As our readers know, we maintain a summary of the US state data breach notification laws, which we refer to as the “Mintz Matrix.”   We update the Mintz Matrix on a quarterly basis, or more frequently if developments dictate.

We’ve updated the Mintz Levin State Data Breach Notification Matrix to reflect recent changes to Kentucky’s law and Iowa’s law.   The Mintz Matrix is available here.

Continue Reading Get your updated Mintz Matrix!

There has been so much news swirling in the data privacy and security world in the last few days, that it has been difficult to keep up.    We’ll give you a roundup here for your Friday and weekend reading.

Heartbleed – Where Are We?   

By now, you should know whether your web-facing applications (customer log-in, secure web portals, shopping carts) were affected by the Heartbleed vulnerability, and patches should have been applied.    If you have not checked into this yet, you can test your URL at any number of sites, but here is one.  Test it now!

  • Upgrade any software using OpenSSL to the latest, patched version. (should be done)
  • Communicate with any hardware and software vendors to ensure they’ve also upgraded. 
  • Once that is secured, have everyone within your company change their passwords, or notify customers that passwords should be changed.
  • Explain to employees and customers what you are doing and what you have done to take precautions against this bug.
The second bullet was the biggest nut to crack for many this week.  Make sure that your network appliances (routers, conferencing, any hardware/software that connects to the Internet) are all checked.  SANS (the security institute) has been keeping a running list of Heartbleed vendor patches and communications.  Many vendor sites also are posting technical communications with updates and notices regarding the availability of upgrades, patches or hotfixes.  Further, many enterprises don’t know how many sites they own, such as external cloud-hosted sites, sites acquired via mergers and acquisitions – and temporary sites that everyone forgot about.   All of those should be checked for the Heartbleed vulnerability, because if the door is open, it could allow malicious intruders in.   Just ask Canada’s Revenue Agency or the UK’s popular site, Mumsnet.

Continue Reading Privacy & Security Bits and Bytes