Since it’s traditionally the time for new beginnings and resolutions to clear away old habits, we’d like to pass on some tips for improving privacy and security in your operations — and in your own life — in 2012. 1. Be sure to secure. Many data breaches occur by leaving sensitive information lying around the… Continue Reading
Data Compliance & Security
Subscribe to Data Compliance & Security RSS FeedThings to do in 2012: Questions to Ask of Cloud Vendors
Posted in Data Breach Notification, Data Compliance & Security, European Union, HIPAA/HITECH, SecurityAdoption of cloud computing is certainly on the increase — but 2011 has seen evidence of some of the risks associated with moving to the cloud. Notable among the year’s data breaches was the breach at e-mail marketer Epsilon Data. To quickly refresh your memory, Epsilon was the victim of a hacking attack, and once… Continue Reading
FTC: Facebook “Deceived” Consumers by Failing to Keep Privacy Promises
Posted in Data Compliance & Security, Legislation“Facebook is obligated to keep the promises about privacy that it makes to its hundreds of millions of users” — Federal Trade Commission Chairman Jon Leibowitz The Federal Trade Commission (FTC) has announced the long-rumored proposed consent decree with Facebook, settling allegations in a complaint that Facebook violated Section 5 of the FTC Act by failing to live… Continue Reading
SEC Guidance to Public Companies: Evaluate and Disclose Cybersecurity Risks
Posted in Class Action Litigation, Data Breach, Data Compliance & Security, Privacy LitigationThe Securities and Exchange Commission (SEC) has issued guidance to public companies with respect to disclosure relating to cybersecurity and data breach risks. This release is from the Commission’s Division of Corporation Finance and is not a rule or regulation — but it is clear that public companies that ignore the advice in the Disclosure… Continue Reading
Cybersecurity and privacy expert joins ML Strategies
Posted in Data Compliance & Security, Legislation, Privacy RegulationWe have a new expert in the house for cybersecurity, privacy and technology issues. Our government relations affiliate, ML Strategies has announced a new Manager of Government Relations, Rachel Sanford. Before coming aboard ML Strategies, Rachel served as a Senior Consultant on privacy and cybersecurity issues at IBM. While at IBM, Ms. Sanford was a… Continue Reading
State Data Breach Notification Laws – The Mintz Matrix
Posted in Data Breach, Data Breach Notification, Data Compliance & SecurityWe update the myriad of state data breach notification laws on a quarterly basis in what we fondly call the Mintz Data Breach Matrix. Hot off the presses is the version current as of October 1, 2011. All the usual disclaimers apply: in the event of a multi-state data breach, the matrix is not a… Continue Reading
Good Weekend Read
Posted in Class Action Litigation, Data Compliance & SecurityMy colleague, and frequent contributor to this space, Kevin McGinty, has published a great article on data privacy class action lawsuits. Happy reading!
House Committee to Hold Hearing on FTC’s COPPA Revisions
Posted in Children, Data Compliance & Security, Privacy RegulationThe Federal Trade Commission has released its long anticipated proposed revisions to its rule implementing the Children’s Online Privacy Protection Act (“COPPA”). COPPA governs (1) operators of websites and online services that are directed to children under the age of 13 and (2) operators of general audience websites or online services that have actual knowledge that… Continue Reading
Privacy and the Smart Grid: California Public Utilities Commission Adopts Smart Grid Data Protection Rules
Posted in Data Compliance & Security, LegislationWritten by Julia Siripurapu Recently the California Public Utilities Commission (CPUC) in a unanimous decision approved data protection rules for the following Smart Grid providers: Pacific Gas and Electric Company, Southern California Edison, San Diego Gas and Electric Company, and the companies that assist them in utility operations, companies under contract with the utilities, and… Continue Reading
Privacy Still on Congressional Radar Screen
Posted in Data Breach, Data Breach Notification, Data Compliance & Security, LegislationLawmakers, industry leaders and officials from the Federal Communications Commission, the Federal Trade Commission and the Department of Commerce generally expressed support last week for Federal legislation on Internet privacy and data security during a Senate Commerce Committee hearing. Senate Commerce Committee Chairman Jay Rockefeller (D-WV), who introduced S. 913, the “Do-Not-Track Online Act of 2011,” which… Continue Reading
Privacy “Webinar Wednesday” Series
Posted in Data Compliance & SecurityLast week, we introduced the “Privacy Webinar Wednesday” educational series with Data Privacy and Security Issues for the Not-for-Profit: 201 CMR 17.00, PCI, and Other Acronyms You Should Know. It was incredibly well-received – over 150 registrants. We’ll be presenting various privacy and security issues on the first Wednesday of the month. In case you… Continue Reading
REMINDER: Webinar Wednesday – Data Privacy and Security Issues for Non-Profit
Posted in Data Compliance & SecurityDon’t forget to register for our first in the Webinar Wednesday Privacy series – Data Privacy and Security Issues for Non-Profits. We have over 100 participants registered! Join us and learn about compliance obligations of non-profit institutions and organizations and what to do to prepare for the inevitable data breach. The second part of the session will feature… Continue Reading
Into the Breach – Security Failures Can Cost You
Posted in 201 CMR 17.00, Data Breach, Data Compliance & SecurityOnce again, we have evidence that failures to implement the most basic of data security measures can cost real money. The Massachusetts Attorney General’s office announced a consent order that fines a Boston restaurant group $110,000 and imposes a set of compliance measures that will also carry a price tag. Despite many headlines trumpeting the “first enforcement action,” this action… Continue Reading
If you don’t want privacy regulation — FTC advises industry to “move quickly”
Posted in Data Compliance & Security, Legislation, Online AdvertisingThe Federal Trade Commission’s public comment period on its preliminary staff report, Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers, has closed. The FTC received over 300 comments during the extended comment period, including several states. It is looking more likely that some form of privacy regulation… Continue Reading
FTC Extends Comment Period – UPDATED
Posted in Data Compliance & Security, Online AdvertisingThe Federal Trade Commission has extended the public comment period on its December 1, 2010 report — FTC Privacy Report. The FTC press release says that, in light of the complex issues raised by the report, a number of organizations have requested an extension of the original January 31, 2011 deadline. Stakeholders now have until February 18,… Continue Reading
It’s Tax Time — Use Caution with those W-2 Forms
Posted in Data Breach, Data Breach Notification, Data Compliance & SecurityWe’ve had several questions lately regarding “mixups” with mailings of W-2 forms, and whether certain situations are really “data breaches.” Some Attorneys General are taking the position that the employer is responsible for providing notice to affected individuals (employees and former employees) and providing the required AG notice letters in the event that tax forms containing personal information… Continue Reading
Data Breach at NYC “Hop-on, Hop-off” Tour Company — 110,000 credit card numbers stolen
Posted in 201 CMR 17.00, Data Breach, Data Breach Notification, Data Compliance & SecuritySince March 1, 2010, privacy professionals have been waiting for a data breach that could bring an enforcement action under 201 CMR 17.00, the Massachusetts privacy regulations. I just spoke with Paul Roberts, editor of threatpost.com, a blog that posted an entry yesterday regarding a breach that could do just that. Twin America LLC, the parent company of… Continue Reading
It’s almost 2011. Do you know where your Red Flags Rule compliance program is?
Posted in Data Compliance & Security, Identity Theft(UPDATED) Late Tuesday, the House of Representatives passed the Red Flag Program Clarification Act of 2010 on a voice vote, clearing the way for President Obama’s signature. The Clarification Act exempts doctors, lawyers, accountants and certain other professionals from compliance with the Red Flags Rule. As you may recall, we discussed lawsuits filed by the American… Continue Reading
FTC to Industry on Consumer Privacy: You “Must Do Better” – UPDATE
Posted in Data Compliance & Security, Legislation, Online AdvertisingFTC Report Supports “Do-Not-Track” and sets out comprehensive framework for consumer privacy
Whistleblowing “protected” under Sarbanes-Oxley, as long as it’s not to the media ….
Posted in Data Compliance & Security, Online AdvertisingOur colleagues over at the Mintz Employment Matters blog have posted an interesting piece on the latest Sarbanes-Oxley whistleblower case — Employment Matters Blog
Don’t Shoot the Messenger: Another Court Cautions Against Retaliating Against Employees Who Report Data Security Concerns
Posted in Data Compliance & SecurityWritten by Michael Arnold, Cynthia Larose and Jennifer Rubin Recently, a California state appellate court in Cutler v. Dike, No. B210624, 2010 WL 3341663 (Cal. Ct. App. Aug. 26, 2010), upheld a jury finding that an employer illegally fired an employee because he objected to the manner in which his employer maintained its confidential patient… Continue Reading
Remember the old quote about “prior preparation?”
Posted in Data Breach, Data Breach Notification, Data Compliance & SecurityMintz Levin has prepared a State Data Breach Laws matrix to help assess obligations under state data breach notification laws in the event of a data security incident.
Facebook Holding Privacy Summit
Posted in Data Compliance & SecurityAs a follow-on to yesterday’s posts regarding the public face of the Facebook privacy brouhaha, at this hour Facebook is holding an “all-hands” meeting to discuss the company’s overall privacy strategy. PC World suggests that perhaps today’s company meeting is the beginning of Facebook’s effort to improve user guidance on issues of sharing and privacy,… Continue Reading
The back-and-forth on Facebook’s privacy travails
Posted in Data Compliance & SecurityWhether the terse discussions in the public arena over Facebook’s privacy “changes” demonstrate that the world’s largest social network is playing fast and loose with the truth about its internal controls on user privacy, or whether it is just an example of poor corporate communication of policies to end users is still a matter of… Continue Reading
