Much has been written, in this space and elsewhere, on the concept of “reasonable security” — what constitutes “reasonable security,” how much security is “reasonable,” etc. The entry of the choice of computing devices to the workplace – known as the “bring your own [personal] device” or “BYOD” trend – has also been dissected at length. Companies are… Continue Reading
Monthly Archives: September 2012
Recommended Reading – BYOD and Reasonable Security
Posted in Data Breach, Data Compliance & Security, SecurityHack Attack: US Financial Institutions in the Cross-Hairs
Posted in Data Breach, Identity TheftWritten by Amy Malone Last week the FBI released a fraud alert warning financial institutions that cyber criminals have been using tactics such as spam and phishing emails to obtain employee log-in credentials. After obtaining the credentials the hackers initiated wire transfers oversees. A few days after the alert, Bank of America, JPMorgan Chase and… Continue Reading
Beware the Weakest Link: Human Behavior
Posted in Data Breach, Data Breach Notification, SecurityWritten by Stephen Bentfield Today’s Washington Post includes a front page article that should serve as a warning to any employer about increasingly sophisticated social engineering attacks that exploit one key vulnerability that is essentially immune to technical solutions: their employees. Social engineering attacks work by exploiting the natural human tendency to trust and thereby… Continue Reading
Apple Shareholders Request Information From Board on Privacy/Security Risk
Posted in Data Breach, Data Breach Notification, Data Compliance & SecurityWritten by Amy Malone This week, Apple shareholders requested that its Board of Directors publish a report explaining how the board oversees privacy and data security risks. The proposal, which is available here, was prompted by concern that recent issues such as the unauthorized access to iPhone users’ address books and the release of one… Continue Reading
NLRB to Costco: Your Social Media Policy Needs a Do-Over
Posted in Privacy RegulationBy David M. Katz There is no denying that the NLRB has recently devoted significant attention to employee’s use of social media. Since August 2011, the Board’s Acting General Counsel, Lafe Solomon, issued three reports outlining his view of how the NLRA applies to employers’ social media policies and employees’ social media postings. Click here… Continue Reading
You’ve Got Mail: Senator Rockefeller Sends Letter to CEOs re: Cybersecurity….Reply Requested
Posted in Data Compliance & Security, Privacy RegulationWritten by Adam Veness Senator John D. Rockefeller IV (D., W.Va.) recently sent a letter to the CEOs of all Fortune 500 companies asking the companies for more information about their cybersecurity practices. The letter comes a month after Senate Republicans filibustered and blocked a bill that would have established voluntary computer security standards for… Continue Reading
Mass Eye and Ear Infirmary Hit with $1.5M Breach Settlement
Posted in Data Breach, Data Breach Notification, HIPAA/HITECHOriginally posted by Dianne Bourque in Mintz Levin’s Health Law & Policy Matters blog As the old saying goes, “no good deed goes unpunished….” The most recent, published Office for Civil Rights (OCR) HIPAA enforcement action serves as an important reminder that self-reported breaches can and do lead to investigations and enforcement. Massachusetts Eye and Ear… Continue Reading
Broad new data security rule proposed for federal contractors
Posted in Data Compliance & Security, Privacy RegulationWritten by Jonathan Cain A new rule proposed for federal government contractors will require that all federal contracts over $100,000 (including contracts for commercial items and those to small businesses) will have to include a clause requiring the contractor to implement basic data security protections for any non-public data provided to the contractor by the… Continue Reading
Real World Strategies for Real World Risks — San Diego Event
Posted in Data Compliance & SecurityIf you’re in the vicinity of the Mintz Levin San Diego office on September 19th, please join us for this event! Register at the link below – The Security & IP SIGs Present: Real World Strategies for Managing Real World Risks
FTC to Mobile App Developers: Get Privacy Right from the Start
Posted in Data Compliance & Security, Federal Trade Commission, Online Advertising, Privacy RegulationMobile app developers have some unique challenges when it comes to preparation and implementation of privacy policies. But, regulators have made it quite clear that the general privacy laws and regulations apply whether the application is online or mobile. To refresh your memory, see our Mintz Client Alert (here) regarding the California AG’s agreement with… Continue Reading
AntiSec Hackers Strike Again – UPDATE
Posted in SecurityUpdated to add link to new PC Magazine article AntiSec – the hacker group that is the “merger” of Anonymous and Lulzsec – claims to have obtained the unique device identifiers (UDIDs) from 12 million Apple iPhone and iPad users by breaching an FBI computer, and have published more than 1 million of them. Details of the… Continue Reading
