Header graphic for print
Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

Uncategorized

Subscribe to Uncategorized RSS Feed

Article 29 Working Party Opinions on Privacy Shield and Surveillance

Posted in EDPS, EU Data Protection Regulation, European Court of Justice, European Union, Events and Webinars, Judicial Redress Act, Privacy Regulation, Privacy Shield, Safe Harbor, Uncategorized

The Article 29 Working Party has released opinions on Privacy Shield and “essential guarantees” under EU law relating to surveillance, here and here. Please join us in our webinar at 1 pm EDT today to learn more about the Article 29 Working Party’s opinion on Privacy Shield (register here).  We will look at the opinion’s likely… Continue Reading

Verizon Settles Supercookie Probe with FCC

Posted in Federal Communications Commission, Mobile Privacy, Privacy Regulation, Uncategorized

Verizon Wireless has reached a settlement with the Federal Communications Commission over Verizon’s insertion of unique identifier headers (“UIDH”), also known as “supercookies,” to track customers’ mobile Internet traffic without their knowledge or consent.  Verizon inserted UIDH into customers’ web traffic and associated the UIDH with customer proprietary information to create profiles and deliver targeted… Continue Reading

Apple vs. FBI: The House Judiciary Committee Hearing and Takeaways

Posted in Cybersecurity, Mobile Privacy, Privacy Litigation, Privacy Regulation, Security, Uncategorized

Among the major headlines dominating not only the recent news cycle, but also this week’s RSA Conference in San Francisco, has been Apple’s challenge to the federal government’s request that Apple assist in unlocking the iPhone recovered from the perpetrators of the shootings in San Bernardino.  On March 1, 2016, the House Judiciary Committee held… Continue Reading

Key Review of Privacy Shield Coming in Six Weeks

Posted in European Court of Justice, European Union, Privacy Shield, Safe Harbor, Uncategorized

Now that the EU Commission has published the complete version of its draft decision adopting the EU-US Privacy Shield program, it’s time for the key reviewers to dig in.   I don’t mean the lawyers, or EU privacy advocates, or US businesses, although their views will no doubt be wide-ranging and illuminating.  But no, the really important… Continue Reading

EU-US Privacy Shield Agreement Published

Posted in EU Data Protection Regulation, European Court of Justice, European Union, Privacy Shield, Safe Harbor, Uncategorized

The European Commission has finally made the draft text of the EU-US Privacy Shield program available (scroll down in the press release for further links).  The Privacy Shield program, which was agreed to in principle by US and EU negotiators nearly four weeks ago, will replace the Safe Harbor program that was struck down last autumn by the… Continue Reading

California by the Numbers (Part 2): How to Stay out of the 2017 Report

Posted in Cybersecurity, Data Breach, Data Breach Notification, Privacy Regulation, Security, Uncategorized

Yesterday, we reviewed the staggering numbers in California Attorney General Kamala Harris’ 2016 Data Breach Report. In addition to providing a comprehensive analysis of four years of data breaches, the report provides what is an answer to the vexing question of what her office considers to be “reasonable security.”

Ransomware Strikes California Hospital – Could You Be Next?

Posted in Cybersecurity, Data Compliance & Security, HIPAA/HITECH, Identity Theft, Privacy Regulation, Security, Uncategorized

In a chain of events that should be a wake-up call to any entity using and storing critical health information (and indeed, ANY kind of critical information), Hollywood Presbyterian Medical Center (“HPMC”) has announced that it paid hackers $17,000 to end a ransomware attack on the hospital’s computer systems. On February 5, HPMC fell victim to an attack… Continue Reading

Judicial Redress Act passes the House with the Senate Amendments

Posted in European Union, Federal Trade Commission, Judicial Redress Act, Legislation, Privacy Shield, Safe Harbor, Umbrella Agreement, Uncategorized

The amended Judicial Redress Act has passed the House and is on its way to the president to be signed into law.  The Act, which we covered in an earlier blog post, gives citizens  of foreign countries the same rights as US citizens in connection with the use by the US government of their personal data,… Continue Reading

Will free apps soon be dead in Europe?

Posted in EU Data Protection Regulation, European Union, Mobile Privacy, Online Advertising, Social Media, Uncategorized

As we’ve discussed previously, the GDPR significantly limits user consent as a basis for processing personal data.  One interesting question is whether the new rules on consent will kill free apps in Europe.  Free apps typically involve the offer of a service (the app) in exchange for access to personal data (whatever data the app… Continue Reading

Happy New Year – Cybersecurity Information Sharing Act

Posted in Cybersecurity, Legislation, Privacy Regulation, Security, Uncategorized

  Just at the end of 2015, the Cybersecurity Information Sharing Act (CISA) was enacted into law as part of the omnibus spending measure passed by Congress and signed by President Obama at right before Christmas.  The legislation combines elements from the versions of CISA that passed the House in April of 2015 and the… Continue Reading

Massachusetts Court: Patients Have Standing to Sue for Data Breach Based on Data Exposure Alone

Posted in Class Action Litigation, Privacy Litigation, Uncategorized

A Massachusetts Superior Court judge held that a plaintiff has standing to sue for money damages based on the mere exposure of plaintiff’s private information in an alleged data breach. The court concluded that the plaintiff had pleaded a “real and immediate risk” of injury despite failing to allege that any unauthorized persons had even… Continue Reading

The EU Commission’s spin on the new General Data Protection Regulation

Posted in Data Breach, Data Breach Notification, Data Compliance & Security, EDPS, EU Data Protection Regulation, European Union, Events and Webinars, Safe Harbor, Uncategorized

The European Union Commission has issued a fact sheet on the new General Data Protection Regulation (final post-trilogue text available via Statewatch).  The Commission claims that the Regulation is good for individuals and good for business.  We’ll leave that to readers . . . and history . . . .to decide. As regulations go, the… Continue Reading

REMINDER: Webinar TOMORROW — Getting to Grips with the New EU General Data Protection Regulation: Key Changes and What You Need to Do to Prepare

Posted in EU Data Protection Regulation, European Union, Events and Webinars, Uncategorized

Don’t forget to join us tomorrow afternoon – Tuesday – at 1 PM ET for a webinar discussion on the New EU General Data Protection Regulation. What’s next? What are the key changes? What do you need to do to prepare? Registration is here.

At long last . . . the EU General Data Protection Regulation negotiations have wrapped up

Posted in Uncategorized

The EU has announced that the Commission, Parliament and Council have reached agreement on the final shape of the General Data Protection Regulation.  The official version will be available early in 2016, but we will be reviewing the details that have been made available so far and providing further information here over the next couple of… Continue Reading

Safe Harbor Negotiations Post-Paris

Posted in Uncategorized

The negotiations between the EU and the US for a new data transfer agreement to replace the struck-down Safe Harbor program continue as the clock ticks down to the enforcement deadline of January 31, 2016 (as declared by the EU’s national data protection authorities via the Article 29 Working Party). While the CJEU’s decision striking down… Continue Reading

What App Users Care About When Sharing Personal Data: Permissions

Posted in Mobile Privacy, Uncategorized

Written by Jane Haviland The latest Pew Research Center Report relayed useful information regarding application users’ concerns with sharing personal data.  Ninety percent of app users indicated that how their personal data will be used is “very” or “somewhat” important to them, and influences their decision to download an app.  Sixty percent of users decided… Continue Reading

Massachusetts Appeals Court Set to Consider Scope of Employer Liability for Employee Data Breaches

Posted in Cybersecurity, Data Breach, Employee Privacy, Uncategorized

By Breton Leone-Quick Many of the highest-profile and headline-catching data breaches involve external breaches of a company’s electronic systems. But the reality that these headlines obscure is the fact that internal data breaches are generally more prevalent and represent a primary source of concern for data security managers. The legal liability of employers for data… Continue Reading

FCC Ruling Addresses Robocalls by Health Care Providers

Posted in Privacy Regulation, Uncategorized

Written by Jordan Cohen As we discussed in last week’s Privacy Monday, the Federal Communications Commission (FCC) recently released its Declaratory Ruling and Order clarifying and expanding the reach of the Telephone Consumer Protection Act (TCPA).  While the ruling is broad in its subject matter, part of the ruling specifically addresses so-called “robocalls” made by health care providers…. Continue Reading

Controls Coming for Intrusion & Network Surveillance Tools

Posted in Cybersecurity, Uncategorized

The Commerce Department’s export control agency, BIS, has proposed a new rule to control exports of equipment and software designed or modified to perform network intrusion and internet protocol communications surveillance.  The proposed controls also cover technology used to develop intrusion software or network communications surveillance systems. “Intrusion software” is defined to include software specially designed or modified… Continue Reading

Privacy Monday – May 18, 2015

Posted in Children, Cybersecurity, Data Breach, Data Breach Notification, Data Compliance & Security, Events and Webinars, Mobile Privacy, Online Advertising, Privacy Monday, Security, Uncategorized

It’s Monday morning — do you know your privacy/security status? Here are a few bits and bytes to start your week. SEC to Registered Investment Advisers and Broker-Dealers:  It’s Your Turn to Pay Attention to Cybersecurity The Division of Investment Management of the Securities & Exchange Commission (SEC) has weighed in on cybersecurity of registered investment companies… Continue Reading

Privacy Monday – May 11, 2015

Posted in Children, Employee Privacy, Events and Webinars, Federal Trade Commission, Privacy Monday, Uncategorized

On this Privacy Monday, we have some upcoming events that you might want to add to your calendar. Wednesday, May 13 – Mintz Employment Law Summit (Boston) A discussion of hot topics facing employers, including Privacy in the Workplace.  Free event, breakfast and lunch included.   Register here. Wednesday, May 13 – National Security, Privacy, and… Continue Reading

Privacy Monday – May 4, 2015: Shaping Up — Update on the EU’s Draft General Data Protection Regulation

Posted in Data Breach, Data Breach Notification, EU Data Protection Regulation, European Union, Events and Webinars, Uncategorized

On this Privacy Monday, we can definitely say that the long winter of our discontent (at least for some of our readers) is over.    Happy spring! In case you missed it,  last Wednesday we presented the fourth in our Wednesday Webinar series on the progress of the EU draft Data Protection Regulation and what we… Continue Reading

Cross-Device Tracking: The New World

Posted in Data Compliance & Security, Federal Trade Commission, Mobile Privacy, Online Advertising, Uncategorized

Facebook does it.  Google does it.  It’s everywhere in the mobile ad ecosystem.  And your smartphone does it more often than you know, according to a study released on Monday by Carnegie Mellon. Now, Federal authorities have turned their attention to cross-device and cross-service tracking of consumers over the last several days and weeks. Speaking at… Continue Reading