Skip to main content

Privacy & Cybersecurity

Viewpoints

Filter by:

Privacy & Thumbnail Viewpoints Thumbnail

Connecticut is on the Privacy Move

May 4, 2022 | Blog | By Christopher Buontempo, Cynthia Larose

Connecticut Governor Ned Lamont has signed the country’s fifth comprehensive consumer privacy act. Our breakdown below outlines key concepts on how the Connecticut Data Privacy Act (CDPA) will impact businesses, and several notes about how its provisions compare to other US state privacy laws.
Read more
Privacy & Thumbnail Viewpoints Thumbnail
Ransomware is the “business pandemic.” Warnings have been issued by multiple agencies around the world to alert businesses to increase their protection and awareness. Most recently, the Department of Health and Human Services (HHS) has issued a warning to health care organizations related to what it calls “an exceptionally aggressive” ransomware group known as Hive.
Read more
Privacy & Thumbnail Viewpoints Thumbnail

President Says Russia “Exploring” Cyberattacks Against U.S.

March 21, 2022 | Blog | By Cynthia Larose

On March 21, President Biden warned U.S. companies to be on guard against Russian cyberattacks, citing intelligence as a call to action.
Read more
Privacy & Thumbnail Viewpoints Thumbnail

Utah Consumer Privacy Act – Mintz’s Hot Take

March 17, 2022 | Blog | By Cynthia Larose, Christopher Buontempo

Utah is on the brink of joining California, Colorado, and Virginia to become the fourth state in the US to enact a major comprehensive privacy law.  On February 25, the Utah Senate passed the Utah Consumer Privacy Act (“UCPA”), and on March 2, it was passed by the Utah House. The Mintz privacy team has reviewed the UCPA for answers to business’ most pressing questions about how this new law will affect them if it is enacted.
Read more
Privacy & Thumbnail Viewpoints Thumbnail

Facebook to Pay $90 Million to Settle Data Privacy Lawsuit

February 18, 2022 | Blog | By Cynthia Larose

Facebook’s parent company Meta has agreed to settle one of the longest-running data privacy lawsuits in the country for $90 million. This dispute, originally filed in 2012 in a total of 21 related cases, alleged that Facebook continued to track its users even after they logged out of the social media platform. Specifically, the plaintiffs’ alleged that Facebook used cookies and various plug-ins in order to track and save information about its users’ visits to third-party websites and then sold to advertisers.
Read more
Privacy & Thumbnail Viewpoints Thumbnail
The UK Information Commissioner’s Office (ICO) has just published the final form of its much-anticipated new International Data Transfer Agreement (IDTA), along with a separate addendum to the EU SCCs (SCCs Addendum). The IDTA and the SCCs Addendum offer important alternative ways to ensure that UK personal data is adequately protected when exported from the UK. They have been laid before Parliament and, assuming there are no objections from MPs, will go into effect on March 21, 2022.
Read more
Privacy & Thumbnail Viewpoints Thumbnail
Data Privacy Week kicked off with a major message for US publicly-traded companies: the Securities and Exchange Commission will be looking at cybersecurity. SEC Chairman Gary Gensler asked SEC staff to make recommendations regarding companies’ cybersecurity practices and risk disclosures. Gensler also indicated that he will also be considering whether companies should update disclosures to investors when cyber events occur.
Read more
Privacy & Thumbnail Viewpoints Thumbnail

FTC Warns Companies to Remediate Log4j Security Vulnerability

January 5, 2022 | Blog | By Cynthia Larose

Before the holidays, we warned of a critical vulnerability in a widely-used Java logging utility that could affect tens of thousands of companies.   Since that original alert, multiple US and foreign government cybersecurity agencies published a joint advisory and guidance for affected organizations recommending that patches or workarounds be applied immediately to mitigate the vulnerabilities and exposure.   The US Cybersecurity and Infrastructure Security Agency also ordered US federal civilian executive branch agencies to patch within days of the order. 
Read more
Intellectual Property Viewpoints Thumbnail

When Can a Trademark Owner Take Action for Unauthorized Use of its Trademark Online?

January 4, 2022 | Blog | By Susan Neuberger Weller, Allen Loayza

Unauthorized use of a trademark on the Internet occurs often and in many forms, usually involving the profiting, whether intentionally or unintentionally, from the goodwill associated with a trademark belonging to someone else. Such use, however, does not always rise to the level of trademark infringement. Unauthorized use of a trademark is only infringing if the particular use causes likely confusion among consumers. The most common type of confusion is confusion over source, which occurs at the time of purchase, but confusion can also arise as to affiliation, connection, or sponsorship, and confusion does not necessarily need to occur at the time of purchase.
Read more
Privacy & Thumbnail Viewpoints Thumbnail

Time to Update Your Incident Response Plans

October 22, 2021 | Blog | By Cynthia Larose

Our Mintz Matrix has been updated to reflect the new 2021 requirements and should be a part of your information security toolbox.
Read more
Privacy & Thumbnail Viewpoints Thumbnail

Privacy Implications of the Facebook Whistleblower Testimony

October 20, 2021 | Blog | By Cynthia Larose, Christian Tamotsu Fjeld

Vice President of ML Strategies Christian Fjeld provided insights for a feature article published by The National Law Review examining the privacy implications of Facebook whistleblower Frances Haugen’s testimony before a Congressional Subcommittee regarding harms perpetuated by the tech giant.
Read more
Health Care Viewpoints Thumbnail

California’s Senate Bill 41: The Genetic Information Privacy Act

October 19, 2021 | Blog | By Stephnie John, Lara Compton

Our previous blog post on pending California privacy legislation included a prediction that has since materialized: Governor Newsom signed the Genetic Information Privacy Act (“GIPA”) on October 6, 2021, and the law will go into effect on January 1, 2022. GIPA establishes a number of mechanisms to close the existing gap in the protection of genetic information under the current framework of federal and state privacy laws. As discussed in our earlier post, GIPA contains a robust penalty structure, but it includes a number of carve-outs and does not apply to entities already subject to regulation under other health information privacy laws. Notably, GIPA does not reduce or eliminate obligations under other laws, including California’s more broadly applicable consumer privacy laws, such as the CCPA and breach notification statute, as recently amended by AB 825. Given Governor Newsom’s former concern about GIPA’s interference with mandatory COVID-19 testing reporting, the law also does not apply to tests that are conducted exclusively to diagnose whether an individual has a specific disease.
Read more
Privacy & Thumbnail Viewpoints Thumbnail

California Update

October 7, 2021 | Blog | By Cynthia Larose

Legislation is starting to move off California Governor Gavin Newsom’s desk including the Genetic Information Privacy Act, which will take effect on January 1, 2022.
Read more
Privacy & Thumbnail Viewpoints Thumbnail
California lawmakers wrapped up this year’s legislative session, passing roughly 900 bills this year. Among those were only a few privacy initiatives, which we outline here.
Read more
Privacy & Thumbnail Viewpoints Thumbnail

What We’re Reading – September 24, 2021

September 24, 2021 | Blog | By Cynthia Larose

Welcome to Fall 2021!   We’re trying to curate some of the week’s privacy and cybersecurity news to keep you up-to-date.
Read more
Privacy & Thumbnail Viewpoints Thumbnail

California’s New Privacy Regulator Invites You to Comment

September 23, 2021 | Blog | By Cynthia Larose

The California Privacy Protection Agency Board (“CPPA Board”), has issued an invitation for preliminary comments from the public related to a wide swath of areas over which the CPPA Board has rulemaking authority. According to the invitation, comments may be used in developing new regulations under the CPRA, and determining whether changes to the existing regulations are needed to implement the CPRA.
Read more
Health Care Viewpoints Thumbnail

California Health Privacy Information Legislation Update

September 22, 2021 | Blog | By Lara Compton, Stephnie John

When it comes to the privacy of health information, California belongs to the select group of states that have implemented broad consumer privacy protections above and beyond those provided by the federal Health Insurance Portability and Accountability Act (HIPAA) and the Federal Trade Commission Act (FTCA). This year, the state’s ongoing legislative efforts to protect the health information of its residents included: Assembly Bill 1436 (AB 1436) which if enacted would have revised California’s existing Confidentiality of Medical Information Act (CMIA), and Senate Bill 41 (SB 41), which if enacted will create the new Genetic Information Privacy Act (GIPA). As further discussed below, only SB 41 is moving forward, and if signed by Governor Newsom GIPA will go into effect on January 1, 2022.
Read more
Health Care Viewpoints Thumbnail
On September 15, 2021, in response to the “proliferation of apps and connected devices that capture sensitive health data” the Federal Trade Commission (FTC) issued a Policy Statement ( the Statement) offering guidance on the scope of the FTC’s Health Breach Notification Rule (Breach Rule). According to the Statement, the Breach Rule applies outside of the traditional health care context (e.g. health care involving diagnosis and treatment by a licensed health care provider) and the FTC intends to bring enforcement actions for noncompliance involving up to $43,792 in civil penalties per violation, per day.
Read more
Privacy & Thumbnail Viewpoints Thumbnail

What We’re Reading – September 17, 2021

September 17, 2021 | Blog | By Cynthia Larose

Read more
Privacy & Thumbnail Viewpoints Thumbnail
Organizations that use the European Union’s Standard Contractual Clauses (SCCs) to govern their transfers of personal data from the European Economic Area (EEA) to other countries should have September 27, 2021 circled in red in their calendars (or the virtual equivalent).
Read more

Explore Other Viewpoints: