Header graphic for print
Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

Tag Archives: 201 CMR 17.00

Business Associates Beware

Posted in Data Breach, Data Breach Notification, Data Compliance & Security, HIPAA/HITECH

If you haven’t yet caught up with the new HIPAA Omnibus Rule and its consequences for those businesses who are not themselves healthcare providers, but are service providers to healthcare entities (and even further downstream than that….), you can take a listen to our recent webinar highlighting the most important changes and issues. A recent… Continue Reading

Data Privacy Day 2013 – Tip #2 – Dust off your information security policy (or start putting one in place…)

Posted in Data Breach, Data Breach Notification, Data Compliance & Security, Privacy Regulation, Security

Written by Amy Malone Do you have a comprehensive information security program?  Many businesses are still operating without one, leaving them open to preventable data breaches.  The importance of info security programs was yet again underscored by the recent settlement between Cbr Systems and the Federal Trade Commission regarding a breach that affected 300,000 consumers…. Continue Reading

Data Privacy and Security Issues for the Nonprofit

Posted in Data Compliance & Security, Privacy Regulation, Security

Can your organization answer “yes” to any of the following questions? Does your organization have personal information (credit card numbers, checks, other financial information) from donors? Does your organization have employees or volunteers for whom you have Social Security numbers? Has your organization signed a merchant agreement to be able to accept credit cards? Do… Continue Reading

Massachusetts Attorney General Data Breach Investigation Results in $15,000 Settlement with Property Management Firm

Posted in 201 CMR 17.00, Data Breach, Data Breach Notification, Data Compliance & Security, Privacy Regulation

Written by Cynthia J. Larose and Adam Veness   Last October, a Maloney Properties, Inc. (“MPI”) company laptop was stolen containing unencrypted personal information, including social security numbers, for over 600 Massachusetts residents.  Shortly after the incident, MPI sent letters to customers alerting them of the incident and related data breach.  As a result of that… Continue Reading

New Year’s Resolutions – Privacy & Security

Posted in 201 CMR 17.00, Data Breach, Data Compliance & Security, HIPAA/HITECH, Identity Theft, Privacy Regulation, Secure Traveling, Security

Since it’s traditionally the time for new beginnings and resolutions to clear away old habits, we’d like to pass on some tips for improving privacy and security in your operations — and in your own life —  in 2012. 1.   Be sure to secure. Many data breaches occur by leaving sensitive information lying around the… Continue Reading

Privacy “Webinar Wednesday” Series

Posted in Data Compliance & Security

Last week, we introduced the “Privacy Webinar Wednesday” educational series with Data Privacy and Security Issues for the Not-for-Profit:  201 CMR 17.00, PCI, and Other Acronyms You Should Know.  It was incredibly well-received – over 150 registrants.   We’ll be presenting various privacy and security issues on the first Wednesday of the month. In case you… Continue Reading

REMINDER: Webinar Wednesday – Data Privacy and Security Issues for Non-Profit

Posted in Data Compliance & Security

Don’t forget to register for our first in the Webinar Wednesday Privacy series – Data Privacy and Security Issues for Non-Profits.  We have over 100 participants registered!  Join us and learn about compliance obligations of non-profit institutions and organizations and what to do to prepare for the inevitable data breach.   The second part of the session will feature… Continue Reading

Into the Breach – Security Failures Can Cost You

Posted in 201 CMR 17.00, Data Breach, Data Compliance & Security

Once again, we have evidence that failures to implement the most basic of data security measures can cost real money. The Massachusetts Attorney General’s office announced a consent order that fines a Boston restaurant group $110,000 and imposes a set of compliance measures that will also carry a price tag.   Despite many headlines trumpeting the “first enforcement action,” this action… Continue Reading

Data Breach at NYC “Hop-on, Hop-off” Tour Company — 110,000 credit card numbers stolen

Posted in 201 CMR 17.00, Data Breach, Data Breach Notification, Data Compliance & Security

Since March 1, 2010, privacy professionals have been waiting for a data breach that could bring an enforcement action under 201 CMR 17.00, the Massachusetts privacy regulations.   I just spoke with Paul Roberts, editor of threatpost.com, a blog that posted an entry yesterday regarding a breach that could do just that.   Twin America LLC, the parent company of… Continue Reading

Quick Compliance Survey

Posted in Data Breach

No, we’re not “taking names” here. This is just a 10-question survey to gauge some basic compliance metrics. Please participate! Click here to take survey

Massachusetts Data Security Compliance Workshop

Posted in Data Compliance & Security

In case your data security compliance plan is stuck in neutral, you have questions, or you haven’t started yet…there will be a free (!) breakfast hands-on workshop on Thursday in Tewksbury, MA. “Massachusetts Data Protection Law: Demystifying the Details” is being sponsored by the Merrimack Valley Venture Forum. The Merrimack Valley Venture Forum has assembled… Continue Reading

Today is the day……

Posted in Data Compliance & Security

After implementation delays and rule changes, new data protection regulations that are widely considered the most stringent in the nation take effect today. The Massachusetts data security regulations require institutions that hold personal data on Massachusetts citizens to encrypt that information and implement written data protection policies, reports the Boston Globe. Discussion continues and questions… Continue Reading

Top 3 questions relating to compliance with 201 CMR 17.00

Posted in Data Compliance & Security

At the beginning of the “countdown” to the March 1st effective date of 201 CMR 17.00, we offered some posts with “misapprehensions” and compliance suggestions (see 16 Days to March 1….. and Countdown to compliance with 201 CMR 17.00…..11 days). Here are some questions that have been reoccurring over the last few weeks: 1) What… Continue Reading

T Minus 10,080 Minutes and Counting…..

Posted in Employee Privacy

We have just one week to go before all entities that own, store, license — or basically do anything with — personal information of Massachusetts residents must comply with the Commonwealth’s new data security regulations. Things to consider: Have you done your risk assessment? Looked at what you collect and how you collect and how… Continue Reading

16 Days to March 1…..

Posted in Data Compliance & Security

Just in case you missed it, March 1 is the deadline for compliance with 201 CMR 17.00, the new Massachusetts data security regulations, and we published a client alert last week as a “reminder”… Privacy and Security Alert. In addition to the top five “misapprehensions” about the applicability of the new regulations that we included… Continue Reading

27 days and counting…

Posted in Data Compliance & Security

March 1st is the deadline for compliance with the Massachusetts data security regulations, 201 CMR 17.00. We have blogged incessantly for months about the need to get compliance programs into gear and develop information security plans as required by the regulations. The time is here. If you are one of the procrastinators (and, you are… Continue Reading

Happy Data Privacy Day! Tip #1

Posted in Data Compliance & Security

Today is worldwide Data Privacy Day. What is your company doing to promote data privacy and security in your enterprise? I’ll be participating in a KnowledgeNet in Boston, sponsored by the International Association of Privacy Professionals. The discussion topic is Privacy Awareness and Training. And don’t forget, the March 1 deadline for compliance with the… Continue Reading

Data Security Roundtable

Posted in Data Compliance & Security

Here is a link to a couple of segments of a data security roundtable I participated in not long ago:http://www.businesswire.com/portal/site/home/permalink/?ndmViewId=news_view&newsId=20091222005345&newsLang=en Some very interesting discussions with folks who are on the cutting edge of data security. I’ll post the other segments as they are released.

Massachusetts Attorney General proposes privacy regulations to apply to her office

Posted in Data Compliance & Security, Legislation

Written by Cynthia and Elissa An oft-cited criticism of the Massachusetts data security regulations (201 CMR 17.00), effective March 1, 2010, is that the regulations specifically do not apply to government entities — the only reason being that the Office of Consumer Affairs and Business Regulation does not have the authority or jurisdiction to enact… Continue Reading

Check your employee handbook – what you might think is fraud and abuse may not be a federal case….

Posted in Data Compliance & Security

My colleagues over at the Employment Matters blog report on an interesting decision drawing attention to the need for clear and explicit policies regarding “acceptable use” of computers and company information and the absolute necessity to terminate access once an employee or contractor is terminated. Particularly in light of the upcoming Massachusetts data security regulations,… Continue Reading