DC Update from Politico Morning Tech “DATA BREACH DRAFT DELAYED – The thorny issue of FTC enforcement has slowed efforts to release a draft of Rep. Lee Terry’s data breach bill, according to sources close to the process. Terry had hoped to release the draft he’s been working on with Democrats John Dingell and Peter… Continue Reading
Cybersecurity
Subscribe to Cybersecurity RSS FeedFive Lessons from OCR’s Report to Congress on Breaches and HIPAA Rules Compliance
Posted in Cybersecurity, Data Breach, Data Breach Notification, HIPAA/HITECH, Privacy Regulation, SecurityWritten by Stephanie D. Willis and Dianne J. Bourque (republished from Mintz Levin’s Health Law Policy Matters blog) Last week, the HHS Office of Civil Rights (OCR) released two reports required by the Health Information Technology for Economic and Clinical Health (HITECH) Act: (i) the Annual Report to Congress on Breaches of Unsecured Protected Information… Continue Reading
Privacy Tuesday – June 17, 2014
Posted in Cybersecurity, HIPAA/HITECH, Privacy MondayWhat’s that old saying … “a day late and a dollar short?” Here is our Privacy Monday roundup … on Tuesday. Office for Civil Rights HIPAA Crackdown? The Office for Civil Rights (OCR) — the enforcement arm of the Department of Health and Human Services — has been quite busy since June of 2013. Nine settlements… Continue Reading
Calling All Boards of Directors: Four Recommendations from the SEC
Posted in Cyber Risks Boardroom Series, Cybersecurity, Privacy RegulationWritten by Adam Veness SEC Commissioner Luis Aguilar recently spoke at the New York Stock Exchange Conference “Cyber Risks and the Boardroom.” In his speech, Commissioner Aguilar emphasized the importance of cybersecurity and how fast the need for cybersecurity has grown in such a short time period, pointing out that U.S. companies experienced a 42%… Continue Reading
How Online Advertisers May Steal Your Personal Information: Recommendations for Protecting Consumers
Posted in Cybersecurity, Online Advertising, SecurityWritten by Adam Veness The United States Senate Permanent Subcommittee on Investigations recently released a report outlining six findings concerning online advertising risks to consumers’ personal information and four recommendations on how to protect consumers from these hidden hazards. FINDINGS 1) Consumers risk exposure to malware through everyday activity. Consumers can incur malware attacks by… Continue Reading
Cyber Risks for the Boardroom Part 5: Coverage for Privacy Violations
Posted in Cybersecurity, Insurance, Privacy LitigationThe last installment in our series – “Coverage for Privacy Violations” Written by Heidi Lawson and Danny Harary Part 5 of 5: Coverage For Privacy Violations As we previously noted, recent SEC actions on the topic of cybersecurity indicates increased SEC focus and likely heralds the coming of enforcement actions against public companies for cyber… Continue Reading
Cyber Risks for the Boardroom Part 4: Coverage for Investigations
Posted in Cyber Risks Boardroom Series, Cybersecurity, InsurancePart 4 in our continuing series: “Cyber Risks – Director Liability and Potential Gaps in D&O Coverage”: Coverage For Investigations Written by Heidi Lawson and Danny Harary One of the biggest gaps in coverage in D&O coverage today is the lack of meaningful coverage for investigations. Although at first glance the policy language may look… Continue Reading
Cyber Risks for the Boardroom Part 3: Top Questions Directors Should be Asking about D&O Coverage
Posted in Cyber Risks Boardroom Series, Cybersecurity, InsuranceOur series “Cyber Risks – Director Liability and Potential Gaps in D&O Coverage” continues — Part 3 of 5: Top Questions Directors Should Be Asking About D&O Coverage Written by Heidi Lawson and Danny Harary Directors never want to be in the unenviable position of having to seek coverage under their D&O policy. Nevertheless the… Continue Reading
Cyber Risks for the Boardroom Part 2: Why Corporate Directors Should be Concerned About Data Security Breaches
Posted in Cyber Risks Boardroom Series, Cybersecurity, Data Breach, InsuranceAll this week, we are featuring a series “Cyber Risks – Director Liability and Potential Gaps in D&O Coverage” Part 2 of 5: Why Directors Should Be Concerned Written by Heidi Lawson and Danny Harary A data breach is not a unitary or self-contained event. The fallout from a breach could impact the directors as… Continue Reading
Cyber Risks for the Boardroom Part 1: The Recent Increase in Focus on Privacy Issues
Posted in Cyber Risks Boardroom Series, CybersecurityEach day this week, we are going to explore some of the issues in the rapidly growing area of cyberliability. We will examine the recent increase in focus on privacy issues, why directors should be concerned, the top questions directors should ask when it comes to coverage for cyber investigations, and what kind of cover… Continue Reading
Privacy Monday: Cinco de Mayo, 2014
Posted in Cybersecurity, Data Breach, Privacy MondayHappy Cinco de Mayo! Breaking news this Privacy Monday: The fallout from the massive Target Corporation data breach continues. This morning, the Target board announced that Chief Executive Officer Gregg Steinhafel has resigned effective immediately. The company has appointed Chief Financial Officer John Mulligan as interim president and chief executive. Steinhafel spent 35 years with… Continue Reading
Regulators Speak at IAPP Breakfast Meeting in NYC
Posted in Cybersecurity, Data Breach, Data Compliance & Security, Federal Trade CommissionWritten by Andowah Newton Some important takeaways to start your weekend: Data Breach Incidents—Especially “Ransom” Incidents, are on the Rise—One panelist observed that the New York State Attorney General’s Office received reports of approximately 900 data breach incidents during the past year alone. There has been a significant increase in reports of “ransom” incidents, in… Continue Reading
Coming Monday – A new series that you won’t want to miss!
Posted in CybersecurityA new series for Privacy & Security Matters starting on Monday : “Cyber Risks – Director Liability and Potential Gaps in D&O Coverage” – By Heidi Lawson and Danny Harary C-suite executives and board members are becoming more concerned about the risks posed to their companies by cyberattacks and data breaches. Each day next week… Continue Reading
The Digital Side of Corporate Risk Management
Posted in Cybersecurity, Data Breach NotificationCompanies today need to be thinking of cyber risk management as part of their overall corporate risk management. The first step for companies is knowing the privacy laws in their industry as well as across states, says Mintz Levin’s Cynthia Larose, editor of this blog and chair of the Privacy & Security Practice, in “Corporate Risk… Continue Reading
Privacy Monday – April 28, 2014
Posted in Cybersecurity, Data Compliance & Security, Privacy MondayFor the last Monday in April, we have a few privacy and security bits and bytes to start your week. Trending Now – 5 Things Every Company’s Data Security Program Should Include JD Supra Perspectives has published a short article (disclosure: quoting this author) that can get people talking this week. Get it here and circulate… Continue Reading
Privacy & Security Bits and Bytes
Posted in Cybersecurity, Data Breach, Data Breach Notification, SecurityThere has been so much news swirling in the data privacy and security world in the last few days, that it has been difficult to keep up. We’ll give you a roundup here for your Friday and weekend reading. Heartbleed – Where Are We? By now, you should know whether your web-facing applications… Continue Reading
Video Interview: Discussing Heartbleed with LXBN TV
Posted in Cybersecurity, SecurityAs a follow-up to our commentary here on the headline-grabbing Heartbleed bug, I had the opportunity to discuss the subject with Colin O’Keefe of LXBN. In the brief interview, I explain how companies should respond to the bug and the uncertainty surrounding the liability they may face.
Privacy Monday – April 14, 2014: Heartbleed Headaches
Posted in Cybersecurity, Privacy MondayLast week was certainly the “week of the Heartbleed.” Unless you have been on vacation on a remote island (and if so, good for you!), you have heard and read much about the latest mass bug to infect the Internet. If you do not know whether your servers are affected by Heartbleed, or have decided… Continue Reading
Privacy Monday – March 31, 2014 OPENING DAY!
Posted in Cybersecurity, Data Breach, Data Breach Notification, Employee Privacy, UncategorizedLast Monday in March (Opening Day for you baseball fans) – some privacy/security bits and bytes to close out the month. Microsoft: “We won’t access private e-mail accounts … Promise.” Microsoft has committed to no longer accessing the private e-mail accounts of its users after criticism that the company looked at the e-mail of a former employee… Continue Reading
The Target Breach Update
Posted in Cybersecurity, Data BreachIt has been difficult to keep up with all the various permutations of the Target data breach saga. Yesterday, the finger-pointing continued in the form of the release of a Harris Poll and testimony on Capitol Hill at a U.S. Senate hearing.
REMINDER – Cybersecurity event at Mintz Levin Boston tomorrow
Posted in CybersecurityMintz Levin is presenting a roundtable discussion tomorrow titled: NIST Framework: How to Best Mitigate Cyber Risk for Your Organization With the threats facing even the largest companies highlighted by recent disclosures by Target, Neiman Marcus, and others that the security of millions of customer credit and debit cards has been compromised, companies of all… Continue Reading
Privacy Monday – March 10, 2014
Posted in Cybersecurity, Privacy Monday, Privacy RegulationWe hope that you remembered to “spring forward” over the weekend — Today’s Privacy Monday is a bit longer than usual – but an important read, particularly if you are a mobile app developer. California Public Utilities Commission Declines to Develop New Regulations and Standards for Wireless Carriers and Mobile App Providers . . …. Continue Reading
Boston Discussion – NIST Framework – March 25
Posted in CybersecurityNIST Framework: How to Best Mitigate Cyber Risk for Your Organization The National Institute of Standards and Technology (NIST) last month released its final Cybersecurity Framework. Developed under an executive order from President Obama with extensive input and feedback from industry security professionals, the new NIST framework is designed to help companies in the financial… Continue Reading
Data: Big, Borderless and Beyond Control? Five Things You Can Do
Posted in Cybersecurity, Data Breach, Data Compliance & Security, Employee Privacy, SecurityWritten by Amy Malone There’s been a lot of talk about big data over the last few years and the breaches at Target and Neiman Marcus have many companies running in circles trying to figure out how to protect their systems and their data. So what are some of the big issues in our current… Continue Reading
