Header graphic for print
Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

Uncategorized

Subscribe to Uncategorized RSS Feed

Judicial Redress Act passes the House with the Senate Amendments

Posted in European Union, Federal Trade Commission, Judicial Redress Act, Legislation, Privacy Shield, Safe Harbor, Umbrella Agreement, Uncategorized

The amended Judicial Redress Act has passed the House and is on its way to the president to be signed into law.  The Act, which we covered in an earlier blog post, gives citizens  of foreign countries the same rights as US citizens in connection with the use by the US government of their personal data,… Continue Reading

Will free apps soon be dead in Europe?

Posted in EU Data Protection Regulation, European Union, Mobile Privacy, Online Advertising, Social Media, Uncategorized

As we’ve discussed previously, the GDPR significantly limits user consent as a basis for processing personal data.  One interesting question is whether the new rules on consent will kill free apps in Europe.  Free apps typically involve the offer of a service (the app) in exchange for access to personal data (whatever data the app… Continue Reading

Happy New Year – Cybersecurity Information Sharing Act

Posted in Cybersecurity, Legislation, Privacy Regulation, Security, Uncategorized

  Just at the end of 2015, the Cybersecurity Information Sharing Act (CISA) was enacted into law as part of the omnibus spending measure passed by Congress and signed by President Obama at right before Christmas.  The legislation combines elements from the versions of CISA that passed the House in April of 2015 and the… Continue Reading

Massachusetts Court: Patients Have Standing to Sue for Data Breach Based on Data Exposure Alone

Posted in Class Action Litigation, Privacy Litigation, Uncategorized

A Massachusetts Superior Court judge held that a plaintiff has standing to sue for money damages based on the mere exposure of plaintiff’s private information in an alleged data breach. The court concluded that the plaintiff had pleaded a “real and immediate risk” of injury despite failing to allege that any unauthorized persons had even… Continue Reading

The EU Commission’s spin on the new General Data Protection Regulation

Posted in Data Breach, Data Breach Notification, Data Compliance & Security, EDPS, EU Data Protection Regulation, European Union, Events and Webinars, Safe Harbor, Uncategorized

The European Union Commission has issued a fact sheet on the new General Data Protection Regulation (final post-trilogue text available via Statewatch).  The Commission claims that the Regulation is good for individuals and good for business.  We’ll leave that to readers . . . and history . . . .to decide. As regulations go, the… Continue Reading

REMINDER: Webinar TOMORROW — Getting to Grips with the New EU General Data Protection Regulation: Key Changes and What You Need to Do to Prepare

Posted in EU Data Protection Regulation, European Union, Events and Webinars, Uncategorized

Don’t forget to join us tomorrow afternoon – Tuesday – at 1 PM ET for a webinar discussion on the New EU General Data Protection Regulation. What’s next? What are the key changes? What do you need to do to prepare? Registration is here.

At long last . . . the EU General Data Protection Regulation negotiations have wrapped up

Posted in Uncategorized

The EU has announced that the Commission, Parliament and Council have reached agreement on the final shape of the General Data Protection Regulation.  The official version will be available early in 2016, but we will be reviewing the details that have been made available so far and providing further information here over the next couple of… Continue Reading

Safe Harbor Negotiations Post-Paris

Posted in Uncategorized

The negotiations between the EU and the US for a new data transfer agreement to replace the struck-down Safe Harbor program continue as the clock ticks down to the enforcement deadline of January 31, 2016 (as declared by the EU’s national data protection authorities via the Article 29 Working Party). While the CJEU’s decision striking down… Continue Reading

What App Users Care About When Sharing Personal Data: Permissions

Posted in Mobile Privacy, Uncategorized

Written by Jane Haviland The latest Pew Research Center Report relayed useful information regarding application users’ concerns with sharing personal data.  Ninety percent of app users indicated that how their personal data will be used is “very” or “somewhat” important to them, and influences their decision to download an app.  Sixty percent of users decided… Continue Reading

Massachusetts Appeals Court Set to Consider Scope of Employer Liability for Employee Data Breaches

Posted in Cybersecurity, Data Breach, Employee Privacy, Uncategorized

By Breton Leone-Quick Many of the highest-profile and headline-catching data breaches involve external breaches of a company’s electronic systems. But the reality that these headlines obscure is the fact that internal data breaches are generally more prevalent and represent a primary source of concern for data security managers. The legal liability of employers for data… Continue Reading

FCC Ruling Addresses Robocalls by Health Care Providers

Posted in Privacy Regulation, Uncategorized

Written by Jordan Cohen As we discussed in last week’s Privacy Monday, the Federal Communications Commission (FCC) recently released its Declaratory Ruling and Order clarifying and expanding the reach of the Telephone Consumer Protection Act (TCPA).  While the ruling is broad in its subject matter, part of the ruling specifically addresses so-called “robocalls” made by health care providers…. Continue Reading

Controls Coming for Intrusion & Network Surveillance Tools

Posted in Cybersecurity, Uncategorized

The Commerce Department’s export control agency, BIS, has proposed a new rule to control exports of equipment and software designed or modified to perform network intrusion and internet protocol communications surveillance.  The proposed controls also cover technology used to develop intrusion software or network communications surveillance systems. “Intrusion software” is defined to include software specially designed or modified… Continue Reading

Privacy Monday – May 18, 2015

Posted in Children, Cybersecurity, Data Breach, Data Breach Notification, Data Compliance & Security, Events and Webinars, Mobile Privacy, Online Advertising, Privacy Monday, Security, Uncategorized

It’s Monday morning — do you know your privacy/security status? Here are a few bits and bytes to start your week. SEC to Registered Investment Advisers and Broker-Dealers:  It’s Your Turn to Pay Attention to Cybersecurity The Division of Investment Management of the Securities & Exchange Commission (SEC) has weighed in on cybersecurity of registered investment companies… Continue Reading

Privacy Monday – May 11, 2015

Posted in Children, Employee Privacy, Events and Webinars, Federal Trade Commission, Privacy Monday, Uncategorized

On this Privacy Monday, we have some upcoming events that you might want to add to your calendar. Wednesday, May 13 – Mintz Employment Law Summit (Boston) A discussion of hot topics facing employers, including Privacy in the Workplace.  Free event, breakfast and lunch included.   Register here. Wednesday, May 13 – National Security, Privacy, and… Continue Reading

Privacy Monday – May 4, 2015: Shaping Up — Update on the EU’s Draft General Data Protection Regulation

Posted in Data Breach, Data Breach Notification, EU Data Protection Regulation, European Union, Events and Webinars, Uncategorized

On this Privacy Monday, we can definitely say that the long winter of our discontent (at least for some of our readers) is over.    Happy spring! In case you missed it,  last Wednesday we presented the fourth in our Wednesday Webinar series on the progress of the EU draft Data Protection Regulation and what we… Continue Reading

Cross-Device Tracking: The New World

Posted in Data Compliance & Security, Federal Trade Commission, Mobile Privacy, Online Advertising, Uncategorized

Facebook does it.  Google does it.  It’s everywhere in the mobile ad ecosystem.  And your smartphone does it more often than you know, according to a study released on Monday by Carnegie Mellon. Now, Federal authorities have turned their attention to cross-device and cross-service tracking of consumers over the last several days and weeks. Speaking at… Continue Reading

Precedent and the Price Explain Why Target and the Consumer Class Agreed to an Early Data Breach Settlement

Posted in Class Action Litigation, Data Breach, Data Breach Notification, Privacy Litigation, Uncategorized

On March 18, 2015 – just three months after denial of a motion to dismiss consumer claims arising from Target’s 2013 data breach – Target and the consumer class filed papers seeking approval of a settlement.  The proposed settlement agreement creates a  $10 million cash fund to be paid out to class members claiming actual damages arising from… Continue Reading

Have you filled out your brackets??

Posted in Uncategorized

While we’re not in the habit of driving traffic to other blogs, it is always a pleasure to point to one of our Mintz family of blogs doing some great work — the Employment Law Matters blog is hosting  a 2015 Employment Law Issues Tournament to go along with your college basketball brackets.  64 employment… Continue Reading

Privacy Monday – March 16, 2015: Unpacking the Obama Administration’s Consumer Privacy Proposal

Posted in Privacy Monday, Privacy Regulation, Uncategorized

Taking another “step” toward developing comprehensive privacy legislation, the White House has released a discussion draft of the Consumer Privacy Bill of Rights Act of 2015.   The draft reflects the Fair Information Practice Principles (“FIPPs”) long championed by the Obama Administration, and calls on businesses engaged in the collection of consumer information (“covered entities”) to… Continue Reading

ICYMI: Privacy in the Workplace Webinar

Posted in Employee Privacy, Events and Webinars, Privacy Regulation, Social Media, Uncategorized

Our 2015 monthly Privacy Issues Wednesday webinar series continued this month with Jennifer Rubin and Gauri Punjabi’s Privacy in the Workplace presentation. Jen and Gauri discussed the latest statutory and common law developments concerning employer monitoring of employee email, access to employee social media accounts, social media policies, and bring your own device (“BYOD”) policies.  We… Continue Reading

Cybersecurity Executive Order: Not Much New

Posted in Cybersecurity, Data Compliance & Security, Uncategorized

President Obama’s February 13 Executive Order, “Promoting Private Sector Cybersecurity Information Sharing” (the “EO”), turns out to be light on new measures to improve cybersecurity, but focused heavily on adjustments to prior Executive Orders implementing the rules for handling classified information.  This focus introduces concerns about government agencies picking winners and losers in the cybersecurity… Continue Reading

Who’s your role model for EU privacy notices? The latest Google Undertaking

Posted in European Union, Mobile Privacy, Online Advertising, Uncategorized

When small and mid-size companies start expanding their apps or web presence into Europe, they need to start thinking about EU data protection laws.  It’s tempting to take a look at what one or two of the “big guys” do about EU data protection compliance and think that whatever  the big guys do in Europe… Continue Reading