) recently adopted order that expanded the agency’s rules under the Telephone Consumer Protection Act (“TCPA”). The amicus… Continue Reading

EU Round-UP: Safe Harbor 2.0 and Upcoming National Challenges

Posted in EU Data Protection Regulation, European Court of Justice, European Union, Privacy Regulation, Safe Harbor

EU Commissioner Vera Jourova recently announced in a speech to the EU Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE) that the Commission and the US have made substantial progress in finalizing a new Safe Harbor program. Jourova noted that the collection and use of European personal data for US national security purposes… Continue Reading

Safe Harbor Invalidated – What’s Next on the Chopping Block?

Posted in Data Compliance & Security, Employee Privacy, EU Data Protection Regulation, European Court of Justice, European Union, Privacy Regulation, Safe Harbor, Social Media

  As I reported earlier today, the Court of Justice of the EU (ECJ) has declared Safe Harbor invalid.  The full decision is now available online  in English here (other languages also available at curia.europa.eu by searching on C-362/14). There are two key elements of the ECJ’s decision.  The first is that national data protection… Continue Reading

EU Top Court Invalidates Safe Harbor and Sends Facebook Case Back to Irish Data Protection Authority

Posted in Data Compliance & Security, EU Data Protection Regulation, European Court of Justice, European Union, Federal Trade Commission, Privacy Regulation, Safe Harbor, Social Media

UPDATE: Here’s a link to the English-language version of the ECJ’s full decision: Schrems Safe Harbor Decision A press release issued by the Court of Justice of the EU (ECJ) regarding its decision in the Schrems Safe Harbor case (C-362/14) confirms that the ECJ has declared Safe Harbor invalid.  The ECJ has sent the case back… Continue Reading

Back to School – and the SEC Cybersecurity Exams (Register now for our September Privacy Webinar!)

Posted in Cybersecurity, Data Compliance & Security, Events and Webinars, Privacy Regulation

It’s back to school time – time to put away the flip flops and beach chairs and settle back into the routine.   To help motivate you, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) has announced a new round of cybersecurity examinations!   This comes on the heels of the… Continue Reading

Thinking Big about Data – the new EDPS Ethics Board

Posted in EDPS, EU Data Protection Regulation, European Union, Privacy Regulation

  Giovanni Buttarelli, the European Data Protection Supervisor (EDPS), recently announced the formation of a new external Ethics Board that will do a deep dive into the complex ethical issues that surround the use of  personal data in the “big data” economy.  (See press release and full opinion links here.)  The EDPS is particularly concerned… Continue Reading