Header graphic for print
Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

Tag Archives: Data Security Safeguards

Cybersecurity Executive Order: Not Much New

Posted in Cybersecurity, Cybersecurity, Data Compliance & Security, Uncategorized

President Obama’s February 13 Executive Order, “Promoting Private Sector Cybersecurity Information Sharing” (the “EO”), turns out to be light on new measures to improve cybersecurity, but focused heavily on adjustments to prior Executive Orders implementing the rules for handling classified information.  This focus introduces concerns about government agencies picking winners and losers in the cybersecurity… Continue Reading

Risk assessments are critical to avoid data blackmail

Posted in Data Breach, Data Compliance & Security, Identity Theft

 The article below was posted to the Mintz Health Law & Policy Matters blog, but it contains valuable information for any business regarding steps to take to avoid data blackmail.    Check out the bullet point list below and make sure that your company secures all its sensitive data against threats, both internal and external. Written… Continue Reading

Don’t Shoot the Messenger: Another Court Cautions Against Retaliating Against Employees Who Report Data Security Concerns

Posted in Data Compliance & Security

Written by Michael Arnold, Cynthia Larose and Jennifer Rubin Recently, a California state appellate court in Cutler v. Dike, No. B210624, 2010 WL 3341663 (Cal. Ct. App. Aug. 26, 2010), upheld a jury finding that an employer illegally fired an employee because he objected to the manner in which his employer maintained its confidential patient… Continue Reading

Brokerage firm victim of elaborate extortion scheme – but also gets hit with a fine

Posted in Data Compliance & Security

Brokerage firm DA Davidson has agreed to pay a fine of $375,000 for failing to protect confidential client data from Latvian hackers who breached the company in 2007 in an online extortion scheme and the three have pleaded guilty in Montana. The hackers used a SQL injection attack to obtain access to the company’s database… Continue Reading

Major “goof” at Citibank

Posted in Data Breach

For all of you who have been struggling with data security compliance obligations from various fronts, and trying to handle complex technical issues such as encryption of portable devices and data “at rest” and “in transit” — here is a very big story regarding plain old everyday mail. If you are a Citibank customer, Citi… Continue Reading

Today is the day……

Posted in Data Compliance & Security

After implementation delays and rule changes, new data protection regulations that are widely considered the most stringent in the nation take effect today. The Massachusetts data security regulations require institutions that hold personal data on Massachusetts citizens to encrypt that information and implement written data protection policies, reports the Boston Globe. Discussion continues and questions… Continue Reading

Top 3 questions relating to compliance with 201 CMR 17.00

Posted in Data Compliance & Security

At the beginning of the “countdown” to the March 1st effective date of 201 CMR 17.00, we offered some posts with “misapprehensions” and compliance suggestions (see 16 Days to March 1….. and Countdown to compliance with 201 CMR 17.00…..11 days). Here are some questions that have been reoccurring over the last few weeks: 1) What… Continue Reading

T Minus 10,080 Minutes and Counting…..

Posted in Employee Privacy

We have just one week to go before all entities that own, store, license — or basically do anything with — personal information of Massachusetts residents must comply with the Commonwealth’s new data security regulations. Things to consider: Have you done your risk assessment? Looked at what you collect and how you collect and how… Continue Reading

27 days and counting…

Posted in Data Compliance & Security

March 1st is the deadline for compliance with the Massachusetts data security regulations, 201 CMR 17.00. We have blogged incessantly for months about the need to get compliance programs into gear and develop information security plans as required by the regulations. The time is here. If you are one of the procrastinators (and, you are… Continue Reading

Data Privacy Day – Tip #4 – Transactional Best Practices for Lawyers

Posted in Employee Privacy

Written by Michael Arnold and Jennifer Rubin Even though lawyers working on both sides of an M&A transaction during the due diligence phase might immerse themselves in a “confidentiality bubble”, they still must be careful not to disclose or access confidential employee information in the course of that transaction. Attorneys evaluating potential transactions might be… Continue Reading

Data Security Roundtable

Posted in Data Compliance & Security

Here is a link to a couple of segments of a data security roundtable I participated in not long ago:http://www.businesswire.com/portal/site/home/permalink/?ndmViewId=news_view&newsId=20091222005345&newsLang=en Some very interesting discussions with folks who are on the cutting edge of data security. I’ll post the other segments as they are released.

Some “light reading” for privacy geeks…

Posted in Data Compliance & Security

Or, actually, for anyone interested in building privacy into business from the “ground up” and how privacy can (and should) become a business differentiator. Dr. Ann Cavoukian is Ontario’s Information and Privacy Commissioner and has long been an advocate of privacy technologies and coined the term “Privacy by Design” in the late-nineties. Her latest book… Continue Reading

To Encrypt or Not To Encrypt…….An Incentive Rather than a Mandate From Michigan

Posted in Data Breach

Add Michigan to the list of states that are proposing that adoption of comprehensive data security safeguards will provide a safe harbor for data breaches. The Information Security Program Standards Act introduced last week differs a bit from Massachusetts and Nevada (and other pending legislation) in that it would not require the implementation of detailed… Continue Reading