The Department of Defense (DoD) has published its new final rule governing the security measures imposed on DoD unclassified technical information resident on or passing through the unclassified information systems of its contractors and subcontractors. This final rule will require contractors to safeguard unclassified controlled technical information and to report the compromise of such information… Continue Reading
Data Compliance & Security
Subscribe to Data Compliance & Security RSS FeedOn the Second Day of Privacy, California Gave to Me……
Posted in Children, Data Breach Notification, Data Compliance & Security, Legislation, Privacy RegulationWell, the headlines don’t exactly work with the traditional tune, but blame the editor for that….. Written by Jake Romero, CIPP/US 2013 was a busy year for California. We passed a budget with a surplus, let Kim and Kanye get engaged in one of our stadiums and panicked over possibly losing Sriracha sauce. At the… Continue Reading
European Commission Proposes New Ground Rules for US Safe Harbor
Posted in Data Compliance & Security, European Union, LegislationWritten by Susan Foster, Solicitor England & Wales/Admitted in California (LONDON) The European Commission, which has the authority to make changes to the US Safe Harbor program, has published a paper titled “Rebuilding Trust in EU-US Data Flows” that sets out the changes that the Commission would like to see the US adopt. While it… Continue Reading
Google pays BIG to state Attorney Generals for Improper Consumer Tracking
Posted in Class Action Litigation, Data Compliance & Security, Federal Trade Commission, Privacy Litigation, Privacy RegulationWritten by Julia Siripurapu Earlier this month, Google, Inc. (“Google” or “Company”) entered into an agreement with the Attorney Generals of 37 states and the District of Columbia, settling allegations of violation of the participating states’ consumer protection or applicable computer abuse statutes (the “Settlement Agreement”). Here’s what got the tech giant in trouble: Google… Continue Reading
Privacy Monday: October 28, 2103 — NIST Cybersecurity “Framework” Published for Comment
Posted in Cybersecurity, Data Compliance & Security, Privacy MondayWritten by Jonathan Cain The National Institute of Standards and Technology (NIST) has published its preliminary cybersecurity “Framework” that it was directed to develop in Executive Order 13636. The Executive Order requires that NIST develop and publish a cybersecurity Framework to protect national critical infrastructure through a “prioritized, flexible, repeatable, performance-based, and cost-effective approach, including information… Continue Reading
FTC and the “Internet of Things”: Franchisor on the hook
Posted in Data Compliance & Security, Federal Trade Commission, Privacy RegulationWritten by Amy Malone Last fall the Federal Trade Commission brought cases against a software developer and rent-to-own stores that secretly monitored people in their homes. The developer provided the stores with software that had a “Detective Mode” that once enabled allowed the stores to log key strokes, capture screen shots, take pictures using the… Continue Reading
Key EU Parliament Committee Endorses Revised Draft of Data Protection Regulation
Posted in Data Compliance & Security, European Union, LegislationWritten by Susan Foster, Solicitor England & Wales/Admitted in California (LONDON) As widely expected, the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE) voted today in favor of a revised, even tougher draft of the Data Protection Regulation that will (if finally adopted) replace the EU’s current laws regarding the collection and… Continue Reading
Privacy Monday - October 21, 2013
Posted in Data Breach Notification, Data Compliance & Security, European Union, Mobile Privacy, Privacy MondayPrivacy tidbits and bytes for this Monday — App Developers - Put this on your calendar! Now that the US government shutdown is over, the Federal Trade Commission (FTC) has announced its participation in a workshop with the Application Developers Alliance and the California Attorney General’s office on best practices for mobile app privacy. The Mobile Privacy… Continue Reading
Should we worry about Safe Harbor being suspended because of the NSA’s PRISM Program?
Posted in Data Compliance & Security, European Union(LONDON) Various data protection power players have called for the suspension or curtailment of the US Safe Harbor program ever since the Snowden revelations that the US NSA has required large internet service providers such as Google to provide vast amounts of personal data transmitted by individuals in Europe (and elsewhere). As many of you… Continue Reading
Changes to California’s Privacy Laws: What They Mean for Your Business
Posted in Data Breach Notification, Data Compliance & Security, Privacy RegulationThe federal government may be completely unable to pass laws, but that certainly isn’t the case with the State of California, which has just completed a data privacy hat trick by passing three significant laws addressing a broad subset of data privacy issues. The big question: is your online and/or mobile business ready for the… Continue Reading
Privacy Monday - September 30, 2013 - Here’s the New Mintz Matrix
Posted in Data Breach, Data Breach Notification, Data Compliance & Security, Privacy Monday, Privacy RegulationAs we all ponder the potential for the first U.S. government shut down in 18 years, here are some Monday privacy tidbits to change the subject a bit. September Mintz Matrix As our readers know, we maintain a summary of the US state data breach notification laws, which we refer to as the “Mintz Matrix.” … Continue Reading
Internet Peeping Toms and The Internet of Things Face New Hurdles: FTC Settles with TRENDnet, Inc.
Posted in Data Compliance & Security, Federal Trade CommissionWritten by Adam Veness The Federal Trade Commission (“FTC”) recently entered into a settlement agreement with TRENDnet, Inc., a company that sells Internet Protocol (“IP”) cameras that allow customers to monitor their homes remotely over the Internet. Notably, this is the FTC’s first action against a seller of everyday products that connect to the Internet… Continue Reading
National Cybersecurity Awareness Month Is Coming - Are you ready?
Posted in Data Compliance & Security, Events and WebinarsNational Cybersecurity Awareness Month is three short weeks away — what will your company be doing to raise awareness? It’s critically important that cyber-awareness reach to the uppermost levels of your organization — read: the boardroom. Mintz Levin is starting off a little in advance of National Cybersecurity Awareness Month with a program tailored… Continue Reading
BOSTON: Join Us for “Cybersecurity: It’s Not Just for IT Anymore”
Posted in Class Action Litigation, Cybersecurity, Data Breach, Data Compliance & Security, Privacy Litigation, Privacy Regulation, SecurityIf you are in the Boston area (or will be on September 26), please join us for an afternoon discussion on cybersecurity and the growing risk to corporate directors. It’s no longer just the purview of a company’s IT or compliance personnel. Cybersecurity needs to be elevated to boardroom discussion and this seminar will cover what… Continue Reading
Video Interview: Discussing the Intriguing California Personal Privacy Initiative
Posted in Data Compliance & Security, Privacy RegulationWritten by Jake Romero Following up on my recent post on story, I had the opportunity to speak with Colin O’Keefe of LXBN on an interesting California ballot initiative that would make consumers’ personal information private by default. In the brief interview, I describe the basics of the California Personal Privacy Initiative and explain its… Continue Reading
New Enforcement Guidance from the UK’s Information Commissioner’s Office
Posted in Data Compliance & Security, European Union, Mobile Privacy, Privacy Regulation(LONDON) Who is on the ICO’s radar these days? August seems to be the month for getting new guidance documents out the door at the United Kingdom’s Information Commissioner’s Office. The UK ICO has just published guidance as to when it is likely to take regulatory action. The new guidance should be reassuring to companies… Continue Reading
Hiding in plain sight: Failure to scrub patient data from digital copiers returned to leasing company results in $1.2 million HIPAA settlement
Posted in Data Breach, Data Compliance & Security, Privacy Litigation, Privacy RegulationWritten by Kevin McGinty We’ve sounded warnings about the lowly copy machine before (here and here). The proliferation of digital devices in the workplace means that data security must extend beyond computer networks and laptops. Seemingly old fashioned equipment, such as copiers, can hide sensitive legally-protected data. Affinity Health Plan, a New York-based managed care company,… Continue Reading
New Tools from the UK’s Information Commissioner’s Office: How to Respond to Subject Access Requests
Posted in Data Compliance & Security, European Union, Legislation, Privacy Litigation, Privacy RegulationWritten by Susan Foster, Solicitor England & Wales/Admitted in California (LONDON) The UK ICO has come through yet again with some clear guidance as to how to apply the UK’s data protection laws in connection with requests by individuals for access to their personal data. While we are waiting with bated breath for a final… Continue Reading
Will California Voters Move US to Opt-In?
Posted in Data Compliance & Security, Privacy RegulationWritten by Jake Romero The California ballot measure process permits any California voter to propose a ballot initiative to the state’s Attorney General which, if enough signatures are gathered, will then appear on state-wide ballot for approval at the next election. A draft ballot initiative has been submitted to the California Attorney General that, if… Continue Reading
Amended COPPA Rule Compliance Deadline Approaching
Posted in Children, Data Compliance & Security, Federal Trade Commission, Mobile Privacy, Privacy RegulationTime flies when it comes to compliance deadlines As we have blogged here, the Amended COPPA Rule compliance deadline is approaching. And if you haven’t addressed your compliance issues by Monday, you will be late. Effective July 1, 2013, regulations issued in the December 2012 amendment to the Children’s Online Privacy Protection Act (COPPA)… Continue Reading
Delta Finds Reprieve in State Court, but Not Everyone Will Get to Fly the Friendly Skies
Posted in Data Compliance & Security, Mobile Privacy, Privacy Litigation, Privacy RegulationBy Cynthia Larose, Evan Nadel, and Jake Romero California Attorney General Kamala Harris’ attempt to bring an enforcement action against Delta Air Lines, Inc. won’t be leaving the runway. California Superior Court Judge Marla J. Miller has dismissed a data privacy complaint against Delta brought by Attorney General Harris. The development comes as an unexpected… Continue Reading
“Red Flag” Compliance Requirements Come to Investment Advisors, Broker-Dealers - UPDATE
Posted in Data Compliance & Security, Identity Theft, Privacy RegulationUPDATE: We have prepared a detailed Client Alert as a guide to getting started with these new Red Flag Rules and compliance obligations. You can read it here. It has been several years since the Federal Trade Commission’s Red Flag Rule took effect; and the banking regulators have had the Red Flag… Continue Reading
Countdown Begins for HIPAA Omnibus Rule Compliance
Posted in Data Breach Notification, Data Compliance & Security, HIPAA/HITECH, Privacy RegulationWritten by Dianne J. Bourque and Stephanie D. Willis The HIPAA Omnibus Rule goes into effect today, which officially starts the clock for covered entities, business associates, and their subcontractors to begin updating their agreements, forms, policies, procedures, and practices to meet approaching compliance deadlines. Business Associate Agreement (BAA) and Data Use Agreement (DUA) compliance… Continue Reading
Privacy and Security Not the Only Concerns in the Cloud
Posted in Cloud Computing, Cybersecurity, Data Compliance & SecurityWritten by Jonathan Cain Security and privacy are the most frequently expressed concerns about cloud computing (defined for this article to include software as a service, platform as a service and storage as a service), but for companies that engage in research, design, development, manufacturing and servicing of items that are subject to U.S. export… Continue Reading
