Privacy & Cybersecurity

The FTC has finally released details of their settlement with Google, including the hefty price tag of $22.5 million, the highest fine ever slapped on a violator of an FTC consent order. The Internet giant was charged with breaking the terms of the consent order they entered into last year by misrepresenting how users could opt out of having certain cookies dropped on their browser.

CNN reports that the Cybersecurity Act of 2012 (SB 3414) has failed to pass the US Senate. A cloture vote failed by a vote of 42-46, mostly along party lines.

A recently-filed class action lawsuit asserts claims against the Winn-Dixie supermarket chain and a third-party vendor, Purchasing Power, LLC, in connection with the alleged theft of employee data provided to Purchasing Power in order to administer a discount purchasing program offered to Winn-Dixie employees. 

In a move signaling increased enforcement of the state’s data privacy and security regulations, California’s Attorney General Kamala D. Harris has announced the creation of the Privacy Enforcement and Protection Unit.  

Small business owners have new hope that they may be on the same footing as individuals when it comes to cybertheft from their bank accounts.

The pre-conference workshops at the Data Protection & Privacy Law Compliance Conference have begun! The first workshop covered managing the risk of third party vendors. An important element of ensuring the security and privacy of your vendors is finding out what vendors your vendors are using. 

North American marketers take note: Canada is set to finalize one of the toughest anti-spam laws in the world. Canada had fallen behind when it came to introducing anti-spam legislation, but it is now making up for lost time.

The Federal Trade Commission (FTC) has announced that it has filed suit in U.S. District Court in Phoenix against Wyndham Worldwide Corporation and three of its subsidiaries. The lawsuit cites "alleged data security failures that led to three data breaches at Wyndham hotels in less than two years."  

We have been following proposed legislation to modify the Connecticut data breach notification law as it worked its way (unsuccessfully) through the 2012 General Session of the legislature.

Nearly as predictable as the sun coming up in the morning, the recent theft of 6.5 million LinkedIn user passwords has resulted in the filing of a class action lawsuit in a California federal court. 

Recently, the National Labor Relations Board Acting General Counsel Lafe E. Solomon issued his third and latest report on social media cases, providing specific guidance on how to construct a lawful social media policy.

Spokeo, Inc. has agreed to pay the FTC $800,000 to settle the FTC’s claims alleging that Spokeo violated the Fair Credit Reporting Act (FCRA) and committed unfair or deceptive acts or practices under the FTC Act. Spokeo is a data broker that collects personal information of millions of consumers and compiles that information into online profiles for each person.

Last week at the OCR/NIST conference, Building Assurance through HIPAA Security, Linda Sanches of The Office for Civil Rights provided an extensive update on the pilot HITECH audit program, including preliminary findings, what regulated entities can expect next and suggestions for covered entities concerned about being audited. 

Here is some weekend reading for those looking at e-discovery issues. Our colleagues, John Koss and Rebecca Diamond, have published an article in Bloomberg BNA - Digital Discovery and e-Evidence delving into deleted text messages in the Deepwater Horizon controversy.

4:44 PM -- LinkedIn has confirmed reports of hacking -

Welcome to June! It's time for an an updated version of our "Mintz Matrix" --- the Mintz Levin matrix of state data security breach notification laws. We update this matrix quarterly, or as developments dictate.

A recent Massachusetts Superior Court decision, Falmouth Firefighters Union v. Town of Falmouth, answers “no.”

The FTC has again provided us with a road map to compliance through the Myspace consent order. Here are the takeaways that should concern every company with an online presence.

Allow us to take a moment to congratulate one of our own. Mintz Levin colleague, Julia Siripurapu, has joined the ranks of certified privacy professionals! The CIPP credential is one of the best-recognized certifications in the "privacy world" and demonstrates Julia's knowledge and proficiency with privacy-related matters.

Last October, a Maloney Properties, Inc. (“MPI”) company laptop was stolen containing unencrypted personal information, including social security numbers, for over 600 Massachusetts residents. Shortly after the incident, MPI sent letters to customers alerting them of the incident and related data breach.