The National Institute of Standards and Technology (NIST), publishers of the Framework for Improving Critical Infrastructure Cybersecurity (the “Framework”) last February, have published a Request for Information in the Federal Register seeking comments on industry experience with the Framework to date. Comments are solicited in three areas: the current awareness of the existence and content… Continue Reading
Monthly Archives: August 2014
“Backoff” Update — More Widespread, PCI Council Issues Call to Action — If You Accept Credit Cards Via Point-of-Sale, You Need to Read This
Posted in Data Breach, Data Breach Notification, SecurityWritten by Cynthia Larose Some weeks ago, we wrote a piece “What You Need to Know About Backoff Malware: The New Threat Targeting Retailers” . It’s apparently gotten worse. Any business utilizing point-of-sale (POS) terminals for “swiping” credit cards needs to pay attention to this threat and assess vulnerability. Hospitals, physicians’ offices, veterinary clinics, colleges… Continue Reading
Do you want your under 13 kid to have a Gmail or YouTube account? Google does…..
Posted in ChildrenWritten by Julia Siripurapu, CIPP/US According to recent media reports, Google is allegedly designing a Google account for children under 13 which would permit children in this age group to officially create their own Gmail account and to access a kid-friendly version of YouTube. Google currently prohibits children 12 and under from creating a Google… Continue Reading
Data Privacy and Security Roundtable: Anticipating the Inevitable
Posted in Cybersecurity, Data Breach, Data Breach Notification, Data Compliance & Security, Events and WebinarsTechnology, retail, medical, financial services, education ….. and more experience data losses on a daily basis through employee negligence, poor controls, insider attacks, advanced persistent threats from malevolent outsiders or computer viruses. Join Mintz Levin Privacy team members and other privacy and security experts in San Francisco on September 30 for a roundtable discussion of… Continue Reading
Wearable Devices in the Workplace Challenge Data Security and Privacy
Posted in Cybersecurity, Data Compliance & Security, Employee PrivacyWearable devices, including health and activity monitors, video and audio recorders, location trackers, and other interconnected devices in the form of watches, wristbands, glasses, rings, bracelets, belts, gloves, earrings and shoes are being heavily promoted in the next wave of consumer electronics. It is estimated that 90 million wearable data devices (“WDD”) will be… Continue Reading
Massive Data Breach Affects 4.5 Million Patients in 29 States
Posted in Cybersecurity, Data Breach, Data Breach Notification, HIPAA/HITECHWritten by Julia Siripurapu, CIPP/US and Dianne J. Bourque Community Health Systems, Inc. (the “Company”), one of the largest hospital organizations in the country, announced via a public filing (Form 8K) made yesterday with the Securities and Exchange Commission (“Report”) that the Company was the target of a cyber attack that compromised the health data… Continue Reading
Google, the House of Lords and the timing of the EU Data Protection Regulation
Posted in EU Data Protection Regulation, European Court of Justice, European Union, Privacy Regulation, Social MediaWritten by Susan Foster, Solicitor England & Wales/Admitted in California (LONDON) Could the European Court of Justice’s May 13, 2014 Google Spain decision delay the adoption of the EU Data Protection Regulation? In the Google Spain “Right to be Forgotten” case, the ECJ held that Google must remove links to a newspaper article containing properly… Continue Reading
Cybersecurity Risks: Discussion for the Board Room (and for the General Counsel)
Posted in Cyber Risks Boardroom Series, CybersecurityThe issue of cyberliability risk is finally making its way to the board room. We have written about the importance of board education and board involvement in the assessment of cyber threats and liability risk (see our series here) and the Securities and Exchange Commission is looking carefully at public company disclosures of cybersecurity risks as… Continue Reading
Privacy Monday – August 18, 2014
Posted in Data Breach, Data Compliance & Security, Online Advertising, Privacy Monday, Privacy Regulation, SecurityThere is another retail data breach to talk about in this Privacy Monday post – privacy & security bits and bytes to start your week. Supermarket Chain Reports Data Breach Minnesota-based food retailer Supervalu Inc. has reported breach of its point-of-sale (POS) system, apparently by hackers. A press release on the corporate website describes the… Continue Reading
Privacy Monday – August 11, 2014
Posted in Cybersecurity, Data Breach, Privacy Monday, Privacy Regulation, SecurityWe are just two Mondays away from Labor Day, the traditional end of summer in the United States. Here are some privacy tidbits to get your week started. See especially Jake Romero’s piece on the new Delaware data destruction law. Lack of Information on the Russian Hackers A company called Hold Security… Continue Reading
Microsoft Loses Round in Fight Over Email Held in Irish Data Center
Posted in Cloud Computing, Cybersecurity, EU Data Protection Regulation, European UnionWritten by Narges Kakalia Rarely do Microsoft, AT&T, Verizon, Apple, Cisco and the ACLU all agree on a particular subject; rarer still that such an unlikely coalition fails. Last week, in a case of first impression, a District Court in New York denied Microsoft’s request to quash a portion of a government warrant seeking data… Continue Reading
What You Need to Know About Backoff Malware: the New Threat Targeting Retailers
Posted in Cybersecurity, Privacy Monday, SecurityWritten by Jake Romero, CIPP The phrase “back off” is an implied threat typically reserved for bumper stickers and mud flaps, but if you are a retailer that permits the use of remote desktop applications in your business, the name Backoff should be considered much more intimidating. According to a report released by the U.S…. Continue Reading
