Header graphic for print
Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

Security

Subscribe to Security RSS Feed

Get Ready for those HIPAA Audits – New Audit Protocol (and a Mintz Tool!)

Posted in HIPAA/HITECH, Privacy Regulation, Security

At long last, the Department of Health and Human Services Office for Civil Rights (OCR) has released a revamped audit protocol that now addresses the requirements of the 2013 Omnibus Final Rule. OCR will be using the audit protocol for its impending Phase 2 audits of covered entities and business associates, which are set to begin… Continue Reading

FCC Broadband Privacy and Security Proposed Rulemaking Underway

Posted in Data Breach Notification, Data Compliance & Security, Federal Communications Commission, Privacy Regulation, Security

As we reported last month, the FCC was preparing a proposed rulemaking (NPRM) to establish privacy and data security requirements for broadband internet access service (BIAS) providers.  The FCC has now released that proposal with comments and reply comments due May 27th and June 27th respectively. The brief background to this proposal is that in… Continue Reading

Phase 2 HIPAA Audits Coming to You: Check Your Spam Filter!

Posted in HIPAA/HITECH, Security

The HHS Office for Civil Rights (“OCR”) officially launched  the long-awaited (and dreaded) Phase 2 of the HIPAA Audits Program on March 21st. Covered Entities and Business Associates need to be prepared for these audits and be on the lookout for emails (check your spam filter!) from OCR that will begin the audit process. Why Audits?… Continue Reading

CISA Guidelines (Part 3): Guidance to Assist Non-Federal Entities

Posted in Cybersecurity, Cybsersecurity Information Sharing Act (CISA), Data Compliance & Security, Security

As we wrote previously, the federal government released several guidance documents last month implementing The Cybersecurity Information Sharing Act (CISA).  Among these was the Guidance to Assist Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures with Federal Entities under CISA published by the Department of Homeland Security and Department of Justice.  This document provides… Continue Reading

Apple vs. FBI: The House Judiciary Committee Hearing and Takeaways

Posted in Cybersecurity, Mobile Privacy, Privacy Litigation, Privacy Regulation, Security, Uncategorized

Among the major headlines dominating not only the recent news cycle, but also this week’s RSA Conference in San Francisco, has been Apple’s challenge to the federal government’s request that Apple assist in unlocking the iPhone recovered from the perpetrators of the shootings in San Bernardino.  On March 1, 2016, the House Judiciary Committee held… Continue Reading

CISA Guidelines: Privacy and Civil Liberties Interim Guidelines for Federal Agencies

Posted in Cybersecurity, Cybsersecurity Information Sharing Act (CISA), Legislation, Security

Last week, we discussed the Federal government’s first steps toward implementing the Cybersecurity Information Sharing Act (CISA).  Among the guidance documents released by the Department of Homeland Security and the Department of Justice were the Privacy and Civil Liberties Interim Guidelines.  This guidance is designed to apply Fair Information Practice Principles (FIPPs) to Federal agency… Continue Reading

California by the Numbers (Part 2): How to Stay out of the 2017 Report

Posted in Cybersecurity, Data Breach, Data Breach Notification, Privacy Regulation, Security, Uncategorized

Yesterday, we reviewed the staggering numbers in California Attorney General Kamala Harris’ 2016 Data Breach Report. In addition to providing a comprehensive analysis of four years of data breaches, the report provides what is an answer to the vexing question of what her office considers to be “reasonable security.”

California by the Numbers (Part 1): 24 Million Compromised in 2015

Posted in Cybersecurity, Data Breach, Data Breach Notification, Data Compliance & Security, Security

Look for Part 2 tomorrow:  Recommendations on how to stay out of future reports California Attorney General Kamala Harris has released a report of the data breaches that have been reported to her office from 2012 until 2015. Although the California data breach notification law took effect in 2003, beginning in 2012, businesses and government… Continue Reading

Ransomware Strikes California Hospital – Could You Be Next?

Posted in Cybersecurity, Data Compliance & Security, HIPAA/HITECH, Identity Theft, Privacy Regulation, Security, Uncategorized

In a chain of events that should be a wake-up call to any entity using and storing critical health information (and indeed, ANY kind of critical information), Hollywood Presbyterian Medical Center (“HPMC”) has announced that it paid hackers $17,000 to end a ransomware attack on the hospital’s computer systems. On February 5, HPMC fell victim to an attack… Continue Reading

Cyber Threat Information Sharing Guidelines Released by DHS

Posted in Cybersecurity, Cybsersecurity Information Sharing Act (CISA), Legislation, Security

This week, the Federal government took the first steps toward implementation of the The Cybersecurity Information Sharing Act (CISA), enacted into law last December.  CISA aims to encourage sharing of cyber threat indicators and defensive measures among private companies and between the private sector and the Federal government by providing liability protection for sharing such information… Continue Reading

Happy New Year – Cybersecurity Information Sharing Act

Posted in Cybersecurity, Legislation, Privacy Regulation, Security, Uncategorized

  Just at the end of 2015, the Cybersecurity Information Sharing Act (CISA) was enacted into law as part of the omnibus spending measure passed by Congress and signed by President Obama at right before Christmas.  The legislation combines elements from the versions of CISA that passed the House in April of 2015 and the… Continue Reading

The General Data Protection Regulation in Bullet Points

Posted in Data Breach, Data Breach Notification, Data Compliance & Security, EDPS, Employee Privacy, EU Data Protection Regulation, European Union, Privacy Regulation, Safe Harbor, Security, Social Media

Updated at 8:50 pm GMT on 16 December 2015. The new General Data Protection Regulation is effectively a “done deal” following the final trilogue meeting on December 15.  One might assume based on UK media coverage that the biggest change in EU privacy law is that kids under 16 will need their parent’s consent to… Continue Reading

Wyndham and FTC Settle Case Over “Unfair” Data Security Practices

Posted in Cybersecurity, Data Breach, Federal Trade Commission, Privacy Litigation, Security

The years-long saga of the Federal Trade Commission’s suit against Wyndham Hotels over data breaches that occurred at least as early as April 2008 is finally coming to an end with a proposed settlement filed today with the court.  The original complaint, which is summarized in this post from 2012, alleged that Wyndham’s claims to… Continue Reading

Wednesday Webinar: Tricks, But No Treats – A Halloween Visit to the Frightening World of Data Security Litigation

Posted in Class Action Litigation, Cybersecurity, Data Breach, Events and Webinars, Privacy Litigation, Security

To take a step back from our continuing analysis of the situation and developments in Europe,  there are other things going on in the privacy and data security world!   Our October Wednesday Webinar is coming up and we will take a walk on the wild side:  data security litigation.    Registration is open now! Read more –

REMINDER: Register for Wednesday Webinar! Another Cop on the Cybersecurity Beat: What to Do Before and After the SEC and FINRA Come Knockin

Posted in Cybersecurity, Events and Webinars, Security

The SEC has announced a new round of cybersecurity inspections at broker-dealer and registered investment advisory firms.  If that’s not enough to catch your attention, just days after issuing the Risk Alert, the SEC censured and fined a St. Louis-based investment advisor for a failure to adopt written policies and procedures to ensure the confidentiality of… Continue Reading

The Third Party Vendor Risk to Your Data – Wednesday Webinar

Posted in Data Breach, Events and Webinars, Security

Risks to sensitive data have never been greater. With the rise in cyber attacks and data breaches, outsourcing to third parties can present an exponential threat to corporations. New regulations, technologies, standards, and security threats require organizations to implement robust vendor oversight to meet and stay ahead of the latest risks and challenges from new… Continue Reading

Privacy Monday – June 22, 2015

Posted in Cybersecurity, Data Breach, Events and Webinars, Privacy Monday, Security

The first Privacy Monday of the summer! It’s appropriate that the “boys of summer” feature prominently in today’s post. Strike three for the St. Louis Cardinals? On another summer Privacy Monday in 2014, we made note of a reported hack into the Houston Astros’ vaunted “Ground Control” database and GM Jeff Luhnow said he intended to prosecute whoever… Continue Reading

New Hampshire Establishes Privacy Protections for Student Online Personal Information

Posted in Children, Data Compliance & Security, Privacy Regulation, Security

California again has provided a model of privacy legislation for other states to follow.  New Hampshire Governor Maggie Hassan recently signed into law House Bill 520 (the “Bill”), a bipartisan effort to establish guidelines for the protection of student online personal information. Who is covered by the Bill? Modeled after California’s Student Online Personal Information… Continue Reading

Save the Date: June 24, 2015 — All You Need to Know About Risk Assessments

Posted in Cybersecurity, Events and Webinars, HIPAA/HITECH, Security

Register now for our June Wednesday Webinar.    This webinar, the sixth in our Privacy series, will address risk assessment best practices and data breach readiness. A risk assessment is the foundational step in the development of a comprehensive privacy and security program for your company. It is also a regulatory requirement under HIPAA and… Continue Reading

Data Breach Affects Millions of Current and Former Government Workers

Posted in Class Action Litigation, Data Breach, Data Compliance & Security, Employee Privacy, Identity Theft, Privacy Litigation, Security

The U.S. Office of Personnel Management (OPM) announced that hackers have stolen the personal information of approximately 4 million current and former federal employees, including names, birthdates and social security numbers.  OPM serves as the human resources department -and holds employee records – for the entire federal government, ranging from security clearances to the identities… Continue Reading

Privacy Monday – May 18, 2015

Posted in Children, Cybersecurity, Data Breach, Data Breach Notification, Data Compliance & Security, Events and Webinars, Mobile Privacy, Online Advertising, Privacy Monday, Security, Uncategorized

It’s Monday morning — do you know your privacy/security status? Here are a few bits and bytes to start your week. SEC to Registered Investment Advisers and Broker-Dealers:  It’s Your Turn to Pay Attention to Cybersecurity The Division of Investment Management of the Securities & Exchange Commission (SEC) has weighed in on cybersecurity of registered investment companies… Continue Reading