Written by Jonathan Cain A new rule proposed for federal government contractors will require that all federal contracts over $100,000 (including contracts for commercial items and those to small businesses) will have to include a clause requiring the contractor to implement basic data security protections for any non-public data provided to the contractor by the… Continue Reading
Data Compliance & Security
Subscribe to Data Compliance & Security RSS FeedReal World Strategies for Real World Risks — San Diego Event
Posted in Data Compliance & SecurityIf you’re in the vicinity of the Mintz Levin San Diego office on September 19th, please join us for this event! Register at the link below – The Security & IP SIGs Present: Real World Strategies for Managing Real World Risks
FTC to Mobile App Developers: Get Privacy Right from the Start
Posted in Data Compliance & Security, Federal Trade Commission, Online Advertising, Privacy RegulationMobile app developers have some unique challenges when it comes to preparation and implementation of privacy policies. But, regulators have made it quite clear that the general privacy laws and regulations apply whether the application is online or mobile. To refresh your memory, see our Mintz Client Alert (here) regarding the California AG’s agreement with… Continue Reading
“Back to School” – Upcoming Cybersecurity Event in Boston
Posted in Data Breach, Data Breach Notification, Data Compliance & SecurityIt’s that time of year again – and not just the kiddies are headed back to school. We’re co-sponsoring a free cybersecurity event with a panel of experts to discuss risk management and risk transfer in the privacy/security world. More information, including registration link, is posted here. Watch this blog for announcement of a webinar… Continue Reading
Risk assessments are critical to avoid data blackmail
Posted in Data Breach, Data Compliance & Security, Identity TheftThe article below was posted to the Mintz Health Law & Policy Matters blog, but it contains valuable information for any business regarding steps to take to avoid data blackmail. Check out the bullet point list below and make sure that your company secures all its sensitive data against threats, both internal and external. Written… Continue Reading
Law & Order PEPU: California’s new Privacy Enforcement and Protection Unit
Posted in Data Breach, Data Compliance & Security, Identity Theft, Privacy RegulationWritten by Jake Romero In a move signaling increased enforcement of the state’s data privacy and security regulations, California’s Attorney General Kamala D. Harris has announced the creation of the Privacy Enforcement and Protection Unit. The Privacy Unit will be staffed by California Department of Justice Employees, including six dedicated prosecutors, and will have… Continue Reading
From the Data Protection and Privacy Conference: Words of Advice from the Federal Trade Commission
Posted in Data Breach Notification, Data Compliance & Security, Federal Trade Commission, Identity Theft, Privacy RegulationWritten by Amy Malone Amy Malone is attending the Data Protection & Privacy Law Conference in Arlington, Virginia this week and will be providing updates. Kevin Moriarty from the Division of Privacy and Identity Protection of the Federal Trade Commission addressed the privacy conference on Wednesday. His discussion focused on the current FTC policy work, including workshops… Continue Reading
Know thy vendor’s vendor…..
Posted in Data Compliance & Security, SecurityWritten by Amy Malone Amy Malone is attending the Data Protection & Privacy Law Conference in Arlington, Virginia this week and will be providing updates. The pre-conference workshops at the Data Protection & Privacy Law Compliance Conference have begun! The first workshop covered managing the risk of third party vendors. An important element of ensuring… Continue Reading
HIPAA Audit Protocols Now Public
Posted in Data Compliance & Security, HIPAA/HITECH, Privacy RegulationWritten by: Dianne Bourque and Stephanie Willis As promised by the Department of Health and Human Services’ Office of Civil Rights (OCR) and as reported here on June 11th, OCR has released its HIPAA privacy and security audit protocols. The audit protocols are intended to cover the three main areas of HIPAA privacy and security enforcement: Privacy Rule requirements,… Continue Reading
HITECH: Business Associates Beware – New Rules, Audits and Enforcement on the Horizon!
Posted in Data Compliance & Security, HIPAA/HITECHThe upcoming HIPAA Omnibus Rule is poised to transform an already challenging privacy and security landscape for business associates or those who provide services to HIPAA “covered entities.” The HITECH Act has already imposed greater compliance responsibility on business associates and their subcontractors. The rules are set to change further and failure to comply can result in… Continue Reading
UK Cookie Law “Grace Period” Expires — Enforcement to Begin
Posted in Data Compliance & Security, Privacy RegulationWhile those of us in the United States were observing Memorial Day and enjoying the unofficial start of summer, the grace period from enforcement of the UK “Cookie Law” expired on Sunday, May 27th. Accordingly, websites must now officially obtain “informed consent” from visitors before saving cookies on a machine. The reach of… Continue Reading
FTC v. Myspace Part II — The Takeaways
Posted in Data Compliance & Security, Federal Trade Commission, Online Advertising, Privacy Litigation, Privacy RegulationThe FTC has again provided us with a road map to compliance through the Myspace consent order. Here are the takeaways that should concern every company with an online presence. Keeping the FTC Out of Your Space — The Takeaways Much can be learned from how the FTC has evaluated the adequacy of Myspace’s privacy policy… Continue Reading
Navigant: Reports of Data Breaches On the Increase Across Industries
Posted in Data Breach, Data Breach Notification, Data Compliance & Security, HIPAA/HITECH, Privacy Regulation, SecurityNavigant recently published the latest update of its comprehensive Information Security and Data Breach Report, which adds yet another analytic view of the data breach picture. And the view is not a pretty one. You can get a copy of the report here. Some of the “highlights”: Healthcare entities again accounted for the largest percentage… Continue Reading
Symantec: Malicious Cyber Attacks Increased by 81 Percent in 2011 and Data Breaches Up
Posted in Data Breach, Data Breach Notification, Data Compliance & Security, Identity Theft, SecuritySymantec has released its annual Internet Security Threat Report, and the numbers are astounding. According to the report, malicious attacks on networks skyrocketed by 81 percent in 2011. The report also highlights that advanced persistent threats, known as APT attacks, are spreading to organizations of all sizes, with the number of daily APT attacks increasing… Continue Reading
The Rising Cost of HIPAA Violations: $100,000 Fine Levied on Physician Group
Posted in Data Compliance & Security, HIPAA/HITECH, SecurityWritten by Kimberly Gold If your company needs another reminder that policies and procedures, risk assessments, documentation and training are critical elements for HIPAA compliance programs, we have another corrective action plan – and monetary fine – that should be utilized as a “teachable moment” for health care providers and business associates alike. Phoenix Cardiac… Continue Reading
Massachusetts Attorney General Data Breach Investigation Results in $15,000 Settlement with Property Management Firm
Posted in 201 CMR 17.00, Data Breach, Data Breach Notification, Data Compliance & Security, Privacy RegulationWritten by Cynthia J. Larose and Adam Veness Last October, a Maloney Properties, Inc. (“MPI”) company laptop was stolen containing unencrypted personal information, including social security numbers, for over 600 Massachusetts residents. Shortly after the incident, MPI sent letters to customers alerting them of the incident and related data breach. As a result of that… Continue Reading
The cost of HIPAA non-compliance – $17 million – UPDATE
Posted in Data Breach, Data Breach Notification, Data Compliance & Security, HIPAA/HITECHWritten by Kevin McGinty If it wasn’t clear before, a recent settlement of HIPAA claims brought by the Department of Health and Human Services against BlueCross BlueShield of Tennessee (“BCBST”) underscores the high regulatory cost of non-compliance with privacy requirements. HHS announced on March 13, 2012 that BCBST has agreed to pay $1.5 million… Continue Reading
Consumer Privacy Bill of Rights – Summary and Invitation to Comment
Posted in Data Compliance & Security, Legislation, Privacy RegulationThe Department of Commerce has already taken the first steps to implementing the White House’s Consumer Privacy Bill of Rights announced last month. Commerce has invited comment on “what issues should be addressed through the privacy multi-stakeholder process and how to structure these discussions so they are open, transparent, and most productive.” According to the Federal… Continue Reading
Massachusetts Businesses Face Two New Challenges on Data Security
Posted in 201 CMR 17.00, Class Action Litigation, Data Compliance & SecurityA cross-post from our friends at the Associated Industries of Massachusetts – and important reading, given that March 1st is Thursday. Employers Face Two New Challenges on Data Security
President Obama: “American consumers can’t wait any longer….”
Posted in Data Compliance & Security, Federal Trade Commission, Legislation, Online Advertising, Privacy RegulationAt the White House today, President Obama unveiled his administration’s framework for new privacy regulations and the long-awaited white paper entitled “Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy.” This follows up on the Department of Commerce “green paper” issued well over a year… Continue Reading
A Top Five List: Data Security and Privacy Issues 2012
Posted in Data Compliance & Security, European Union, Federal Trade Commission, Legislation, Privacy RegulationHere is an article published in Westlaw Journal on the top 5 data security and privacy issues in 2012 (and there could be a “top 20″ if we’d had the column inches!) — a little crystal ball-gazing: Top 5 Commercial Data Security and Privacy Issues in 2012
Massachusetts Data Security Regulations: Deadline Looms for Amending Service Provider Contracts
Posted in 201 CMR 17.00, Data Compliance & Security, Privacy RegulationJust a reminder that March 1 is an important deadline with respect to the Massachusetts data privacy and security regulations (the “Regulations”). As a refresher, the Regulations require all entities that “own or license” personal information of Massachusetts residents — wherever the entity is located — to comply with provisions requiring specific administrative, physical and technical… Continue Reading
HIPAA Breach Reporting Deadline Approaching
Posted in Data Breach Notification, Data Compliance & Security, HIPAA/HITECHOur colleagues over at the Mintz Health Law Policy Matters blog have posted a reminder about the approaching annual HITECH data breach reporting deadline. All “small” calendar year 2011 breaches affecting fewer than 500 must be reported to the Office of Human Rights by the end of February. If you think this may be you,… Continue Reading
Broken Privacy Promises from Upromise? FTC Settlement and Key Takeaways (Update)
Posted in Data Compliance & Security, Federal Trade CommissionWritten by Jake Romero According to the Federal Trade Commission, the most remarkable aspect of Upromise, an online college savings program, was not how much its users saved. Rather, it was how much they were giving away. The FTC has announced settlement regarding a complaint it had filed against Upromise, Inc. alleging that the corporation… Continue Reading
