Privacy & Cybersecurity
Viewpoints
Filter by:
Massachusetts Information Security and Privacy Act Sent to “Study”
June 2, 2022 | Blog | By Cynthia Larose, Daniel Connelly
FTC to Twitter: Do What You Say (Or Pay $150M If You Don’t)
June 1, 2022 | Blog | By Christopher Buontempo , Cynthia Larose
FBI Director Wray Says FBI Blocked Planned Cyberattack on Boston Children’s Hospital
June 1, 2022 | Blog | By Cynthia Larose
Connecticut is on the Privacy Move
May 4, 2022 | Blog | By Christopher Buontempo , Cynthia Larose
Connecticut Governor Ned Lamont has signed the country’s fifth comprehensive consumer privacy act. Our breakdown below outlines key concepts on how the Connecticut Data Privacy Act (CDPA) will impact businesses, and several notes about how its provisions compare to other US state privacy laws.
Read more
Health Care Organizations Warned of Aggressive Ransomware Threat
April 28, 2022 | Blog | By Cynthia Larose
Ransomware is the “business pandemic.” Warnings have been issued by multiple agencies around the world to alert businesses to increase their protection and awareness. Most recently, the Department of Health and Human Services (HHS) has issued a warning to health care organizations related to what it calls “an exceptionally aggressive” ransomware group known as Hive.
Read more
SEC Proposes New Cybersecurity Rules for Public Companies
March 21, 2022 | Advisory | By Roman M. Gorokhov, Cynthia Larose, Megan Gates, John Condon
President Says Russia “Exploring” Cyberattacks Against U.S.
March 21, 2022 | Blog | By Cynthia Larose
On March 21, President Biden warned U.S. companies to be on guard against Russian cyberattacks, citing intelligence as a call to action.
Read more
Utah Consumer Privacy Act – Mintz’s Hot Take
March 17, 2022 | Blog | By Cynthia Larose, Christopher Buontempo
Utah is on the brink of joining California, Colorado, and Virginia to become the fourth state in the US to enact a major comprehensive privacy law. On February 25, the Utah Senate passed the Utah Consumer Privacy Act (“UCPA”), and on March 2, it was passed by the Utah House. The Mintz privacy team has reviewed the UCPA for answers to business’ most pressing questions about how this new law will affect them if it is enacted.
Read more
Facebook to Pay $90 Million to Settle Data Privacy Lawsuit
February 18, 2022 | Blog | By Cynthia Larose
Facebook’s parent company Meta has agreed to settle one of the longest-running data privacy lawsuits in the country for $90 million. This dispute, originally filed in 2012 in a total of 21 related cases, alleged that Facebook continued to track its users even after they logged out of the social media platform. Specifically, the plaintiffs’ alleged that Facebook used cookies and various plug-ins in order to track and save information about its users’ visits to third-party websites and then sold to advertisers.
Read more
New UK International Data Transfer Agreement and a New Approach to UK Data Transfers
February 7, 2022 | Alert
This alert covers the UK’s new international data transfer agreement and the implications for parties that transfer or receive personal data from the United Kingdom.
Read more
The New UK International Data Transfer Agreement Is Ready To Go From March 21, 2022
February 1, 2022 | Blog
The UK Information Commissioner’s Office (ICO) has just published the final form of its much-anticipated new International Data Transfer Agreement (IDTA), along with a separate addendum to the EU SCCs (SCCs Addendum). The IDTA and the SCCs Addendum offer important alternative ways to ensure that UK personal data is adequately protected when exported from the UK. They have been laid before Parliament and, assuming there are no objections from MPs, will go into effect on March 21, 2022.
Read more
SEC Chair Gensler Wants Public Companies to Upgrade “Cyber Hygiene”
January 24, 2022 | Blog | By Cynthia Larose
Data Privacy Week kicked off with a major message for US publicly-traded companies: the Securities and Exchange Commission will be looking at cybersecurity. SEC Chairman Gary Gensler asked SEC staff to make recommendations regarding companies’ cybersecurity practices and risk disclosures. Gensler also indicated that he will also be considering whether companies should update disclosures to investors when cyber events occur.
Read more
Preparation for 2021 Fiscal Year-End SEC Filings and 2022 Annual Shareholder Meetings
January 18, 2022 | Advisory | By Megan Gates, John Condon, Anne Bruno, Melanie Ruthrauff Levy, Daniel T. Kajunski, Cynthia Larose, Breton Leone-Quick, Page R. Hubben
Read about key regulatory and other developments, including board diversity and other ESG matters, which public companies need to consider as they prepare for their fiscal year-end SEC filings and 2022 annual shareholder meetings.
Read more
FTC Warns Companies to Remediate Log4j Security Vulnerability
January 5, 2022 | Blog | By Cynthia Larose
Before the holidays, we warned of a critical vulnerability in a widely-used Java logging utility that could affect tens of thousands of companies. Since that original alert, multiple US and foreign government cybersecurity agencies published a joint advisory and guidance for affected organizations recommending that patches or workarounds be applied immediately to mitigate the vulnerabilities and exposure. The US Cybersecurity and Infrastructure Security Agency also ordered US federal civilian executive branch agencies to patch within days of the order.
Read more
When Can a Trademark Owner Take Action for Unauthorized Use of its Trademark Online?
January 4, 2022 | Blog | By Susan Neuberger Weller
Unauthorized use of a trademark on the Internet occurs often and in many forms, usually involving the profiting, whether intentionally or unintentionally, from the goodwill associated with a trademark belonging to someone else. Such use, however, does not always rise to the level of trademark infringement. Unauthorized use of a trademark is only infringing if the particular use causes likely confusion among consumers. The most common type of confusion is confusion over source, which occurs at the time of purchase, but confusion can also arise as to affiliation, connection, or sponsorship, and confusion does not necessarily need to occur at the time of purchase.
Read more
CRITICAL ALERT: Log4Shell
December 13, 2021 | Alert | By Cynthia Larose
CVE-2021-44228 — dubbed Log4Shell — can easily be exploited to gain complete access to the targeted system by getting the application to log a specially crafted string. Government organizations and the private sector are responding to the disclosure of a critical vulnerability affecting the widely used Log4j logging utility, as exploitation attempts are on the rise.
Read more
Time to Update Your Incident Response Plans
October 22, 2021 | Blog | By Cynthia Larose
Our Mintz Matrix has been updated to reflect the new 2021 requirements and should be a part of your information security toolbox.
Read more
Privacy Implications of the Facebook Whistleblower Testimony
October 20, 2021 | Blog | By Cynthia Larose, Christian Tamotsu Fjeld
Vice President of ML Strategies Christian Fjeld provided insights for a feature article published by The National Law Review examining the privacy implications of Facebook whistleblower Frances Haugen’s testimony before a Congressional Subcommittee regarding harms perpetuated by the tech giant.
Read more
California’s Senate Bill 41: The Genetic Information Privacy Act
October 19, 2021 | Blog | By Stephnie John, Lara Compton
Our previous blog post on pending California privacy legislation included a prediction that has since materialized: Governor Newsom signed the Genetic Information Privacy Act (“GIPA”) on October 6, 2021, and the law will go into effect on January 1, 2022. GIPA establishes a number of mechanisms to close the existing gap in the protection of genetic information under the current framework of federal and state privacy laws. As discussed in our earlier post, GIPA contains a robust penalty structure, but it includes a number of carve-outs and does not apply to entities already subject to regulation under other health information privacy laws. Notably, GIPA does not reduce or eliminate obligations under other laws, including California’s more broadly applicable consumer privacy laws, such as the CCPA and breach notification statute, as recently amended by AB 825. Given Governor Newsom’s former concern about GIPA’s interference with mandatory COVID-19 testing reporting, the law also does not apply to tests that are conducted exclusively to diagnose whether an individual has a specific disease.
Read more
California Update
October 7, 2021 | Blog | By Cynthia Larose
Legislation is starting to move off California Governor Gavin Newsom’s desk including the Genetic Information Privacy Act, which will take effect on January 1, 2022.
Read more
Explore Other Viewpoints:
- Antitrust
- Appellate
- Arbitration, Mediation & Alternate Dispute Resolution
- Artificial Intelligence
- Awards
- Bankruptcy & Restructuring
- California Land Use
- Class Action
- Complex Commercial Litigation
- Construction
- Consumer Product Safety
- Cross-Border Asset Recovery
- Debt Financing
- Direct Investing (M&A)
- Diversity
- EB-5 Financing
- Education & Nonprofits
- Employment
- Energy & Sustainability
- Environmental Enforcement Defense
- Environmental Law
- FDA Regulatory
- Federal Circuit Appeals
- Financial Institution Litigation
- Government Law
- Growth Equity
- Health Care
- Health Care Compliance, Fraud and Abuse, & Regulatory Counseling
- Health Care Enforcement & Investigations
- Health Care Transactions
- Health Information Privacy & Security
- IP Due Diligence
- IPRs & Other Post Grant Proceedings
- Immigration
- Insolvency & Creditor Rights Litigation
- Institutional Investor Class Action Recovery
- Insurance & Financial Services
- Insurance Consulting & Risk Management
- Insurance and Reinsurance Problem-Solving & Dispute Resolution
- Intellectual Property
- Investment Funds
- Israel
- Licensing & Technology Transactions
- Life Sciences
- Litigation & Investigations
- M&A Litigation
- ML Strategies
- Medicare, Medicaid and Commercial Coverage & Reimbursement
- Mergers & Acquisitions
- Patent Litigation
- Patent Prosecution & Strategic Counseling
- Pharmacy Benefits and PBM Contracting
- Portfolio Companies
- Privacy & Cybersecurity
- Private Client
- Private Equity
- Pro Bono
- Products Liability & Complex Tort
- Projects & Infrastructure
- Public Finance
- Real Estate Litigation
- Real Estate Transactions
- Real Estate, Construction & Infrastructure
- Retail & Consumer Products
- Securities & Capital Markets
- Securities Litigation
- Special Purpose Acquisition Company (SPACs)
- Sports & Entertainment
- Strategic IP Monetization & Licensing
- Tax
- Technology
- Technology, Communications & Media
- Technology, Communications & Media Litigation
- Trade Secrets
- Trademark & Copyright
- Trademark Litigation
- Value-Based Care
- Venture Capital & Emerging Companies
- White Collar Defense & Government Investigations
- Women's Health and Technology