Yesterday, the Massachusetts Supreme Judicial Court (“SJC”) ruled that zip codes constitute “personal identification information” under G.L. c. 93. The question of law came to the SJC from the U.S. District Court for Massachusetts stemming from Tyler vs. Michaels Store, Inc, which was dismissed in January. This ruling echoes California’s 2011 decision that the Song-Beverly… Continue Reading
Data Compliance & Security
Subscribe to Data Compliance & Security RSS FeedFTC Staff Report Shines a Light on the Treacherous Road Ahead for Mobile Payments
Posted in Data Compliance & Security, Privacy Regulation, SecurityWritten by Jake Romero Perhaps we are being cynical, but if we imagine the current conversation between consumers and the makers of mobile payment applications, it would be something along the lines of: Mobile Payment Industry: “Hello Consumer, would you like to start using your mobile device to transmit payments and make purchases?” Consumer: “Thank… Continue Reading
DataGuidance: Cynthia Larose on Cybersecurity Framework
Posted in Data Compliance & SecurityAs published in DataGuidance USA: New cybersecurity framework has far-reaching effects on US economy President Obama issued – on 12 February 2013 – the long-awaited Executive Order entitled ‘Improving Infrastructure Cybersecurity’ (the Order), alongside Presidential Policy Directive/PPD 21, to establish a nation-wide ‘Cybersecurity Framework’ and ‘enhance the security and resilience of the Nation’s critical infrastructure’…. Continue Reading
The New HIPAA Omnibus Rule & Your Liability — A Detailed Review
Posted in Data Breach Notification, Data Compliance & Security, HIPAA/HITECH, Privacy RegulationBy Alden J. Bianchi, Dianne J. Bourque, Kimberly J. Gold, and Cynthia J. Larose As we have reported in this blog (here, here, here, here, and here), the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently released final regulations containing modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules (Omnibus… Continue Reading
President Signs Cybersecurity Executive Order
Posted in Data Compliance & Security, Security“America must … face the rapidly growing threat from cyber-attacks. Now, we know hackers steal people’s identities and infiltrate private emails. We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air traffic control systems. We cannot look back… Continue Reading
Business Associates Beware
Posted in Data Breach, Data Breach Notification, Data Compliance & Security, HIPAA/HITECHIf you haven’t yet caught up with the new HIPAA Omnibus Rule and its consequences for those businesses who are not themselves healthcare providers, but are service providers to healthcare entities (and even further downstream than that….), you can take a listen to our recent webinar highlighting the most important changes and issues. A recent… Continue Reading
OCR Releases Sample Business Associate Agreement Provisions
Posted in Data Breach Notification, Data Compliance & Security, HIPAA/HITECH, Privacy RegulationWritten By Kimberly Gold The Department of Health and Human Services, Office for Civil Rights (OCR) has posted on its website sample business associate agreement provisions to help covered entities and business associates comply with the new business associate agreement requirements under the final HIPAA Omnibus Rule. The HIPAA Omnibus Rule modified the minimum required… Continue Reading
Data Privacy Day 2013 Post #3 — Look out for the Maryland Privacy Police!
Posted in Data Compliance & Security, Legislation, Privacy RegulationMaryland’s Attorney General, Douglas Gansler, announced today that Maryland has a new Internet Privacy Unit to monitor the data collection practices of online companies. According to the Attorney General’s press release, the Internet Privacy Unit will monitor companies to ensure they are in compliance with state and federal consumer protection laws, including the Children’s Online Privacy… Continue Reading
Data Privacy Day 2013 – Tip #2 – Dust off your information security policy (or start putting one in place…)
Posted in Data Breach, Data Breach Notification, Data Compliance & Security, Privacy Regulation, SecurityWritten by Amy Malone Do you have a comprehensive information security program? Many businesses are still operating without one, leaving them open to preventable data breaches. The importance of info security programs was yet again underscored by the recent settlement between Cbr Systems and the Federal Trade Commission regarding a breach that affected 300,000 consumers…. Continue Reading
International Data Privacy Day is Monday
Posted in Data Compliance & Security, Employee Privacy, SecurityTime for some tips to keep your company (and your employees) safe online — Are your employees trained to maintain company privacy standards? Conduct employee training on privacy as it relates to employment, helping employees learn how to protect the privacy of clients’ and customers’ personal information and teaching employees how to manage their own… Continue Reading
Data Privacy Day Event – Brown University
Posted in Data Compliance & Security, Privacy Regulation, SecurityIn the run-up to International Data Privacy Day on January 28th, we’ll be posting information on events that may be of interest. Our friends at Brown University have sent this invitation: You are cordially invited to attend a free Information Security Group colloquium in celebration of National Data Privacy Day at Brown University on Monday January 28, 2013 from 1-4 PM. “Perspectives on… Continue Reading
Privacy-on-the-Go: Make sure that “killer app” has a privacy policy — UPDATE
Posted in Data Compliance & Security, Privacy RegulationWe posted this alert back in March, and now California Attorney General Kamala Harris has released a recommended set of privacy best practices for app developers and advertising networks entitled “Privacy on the Go: Recommendations for the Mobile Ecosystem.” Written after consulting a “broad spectrum of stakeholders,” including app developers, ad networks, privacy professionals and privacy… Continue Reading
#3 in our 2013 Issues Series: Privacy of Mobile Applications
Posted in Data Compliance & Security, Privacy Litigation, Privacy RegulationAs we continue our “new year, new look” series into important privacy issues for 2013, we boldly predict: Regulatory Scrutiny of Data Collection and Use Practices of Mobile Apps Will Increase in 2013 Mobile apps are becoming a ubiquitous part of the everyday technology experience. But, consumer apprehension over data collection and their personal privacy… Continue Reading
Second of a series: Privacy and Security Issues for 2013
Posted in Data Compliance & Security, Employee Privacy, Privacy RegulationOur series over the next 10 days will highlight the top issues, as we see them, in privacy and security for 2013. Yesterday, we looked at the increase in cybersecurity disclosure by public companies, triggered by the Securities and Exchange Commission’s Cybersecurity Guidance. Privacy 2013 – What to Expect in the Employment Arena Written… Continue Reading
First of a series (updated): Issues for 2013
Posted in Class Action Litigation, Data Breach, Data Breach Notification, Data Compliance & SecurityHappy New Year! We are beginning this week with a series of top Privacy and Security issues for 2013, as we see them. Let’s start with an issue of interest to publicly traded companies, or companies considering going public in 2013 – a reminder that cybersecurity issues are of interest to the Securities… Continue Reading
Data Privacy and Security Issues for the Nonprofit
Posted in Data Compliance & Security, Privacy Regulation, SecurityCan your organization answer “yes” to any of the following questions? Does your organization have personal information (credit card numbers, checks, other financial information) from donors? Does your organization have employees or volunteers for whom you have Social Security numbers? Has your organization signed a merchant agreement to be able to accept credit cards? Do… Continue Reading
From Brussels: The New EU Data Protection Regulation — Will they or won’t they? And if so, when?
Posted in Data Breach Notification, Data Compliance & Security, European Union, Privacy RegulationSusan Foster, a Member in Mintz Levin’s London office, attended last week’s IAPP Conference in Brussels and filed this report — Written by Susan Foster Sometimes the most interesting things that emerge from conferences are whispered across the aisle just after a presentation or debated by attendees off-site over a glass or two of wine…. Continue Reading
California’s AG Puts Mobile Apps on Notice
Posted in Data Compliance & Security, Privacy RegulationWritten by Jake Romero If a haunted house or trick-or-treating was your scariest experience last week, you must not be one of the 100 mobile application developers who received a notice of non-compliance from California Attorney General Kamala D. Harris. On October 30, Attorney General Harris’s office announced that letters had been sent to the… Continue Reading
Did you know? October is National Cybersecurity Awareness Month
Posted in Data Compliance & Security, SecurityWritten by Amy Malone While we all know that October is National Breast Cancer Awareness Month, we here at Privacy and Security Matters will just bet that you didn’t know that is it also National Cybersecurity Awareness Month. In President Obama’s Proclamation of October as Cybersecurity Month, he touched upon the importance that our digital… Continue Reading
Two Upcoming Privacy Events
Posted in 201 CMR 17.00, Data Breach, Data Compliance & Security, Employee Privacy, Privacy RegulationWe have two “Save the Date” announcements today – for registration information click on the links below: October 18, 2012 — San Diego — The Era of Big Data — Governance, Risk and Compliance October 25, 2012 — Webinar — Data Privacy and Security Issues for the Nonprofit Join the Mintz Levin Privacy team at… Continue Reading
Recommended Reading – BYOD and Reasonable Security
Posted in Data Breach, Data Compliance & Security, SecurityMuch has been written, in this space and elsewhere, on the concept of “reasonable security” — what constitutes “reasonable security,” how much security is “reasonable,” etc. The entry of the choice of computing devices to the workplace — known as the “bring your own [personal] device” or “BYOD” trend — has also been dissected at length. Companies are… Continue Reading
Apple Shareholders Request Information From Board on Privacy/Security Risk
Posted in Data Breach, Data Breach Notification, Data Compliance & SecurityWritten by Amy Malone This week, Apple shareholders requested that its Board of Directors publish a report explaining how the board oversees privacy and data security risks. The proposal, which is available here, was prompted by concern that recent issues such as the unauthorized access to iPhone users’ address books and the release of one… Continue Reading
You’ve Got Mail: Senator Rockefeller Sends Letter to CEOs re: Cybersecurity….Reply Requested
Posted in Data Compliance & Security, Privacy RegulationWritten by Adam Veness Senator John D. Rockefeller IV (D., W.Va.) recently sent a letter to the CEOs of all Fortune 500 companies asking the companies for more information about their cybersecurity practices. The letter comes a month after Senate Republicans filibustered and blocked a bill that would have established voluntary computer security standards for… Continue Reading
Broad new data security rule proposed for federal contractors
Posted in Data Compliance & Security, Privacy RegulationWritten by Jonathan Cain A new rule proposed for federal government contractors will require that all federal contracts over $100,000 (including contracts for commercial items and those to small businesses) will have to include a clause requiring the contractor to implement basic data security protections for any non-public data provided to the contractor by the… Continue Reading
