Skip to main content

Privacy & Cybersecurity

Viewpoints

Filter by:

OCR Highlights Importance of Physical Safeguards to Protect PHI

May 31, 2018 | Blog | By Sarah Beth Kuyers

The May 2018 cyber security newsletter from the U.S. Department of Health and Human Services Office for Civil Rights (OCR) focused on a topic often overlooked by covered entities and their business associates: physical security.

HAPPY GDPR DAY!!

May 25, 2018 | Blog | By Cynthia Larose, Susan Foster

If you glance at the “countdown clock” in the left hand sidebar of our blog, you’ll see that it has reached 00:00:00. GDPR Day is here. But, unlike Y2K (for those of you old enough to remember the near-hysteria), 25 May 2018 is only the beginning of the GDPR compliance road and not a “completion date.”

Still Thinking about GDPR?

May 15, 2018 | Blog | By Cynthia Larose

We are now in the 10-day countdown to the GDPR enforcement date that we’ve been talking about since 2015. If you are a charter member of Procrastinators Anonymous, or just secretly hoped that this would all go away, the sands in the hourglass are running low.

FTC Puts Kids’ Smart Watch Companies in Time Out for COPPA Violation

May 7, 2018 | Blog | By Cynthia Larose, Elana Safner

Answering the centuries’ old question, it appears it is the Federal Trade Commission (“FTC”) that watches the watchmen. The FTC sent warning letters to a pair of foreign app developers cautioning them that their practices of collecting children’s geolocation data without parental consent may be in violation of the Children's Online Privacy Protection Act (“COPPA”).
A challenge to the use of a cy pres charitable donations to settle privacy claims against Google will be heard by the Supreme Court. In Frank v. Gaos, petitioners seek reversal of lower court decisions rejecting their objection to an $8.5 million settlement of claims arising from Google’s transmission of users’ search terms to third-party websites.

Mintz Matrix Updated – Data Breach Laws in All 50 States

April 27, 2018 | Blog | By Cynthia Larose

With the recent enactment of data breach notification laws in South Dakota and Alabama, all 50 US states now have laws regulating data breach notification. We’ve updated the Mintz Matrix (maintained by the Mintz Privacy Team for nearly 10 years) to provide you with the latest information.
Uber Technologies, Inc. (“Uber”) has agreed to an expansion of its initial August 2017 proposed consent agreement with the Federal Trade Commission (“FTC”), in light of revelations of an additional security breach in October 2016, which it knew about but did not disclose until November 2017, after it settled over its initial May 2014 breach.
Facebook has recently chosen to no longer fund opposition to the California Consumer Privacy Act, which could appear on the California State Ballot as an initiated state statute on November 6, 2018.
As the clock ticks down to May 25, 2018, when the European Union’s General Data Protection Regulation (“GDPR”) becomes fully enforceable throughout the EU, the Internet and airwaves have become saturated with guidance for companies about what to expect and how to prepare for its new protections and restrictions.
Alabama has joined the "crazy quilt" of state data breach notification laws with the governor's signature of the Alabama Data Breach Notification Act of 2018.

Only One Left .....

April 2, 2018 | Blog | By Cynthia Larose

Only one U.S. state without a data breach notification law, that is.
South Dakota as become the 49th state to enact a data breach notification law, which take effect on July 1. The South Dakota law follows the pattern of the most recent notification laws, including an expansive definition of "Personal Information".

It's that time of year again: Phish Madness!

March 14, 2018 | Blog | By Cynthia Larose

Beware of March Madness! Scammers and phishers take advantage of increased web traffic by impersonating popular March Madness websites, including bracket sites and game live streams. Will your employees take the bait?

Supreme Court Declines to Address Circuit Split on Data Breach Standing Issue

February 28, 2018 | Blog | By Jane Haviland, Kevin McGinty

A circuit split on whether actual misuse of personal data is required to have standing to assert data breach claims remains unresolved. Last week the Supreme Court rejected a petition to review that issue in CareFirst v. Attias.

The Week Ahead - US v. Microsoft at SCOTUS

February 26, 2018 | Blog | By Cynthia Larose

The Supreme Court on Tuesday will hear arguments in United States v. Microsoft Corp., in which the court will decide whether a US technology service provider, Microsoft, must obey a search warrant for data stored in a foreign country.

Cybersecurity and the 401(k) Plan Sponsor

February 22, 2018 | Blog | By Cynthia Larose

Mintz Levin Benefits attorney Patricia Moran recently authored an article for  the Society for Human Resources Management's latest publication describing the cybersecurity risks involved with 401(k) Plan sponsorship.

How to Leverage Privacy as a Key Competitive Advantage

February 20, 2018 | Blog | By Cynthia Larose, Brian Lam

We've discussed privacy compliance with regulations, legal requirements, etc. in the space since this blog's inception. "Privacy by design" - while not a new concept - is certainly enjoying a new spot in the sunshine thanks to the European Union's General Data Protection Regulation ("GDPR") (93 days and counting...) and its codification of "privacy by design and default" in Article 25.

Deadline Approaching under NY Cybersecurity Regulations

February 13, 2018 | Blog | By Cynthia Larose

If your company is one of the broad group of businesses licensed by the New York Department of Financial Services (NY DFS), a very important deadline is bearing down on February 15. Regulated entities have under Thursday to attest to their compliance with the first-in-the-U.S. cybersecurity regulations (details and links are in blog post below). 

Practical GDPR Steps for US-Headquartered Life Sciences Companies

February 12, 2018 | Blog | By Susan Foster, Cynthia Larose

In case you had not heard, the European Union is replacing its current privacy laws with a new, comprehensive General Data Protection Regulation (GDPR), which takes effect May 25, 2018.
The U.S. Supreme Court heard oral arguments in what may become one of the defining consumer privacy cases of our generation. The central question in Carpenter v. United States asks whether the government violates the Fourth Amendment by accessing an individual’s historical cell phone locations records without a warrant.

GDPR - European Commission Unveils Guidance Website

January 26, 2018 | Blog | By Susan Foster

The European Commission has launched a new data protection website aimed at educating the public and helping businesses and other organizations comply with their new obligations under the General Data Protection Regulation.
Sign up to receive email updates from Mintz.
Subscribe Now

Days Left Until CCPA

Explore Other Viewpoints: