Privacy & Cybersecurity
Viewpoints
Filter by:
FTC Warns Companies to Remediate Log4j Security Vulnerability
January 5, 2022 | Blog | By Cynthia Larose
Before the holidays, we warned of a critical vulnerability in a widely-used Java logging utility that could affect tens of thousands of companies. Since that original alert, multiple US and foreign government cybersecurity agencies published a joint advisory and guidance for affected organizations recommending that patches or workarounds be applied immediately to mitigate the vulnerabilities and exposure. The US Cybersecurity and Infrastructure Security Agency also ordered US federal civilian executive branch agencies to patch within days of the order.
Read more
When Can a Trademark Owner Take Action for Unauthorized Use of its Trademark Online?
January 4, 2022 | Blog | By Susan Neuberger Weller
Unauthorized use of a trademark on the Internet occurs often and in many forms, usually involving the profiting, whether intentionally or unintentionally, from the goodwill associated with a trademark belonging to someone else. Such use, however, does not always rise to the level of trademark infringement. Unauthorized use of a trademark is only infringing if the particular use causes likely confusion among consumers. The most common type of confusion is confusion over source, which occurs at the time of purchase, but confusion can also arise as to affiliation, connection, or sponsorship, and confusion does not necessarily need to occur at the time of purchase.
Read more
Time to Update Your Incident Response Plans
October 22, 2021 | Blog | By Cynthia Larose
Our Mintz Matrix has been updated to reflect the new 2021 requirements and should be a part of your information security toolbox.
Read more
Privacy Implications of the Facebook Whistleblower Testimony
October 20, 2021 | Blog | By Cynthia Larose, Christian Tamotsu Fjeld
Vice President of ML Strategies Christian Fjeld provided insights for a feature article published by The National Law Review examining the privacy implications of Facebook whistleblower Frances Haugen’s testimony before a Congressional Subcommittee regarding harms perpetuated by the tech giant.
Read more
California’s Senate Bill 41: The Genetic Information Privacy Act
October 19, 2021 | Blog | By Stephnie John, Lara Compton
Our previous blog post on pending California privacy legislation included a prediction that has since materialized: Governor Newsom signed the Genetic Information Privacy Act (“GIPA”) on October 6, 2021, and the law will go into effect on January 1, 2022. GIPA establishes a number of mechanisms to close the existing gap in the protection of genetic information under the current framework of federal and state privacy laws. As discussed in our earlier post, GIPA contains a robust penalty structure, but it includes a number of carve-outs and does not apply to entities already subject to regulation under other health information privacy laws. Notably, GIPA does not reduce or eliminate obligations under other laws, including California’s more broadly applicable consumer privacy laws, such as the CCPA and breach notification statute, as recently amended by AB 825. Given Governor Newsom’s former concern about GIPA’s interference with mandatory COVID-19 testing reporting, the law also does not apply to tests that are conducted exclusively to diagnose whether an individual has a specific disease.
Read more
California Update
October 7, 2021 | Blog | By Cynthia Larose
Legislation is starting to move off California Governor Gavin Newsom’s desk including the Genetic Information Privacy Act, which will take effect on January 1, 2022.
Read more
California Legislature Passes New Key Privacy Laws, Expected to Be Signed Next Week
October 4, 2021 | Blog
California lawmakers wrapped up this year’s legislative session, passing roughly 900 bills this year. Among those were only a few privacy initiatives, which we outline here.
Read more
What We’re Reading – September 24, 2021
September 24, 2021 | Blog | By Cynthia Larose
Welcome to Fall 2021! We’re trying to curate some of the week’s privacy and cybersecurity news to keep you up-to-date.
Read more
California’s New Privacy Regulator Invites You to Comment
September 23, 2021 | Blog | By Cynthia Larose
The California Privacy Protection Agency Board (“CPPA Board”), has issued an invitation for preliminary comments from the public related to a wide swath of areas over which the CPPA Board has rulemaking authority. According to the invitation, comments may be used in developing new regulations under the CPRA, and determining whether changes to the existing regulations are needed to implement the CPRA.
Read more
California Health Privacy Information Legislation Update
September 22, 2021 | Blog | By Lara Compton, Stephnie John
When it comes to the privacy of health information, California belongs to the select group of states that have implemented broad consumer privacy protections above and beyond those provided by the federal Health Insurance Portability and Accountability Act (HIPAA) and the Federal Trade Commission Act (FTCA). This year, the state’s ongoing legislative efforts to protect the health information of its residents included: Assembly Bill 1436 (AB 1436) which if enacted would have revised California’s existing Confidentiality of Medical Information Act (CMIA), and Senate Bill 41 (SB 41), which if enacted will create the new Genetic Information Privacy Act (GIPA). As further discussed below, only SB 41 is moving forward, and if signed by Governor Newsom GIPA will go into effect on January 1, 2022.
Read more
FTC Personal Health Records Breach Rule Applies to Health App and Connected Device Developers
September 21, 2021 | Blog | By Lara Compton
On September 15, 2021, in response to the “proliferation of apps and connected devices that capture sensitive health data” the Federal Trade Commission (FTC) issued a Policy Statement ( the Statement) offering guidance on the scope of the FTC’s Health Breach Notification Rule (Breach Rule). According to the Statement, the Breach Rule applies outside of the traditional health care context (e.g. health care involving diagnosis and treatment by a licensed health care provider) and the FTC intends to bring enforcement actions for noncompliance involving up to $43,792 in civil penalties per violation, per day.
Read more
What We’re Reading – September 17, 2021
September 17, 2021 | Blog | By Cynthia Larose
Personal Data Transfers: Bye-bye, old SCCs – don’t forget the September 27th deadline! And the new UK International Data Transfer Agreement is knocking at the door . . .
September 16, 2021 | Blog
Organizations that use the European Union’s Standard Contractual Clauses (SCCs) to govern their transfers of personal data from the European Economic Area (EEA) to other countries should have September 27, 2021 circled in red in their calendars (or the virtual equivalent).
Read more
FBI Warning: Ransomware Attackers Don’t Take Holidays
September 2, 2021 | Blog | By Cynthia Larose
Long holiday weekends make for ransomware attacks and data breaches. It is well-known that malicious actors take advantage of understaffed IT resources on holidays. In fact, it’s become such a common occurrence, that the FBI and the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security have issued a joint advisory warning organizations to be on high alert as Labor Day weekend approaches.
Read more
News Roundup
August 27, 2021 | Blog
The United Kingdom has been busy in the past couple of weeks starting to chart its independent course on data protection and privacy matters. Here’s a quick round-up of the some interesting and important developments.
Read more
What We’re Reading – August 24, 2021
August 24, 2021 | Blog | By Cynthia Larose
There is a glut of information out there regarding privacy and cybersecurity these days. Our new feature “What We’re Reading” provides a curated list of articles, blogs, newsletters, and books that you may find interesting and helpful.
Read more
What We’re Reading - August 6, 2021
August 6, 2021 | Blog | By Cynthia Larose
There is a glut of information out there regarding privacy and cybersecurity these days. Our new feature “What We’re Reading” provides a curated list of articles, blogs, newsletters, and books that you may find interesting and helpful.
Read more
Another Court Orders Production of Cybersecurity Firm’s Forensic Report in a Data Breach Case
July 30, 2021 | Blog
Another district court just ordered the defendant in a data breach class action to turn over the forensic report it believed was entirely protected from disclosure by the attorney-client privilege and work product doctrine. See In re Rutter’s Inc. Data Security Breach Litigation, Case No. 1:20-CV-382 (N.D. Penn. July 22, 2021). The court granted the motion to compel Rutter’s to produce its investigative report (the “Kroll Report”), which was created after the defendant was notified of a potential breach.
Read more
What We’re Reading - July 23, 2021
July 23, 2021 | Blog | By Cynthia Larose
There is a glut of information out there regarding privacy and cybersecurity these days. Our new feature “What We’re Reading” provides a curated list of articles, blogs, newsletters, and books that you may find interesting and helpful.
Read more
California AG Releases Important CCPA Enforcement Information and Announces an Online Consumer Reporting Tool
July 20, 2021 | Blog | By Cynthia Larose
To note the one year anniversary of the California Consumer Privacy Act (CCPA) enforcement date, California Attorney General Rob Banta held a press conference on July 19, 2021 to share key information about enforcement efforts and announce a new consumer privacy tool. He also praised businesses for their prompt compliance efforts and urged consumers to be proactive about their privacy rights.
Read more
Viewpoint Editors
Cynthia J. Larose
Member / Chair, Privacy & Cybersecurity Practice
John B. Koss
Managing Director, E-Data Consulting Group
Dianne J. Bourque
Member
Christopher J. Harvie
Member
Kevin M. McGinty
Member / Co-chair, Class Action Practice
Explore Other Viewpoints:
- Antitrust
- Appellate
- Arbitration, Mediation & Alternate Dispute Resolution
- Artificial Intelligence
- Awards
- Bankruptcy & Restructuring
- California Land Use
- Class Action
- Complex Commercial Litigation
- Construction
- Consumer Product Safety
- Cross-Border Asset Recovery
- Debt Financing
- Direct Investing (M&A)
- Diversity
- EB-5 Financing
- Education & Nonprofits
- Employment
- Energy & Sustainability
- Environmental Enforcement Defense
- Environmental Law
- FDA Regulatory
- Federal Circuit Appeals
- Financial Institution Litigation
- Government Law
- Growth Equity
- Health Care
- Health Care Compliance, Fraud and Abuse, & Regulatory Counseling
- Health Care Enforcement & Investigations
- Health Care Transactions
- Health Information Privacy & Security
- IP Due Diligence
- IPRs & Other Post Grant Proceedings
- Immigration
- Insolvency & Creditor Rights Litigation
- Institutional Investor Class Action Recovery
- Insurance & Financial Services
- Insurance Consulting & Risk Management
- Insurance and Reinsurance Problem-Solving & Dispute Resolution
- Intellectual Property
- Investment Funds
- Israel
- Licensing & Technology Transactions
- Life Sciences
- Litigation & Investigations
- M&A Litigation
- ML Strategies
- Medicare, Medicaid and Commercial Coverage & Reimbursement
- Mergers & Acquisitions
- Patent Litigation
- Patent Prosecution & Strategic Counseling
- Pharmacy Benefits and PBM Contracting
- Portfolio Companies
- Privacy & Cybersecurity
- Private Client
- Private Equity
- Pro Bono
- Products Liability & Complex Tort
- Projects & Infrastructure
- Public Finance
- Real Estate Litigation
- Real Estate Transactions
- Real Estate, Construction & Infrastructure
- Retail & Consumer Products
- Securities & Capital Markets
- Securities Litigation
- Special Purpose Acquisition Company (SPACs)
- Sports & Entertainment
- Strategic IP Monetization & Licensing
- Tax
- Technology
- Technology, Communications & Media
- Technology, Communications & Media Litigation
- Trade Secrets
- Trademark & Copyright
- Trademark Litigation
- Venture Capital & Emerging Companies
- White Collar Defense & Government Investigations
- Women's Health and Technology