Skip to main content

Privacy & Cybersecurity

Viewpoints

Filter by:

The Article 29 Working Party (WP29) advisory group, which will soon become the more transparently-named (and very powerful) European Data Protection Board, is busy drafting and issuing guidance documents to help organizations understand how European data protection authorities will interpret various requirements of the General Data Protection Regulation (GDPR). 
As was generally expected from informal comments by EU representatives, Privacy Shield has survived its first annual review. Commissioner Jourova stated: "Our first review shows that the Privacy Shield works well, but there is some room for improving its implementation."
This week’s disclosure that a 2013 data breach may have affected all 3 billion Yahoo accounts then in existence could alter the scope of the consolidated data breach cases currently pending against Yahoo in the federal court in San Francisco.
Many companies around the world rely on the EU’s standard contractual clauses (also known as the model clauses, and referred to in this article as the “SCCs”) as the legal basis for transferring personal data from the European Economic Area (EEA) to countries whose privacy laws have not been found adequate by the EU Commission.
EU laws concerning the transfer of employee personal data to the US are complex, and penalties for getting it wrong are set to increase dramatically when the General Data Protection Regulation (GDPR) goes into effect in May 2018.
As Texas, Florida, and the Caribbean rebuild after the latest string of deadly hurricanes and prepare for the possibility of future storms, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) reminded health care providers of the importance of ensuring the availability and security of health information during and after natural disasters.
Many companies have started the potentially lengthy process of auditing their service provider contracts to make sure that they comply with the requirements of the General Data Protection Regulation, which comes into force on May 25, 2018.

The Mintz Matrix - September 2017

September 14, 2017| Blog

As data breaches dominate national headlines it remains important as ever for businesses to invest in security and to be ready to respond if a breach occurs. 
The Equifax breach continues to evolve. 
In the absence of federal action on the Cybersecurity front, states are continuing to focus on cyber-readiness. Our government affairs affiliate, ML Strategies, has prepared an overview of what Massachusetts lawmakers are doing.
Earlier this month, an appellate panel of the federal DC Circuit unanimously held that individuals affected by a healthcare insurer’s data breach in 2014 could pursue claims against the insurer stemming from the cyberattack.
As if the devastating effects of Hurricane Harvey are not bad enough, the United States Computer Emergency Readiness Team (US-CERT) of the Department of Homeland Security is warning of a different threat: falling victim (or exposing your entire company) to Harvey-related phishing schemes.
Uber failed consumers in two key ways: First by misrepresenting the extent to which it monitored its employees’ access to personal information about users and drivers, and second by misrepresenting that it took reasonable steps to secure that data....This case shows that, even if you’re a fast growing company, you can’t leave consumers behind: you must honor your privacy and security promises.
The law firm that inadvertently produced records containing personally-identifying information (“PII”) relating to 50,000 Wells Fargo customers in response to a third-party subpoena, which we first reported on here, went before a judge earlier this month, seeking to permanently bar the recipient and his counsel from further exploitation of the documents and their customer-identifying contents.
Mintz Levin continues to be at the forefront of issues related to contractual arbitration provisions, helping clients optimize their dispute resolution and risk mitigation processes.
If you are one of the many businesses licensed by the New York Department of Financial Services (DFS), and cannot avail yourself of the (very) limited exemptions, you must be ready for the first compliance transition date for the stringent DFS cybersecurity regulations – August 28, 2017.
Recently, the Electronic Privacy Information Center (“EPIC”) asked the FTC to begin an investigation into a Google program called “Store Sales Management.” The purpose of Store Sales Management is to allow for the matching goods purchased in physical brick and mortar stores to the clicking of online ads, or as we refer to the practice, "Bricks to Clicks."
Wells Fargo’s inadvertent production of personal identifying information ("PII") in a case involving a former employee became national news when the New York Times broke the story late last week. 
New Jersey Governor Chris Christie has signed the Personal Information Privacy and Protection Act (we can now add #PIPPA to the alphabet soup of privacy acronyms.....), which limits the ability of retailers to collect PII scanned from customer driver's licenses and identification cards and restricts the usage of any PII collected for the purposes identified in the Act.
The "business compromise email" is what the FBI calls the "$5 billion scam," but apparently an insurance company did not agree with an insured company that they had been the victim of a crime.
Sign up to receive email updates from Mintz.
Subscribe Now

Explore Other Viewpoints: