Companies today need to be thinking of cyber risk management as part of their overall corporate risk management. The first step for companies is knowing the privacy laws in their industry as well as across states, says Mintz Levin’s Cynthia Larose, editor of this blog and chair of the Privacy & Security Practice, in “Corporate Risk… Continue Reading
Monthly Archives: April 2014
Privacy Monday – April 28, 2014
Posted in Cybersecurity, Data Compliance & Security, Privacy MondayFor the last Monday in April, we have a few privacy and security bits and bytes to start your week. Trending Now – 5 Things Every Company’s Data Security Program Should Include JD Supra Perspectives has published a short article (disclosure: quoting this author) that can get people talking this week. Get it here and circulate… Continue Reading
We have seen this movie before ….. and we all should know that it does not end well.
Posted in Data Breach, HIPAA/HITECH, Privacy RegulationThis was originally posted on Mintz Levin’s Health Law & Policy Matters blog: Written by: Kimberly J. Gold How much is the cost of doing nothing when it comes to encryption of sensitive data? In the case of electronic protected health information, about $2 million. Two companies have been hit with fines equaling a total of almost… Continue Reading
FTC Updates COPPA FAQs to Address Education Space
Posted in Children, Privacy RegulationWritten by Julia Siripurapu, CIPP The FTC has just published updates to the COPPA FAQs, the Commission’s compliance guide for businesses and consumers, to address the applicability of COPPA and the Amended COPPA Rule to educational institutions and businesses that provide online services, including mobile apps, to educational institutions. The “COPPA and Schools” FAQs cover in… Continue Reading
NYC Women in Intellectual Property Discuss Cybersecurity
Posted in Cybersecurity, Data Breach, Data Compliance & Security, European Union, Federal Trade CommissionWritten by Andowah Newton Yesterday, Mintz Levin attended a panel breakfast sponsored by the New York City Bar’s Committee on Women in Intellectual Property. The panel featured two practitioners, one from the public sector and one from the private sector. The panel was moderated by Karen Greenberg, Director at Fordham Law’s Center. Some takeaways that we… Continue Reading
Get your updated Mintz Matrix!
Posted in Data Breach, Data Breach NotificationAs our readers know, we maintain a summary of the US state data breach notification laws, which we refer to as the “Mintz Matrix.” We update the Mintz Matrix on a quarterly basis, or more frequently if developments dictate. We’ve updated the Mintz Levin State Data Breach Notification Matrix to reflect recent changes to Kentucky’s… Continue Reading
Privacy Monday – April 21, 2014
Posted in Privacy MondayToday is the running of the 118th Boston Marathon.
Privacy & Security Bits and Bytes
Posted in Cybersecurity, Data Breach, Data Breach Notification, SecurityThere has been so much news swirling in the data privacy and security world in the last few days, that it has been difficult to keep up. We’ll give you a roundup here for your Friday and weekend reading. Heartbleed – Where Are We? By now, you should know whether your web-facing applications… Continue Reading
Video Interview: Discussing Heartbleed with LXBN TV
Posted in Cybersecurity, SecurityAs a follow-up to our commentary here on the headline-grabbing Heartbleed bug, I had the opportunity to discuss the subject with Colin O’Keefe of LXBN. In the brief interview, I explain how companies should respond to the bug and the uncertainty surrounding the liability they may face.
Target Becomes a Target: Proposed California Bill Aims to Make Retailers Liable for Data Breach Incidents
Posted in Data Breach, Data Breach Notification, Privacy RegulationWritten by Jake Romero, CIPP/US Following a string of high-profile data breaches and new data suggesting that approximately 21.3 million customer accounts have been exposed by data breach incidents over the past two years, the California legislature has introduced legislation aimed at making retailers responsible for certain costs in connection with data breach incidents. If… Continue Reading
Privacy Monday – April 14, 2014: Heartbleed Headaches
Posted in Cybersecurity, Privacy MondayLast week was certainly the “week of the Heartbleed.” Unless you have been on vacation on a remote island (and if so, good for you!), you have heard and read much about the latest mass bug to infect the Internet. If you do not know whether your servers are affected by Heartbleed, or have decided… Continue Reading
Aggressive Liability Theory Does Not Eliminate Obstacles To Banks’ Claims In Target Data Breach Class Action
Posted in Class Action Litigation, Data Breach, Privacy LitigationWritten by Kevin McGinty The latest salvo in the Target data breach litigation is a class action brought by credit card issuing banks advancing a creative and somewhat misleading construction of the Minnesota’s Plastic Card Security Act. The banks allege that there was a violation of the statute’s prohibition on retaining PIN, security code and… Continue Reading
Is Your HIPAA Compliance Program Going Out the Window with XP?
Posted in HIPAA/HITECHWritten by Dianne Bourque and Cynthia Larose April 8, 2014 marks the end of Microsoft’s support for the Windows XP operating system, which means the end of security updates from Microsoft and the beginning of new vulnerability to hackers and other intruders into systems still utilizing the operating system. But does the end of Windows… Continue Reading
New Draft Processor to Sub-processor Model Clauses (Art. 29 Working Party)
Posted in Cloud Computing, European Union, Privacy RegulationWritten by Susan Foster, Solicitor England & Wales/Admitted in California (LONDON) The Art. 29 Working Party, a key advisory body to the EU Commission, recently proposed draft model clauses to cover the transfer of personal data from EEA data processors to non-EEA sub-processors. The draft model clauses have the potential to bring greater certainty to… Continue Reading
Privacy Monday: April 4, 2014 — Fandango and Credit Karma and What They Should Mean to Your Mobile App
Posted in Federal Trade Commission, Mobile Privacy, Privacy MondayWelcome to the first Monday in April. Our Privacy Monday is a report on the Federal Trade Commission’s latest privacy notice-related settlements with Fandango and Credit Karma. These settlements should be reviewed by any company with (or planning to have) mobile applications and reinforces our mantra: Say what you do, and do what you say. … Continue Reading
When You Care Enough to Spy on the Very Best: NSA Greeting Card Program is First Step in Rebranding Campaign
Posted in UncategorizedWritten by Jake Romero If you’ve had a birthday in the past two weeks, you may have received a greeting card from an unlikely source; the National Security Agency. Following President Obama’s call for large-scale reform of the NSA, the agency has initiated a rebranding campaign in the hopes of winning back the trust and… Continue Reading
Banks Withdraw Lawsuits Against Target and Trustwave
Posted in UncategorizedUPDATE to our story yesterday: In what apparently is a big “oops,” two banks that took legal action against Target over its recent data breach have withdrawn their claims. The suits were withdrawn due to an erroneous allegation against Trustwave, a security vendor also named in the suit. Green Bank of Houston filed a notice of dismissal Monday… Continue Reading
