Header graphic for print
Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

Tag Archives: Encryption

Privacy Monday – January 26, 2015

Posted in Cybersecurity, Data Breach, HIPAA/HITECH, Legislation, Privacy Monday, Privacy Regulation, Uncategorized

Good Monday – The East Coast prepares for Apocalypse (Sn)ow. In the meantime, here are three privacy-related tidbits for your day. Privacy Concerns Cause Scale Back of Release of HealthCare.gov Data We spend a fair amount of time warning about third party vendors and the risk that such vendors can pose to sensitive data.  … Continue Reading

Massachusetts High Court Permits Compelled Decryption of Seized Digital Evidence

Posted in Privacy Litigation

Written by Matthew D. Levitt Today, in Commonwealth v. Gelfgatt, No. SJC-11358 (Mass. June 25, 2014), a divided Massachusetts Supreme Judicial Court held that under certain circumstances, a court may compel a criminal defendant to provide the password to encrypted digital evidence seized by the government without violating either the Fifth Amendment or Article Twelve… Continue Reading

We have seen this movie before ….. and we all should know that it does not end well.

Posted in Data Breach, HIPAA/HITECH, Privacy Regulation

This was originally posted on Mintz Levin’s Health Law & Policy Matters blog: Written by: Kimberly J. Gold How much is the cost of doing nothing when it comes to encryption of sensitive data?   In the case of electronic protected health information, about $2 million. Two companies have been hit with fines equaling a total of almost… Continue Reading

Data Breach at Gunpoint

Posted in Data Breach, Data Breach Notification, Identity Theft

Written by Amy Malone You might think that if you lock your backup tapes in a safe they are protected from a data breach, but Kmart’s recent data breach proves that’s not the case.  Last month, a person held a Kmart employee in Little Rock, Arkansas at gun point and ordered him to open the… Continue Reading

Words of Warning: “No breach too small”

Posted in Data Breach, Privacy Regulation

As originally posted in Mintz Levin’s Health Law & Policy Matters blog Written by: Stephanie D. Willis The Department of Health and Human Services, Office for Civil Rights (OCR) reached its first settlement for a breach involving data regarding less than 500 individuals.  Under the December 2012 settlement, the Hospice of North Idaho (HONI) will pay OCR a $50,000 penalty to resolve allegations that… Continue Reading

HIPAA Audits Begin; Huge Medical Data Theft from California Provider

Posted in Data Breach, Data Breach Notification, HIPAA/HITECH

Our sister blog, Health Law & Policy Matters, includes a detailed discussion (warning?) relating to the commencement of HIPAA audits by the Office of Civil Rights.   That post can be found here, and it and the embedded links should be required reading for anyone involved with protected health information. Yesterday, we learned of a major… Continue Reading

Encryption — Not Always the “Silver Bullet”

Posted in Data Breach

Recently, a news bulletin in Health Data Management  highlighted the point that many security experts are trying to make these days:  Encryption is not always a “safe harbor.”    Ranbow Hospice and Palliative Care in Park Ridge, Illinois had an encrypted laptop stolen, but nonetheless publicly reported the breach to affected patients, local media, and the Department of Health… Continue Reading

Big Fines Coming in UK for Data Breaches

Posted in Data Breach

By Susan Foster, Mintz Levin London As of April 6, 2010, the UK’s Information Commissioner’s Office (ICO) can levy fines of up to £500,000 for breaches of the Data Protection Act 1998 that are: • serious in nature • deliberate or reckless, and • likely to cause substantial damage or distress to an individual. The… Continue Reading

Changes to the Massachusetts Data Security Regulations: What do they really mean?

Posted in Legislation

Now that the dust has settled after this week’s “Breaking News” regarding the proposed changes to the Massachusetts data security regulations, here is an analysis of what the changes actually mean to the business community. Some other interesting commentary is linked below: Evan Schuman – Storefront Backtalk

To Encrypt or Not To Encrypt…….An Incentive Rather than a Mandate From Michigan

Posted in Data Breach

Add Michigan to the list of states that are proposing that adoption of comprehensive data security safeguards will provide a safe harbor for data breaches. The Information Security Program Standards Act introduced last week differs a bit from Massachusetts and Nevada (and other pending legislation) in that it would not require the implementation of detailed… Continue Reading