The Associated Press reports that BP has lost a laptop containing all of the personal information belonging to tens of thousands of residents who filed claims for compensation after the Gulf oil spill. According to a BP spokesperson, the laptop was password protected, but not encrypted. Of course.
Monthly Archives: March 2011
Into the Breach – Security Failures Can Cost You
Posted in 201 CMR 17.00, Data Breach, Data Compliance & SecurityOnce again, we have evidence that failures to implement the most basic of data security measures can cost real money. The Massachusetts Attorney General’s office announced a consent order that fines a Boston restaurant group $110,000 and imposes a set of compliance measures that will also carry a price tag. Despite many headlines trumpeting the “first enforcement action,” this action… Continue Reading
HIPAA Enforcement on the Rise: Do You Know Who Your Business Associates Are??
Posted in UncategorizedWritten by Stephen Bentfield In the two-plus years since the enactment of the HITECH Act, the health care industry has seen a dramatic shift in federal and state HIPAA enforcement posture. Just within the last month, HHS announced a $4.3 million civil fine imposed on Cignet Health for failing to provide patients with copies of… Continue Reading
Review of Telecom/Media Industry Comments to FTC’s Privacy Framework
Posted in UncategorizedWritten by Stu Eaton Our ongoing effort to summarize the comments (see post here) filed in response to the FTC’s Privacy Framework continues this week as we focus on the Telecommunications and Media industry. The bulk of the comments came from the telecommunications industry, including key players such as AT&T, Verizon, the National Cable and… Continue Reading
TripAdvisor Victim of Email Theft
Posted in UncategorizedThis was in my email box this morning: To our travel community: This past weekend we discovered that an unauthorized third party had stolen part of TripAdvisor’s member email list. We’ve confirmed the source of the vulnerability and shut it down. We’re taking this incident very seriously and are actively pursuing the matter with law… Continue Reading
Mintz Levin Privacy Attorney Featured in Chambers USA 2011
Posted in UncategorizedThirty-three Mintz Levin lawyers are featured in the 2011 Chambers USA rankings — see all rankings here.
Privacy Compliance and Data Protocols Seminar – 3/23
Posted in UncategorizedFor readers in Boston, we are hosting a free breakfast seminar on Wednesday, March 23rd. We’ll discuss current issues in the privacy and security world, including a look at 201 CMR 17.00 – one year later. If you are considering obtaining data breach and/or cyberliability insurance, my partner, Nancy Adams, will discuss the ins and outs of… Continue Reading
Another view of the Williams-Sonoma “Zip Code Case”
Posted in UncategorizedWe’ve been writing extensively on the decision out of California in Pineda v. Williams-Sonoma and collection of zip codes in credit card transactions. Our colleagues on the West Coast have published a new advisory that makes interesting reading.
Sophisticated Cyber Attack Hits Security Giant RSA – UPDATE
Posted in UncategorizedUpdated to add link to Wired article Wired’s Threat Level blog has posted an extensive article on the RSA hacking incident, including the list form EMC to customers of what precautions they should take. This is an important reiteration of basic security precautions for ANY company — whether or not it is an EMC customer. Among… Continue Reading
2010 Annual Ponemon Study on Cost of Data Breaches
Posted in UncategorizedThe 2010 Ponemon Institute study on the cost of data breaches has been released. The numbers are eye-opening. The average total cost per reporting company in the study was $7.2 million per breach — the most expensive data breach cost $35.3 million and the least expensive breach cost $780,000. Costs were incurred in the usual… Continue Reading
FTC Privacy Framework: Comments from the Retail/Promotion/Advertising Industry
Posted in UncategorizedWritten by Stu Eaton In our continuing effort to summarize the more than 400 comments posted in response to the FTC’s Privacy Framework, we have organized our summaries into the following five industry groups: Retail/Promotion/Advertising; Software/Technology; Telecommunications/Media; Privacy Advocates/Government; and Financial Services/General Business. This week we reviewed the comments posted by companies and trade groups… Continue Reading