Skip to main content

Privacy & Cybersecurity

Viewpoints

Filter by:

Massachusetts Lawmakers Turn Attention to Cybersecurity

September 6, 2017 | Blog | By Cynthia Larose

In the absence of federal action on the Cybersecurity front, states are continuing to focus on cyber-readiness. Our government affairs affiliate, ML Strategies, has prepared an overview of what Massachusetts lawmakers are doing.
Earlier this month, an appellate panel of the federal DC Circuit unanimously held that individuals affected by a healthcare insurer’s data breach in 2014 could pursue claims against the insurer stemming from the cyberattack.
Uber failed consumers in two key ways: First by misrepresenting the extent to which it monitored its employees’ access to personal information about users and drivers, and second by misrepresenting that it took reasonable steps to secure that data....This case shows that, even if you’re a fast growing company, you can’t leave consumers behind: you must honor your privacy and security promises.

US-CERT Warns of Potential Hurricane Harvey Phishing Scams

August 29, 2017 | Blog | By Cynthia Larose

As if the devastating effects of Hurricane Harvey are not bad enough, the United States Computer Emergency Readiness Team (US-CERT) of the Department of Homeland Security is warning of a different threat: falling victim (or exposing your entire company) to Harvey-related phishing schemes.

The Wells Fargo PII Epic Fail - Chapter II

August 22, 2017 | Blog | By John Koss

The law firm that inadvertently produced records containing personally-identifying information (“PII”) relating to 50,000 Wells Fargo customers in response to a third-party subpoena, which we first reported on here, went before a judge earlier this month, seeking to permanently bar the recipient and his counsel from further exploitation of the documents and their customer-identifying contents.
Mintz Levin continues to be at the forefront of issues related to contractual arbitration provisions, helping clients optimize their dispute resolution and risk mitigation processes.
If you are one of the many businesses licensed by the New York Department of Financial Services (DFS), and cannot avail yourself of the (very) limited exemptions, you must be ready for the first compliance transition date for the stringent DFS cybersecurity regulations – August 28, 2017.
Recently, the Electronic Privacy Information Center (“EPIC”) asked the FTC to begin an investigation into a Google program called “Store Sales Management.” The purpose of Store Sales Management is to allow for the matching goods purchased in physical brick and mortar stores to the clicking of online ads, or as we refer to the practice, "Bricks to Clicks."

Monkey See… Now, How NOT To Do

July 28, 2017 | Blog | By John Koss

Wells Fargo’s inadvertent production of personal identifying information ("PII") in a case involving a former employee became national news when the New York Times broke the story late last week. 

Retailers: Review Those Checkout Practices - Again

July 26, 2017 | Blog | By Cynthia Larose

New Jersey Governor Chris Christie has signed the Personal Information Privacy and Protection Act (we can now add #PIPPA to the alphabet soup of privacy acronyms.....), which limits the ability of retailers to collect PII scanned from customer driver's licenses and identification cards and restricts the usage of any PII collected for the purposes identified in the Act.

Court Holds Crime Policy Covers Business Email Compromise (BEC) Loss

July 24, 2017 | Blog | By Nancy Adams, Cynthia Larose

The "business compromise email" is what the FBI calls the "$5 billion scam," but apparently an insurance company did not agree with an insured company that they had been the victim of a crime.
The Internet of Things (“IoT”) can be thought of as a group of different devices that can communicate with each other, perhaps over a network such as the internet. We have written extensively about many of the privacy challenges that IoT devices can create.

Five Questions for Investors in Insurtech

July 11, 2017 | Blog | By Cynthia Larose

Decisions you make when founding and/or investing in an insurtech venture can dictate your regulatory obligations, tax liability, operational structure and, ultimately, profitability.

Knock, Knock, Knocking on Menon’s Door

July 6, 2017 | Blog | By John Koss

In a decision sure to have wide-ranging implications for cross-border discovery and governing privacy regimes, the Supreme Court recently held in Water Splash, Inc. v. Menon, that the Convention on the Service Abroad of Judicial and Extrajudicial Documents in Civil and Commercial Matters (the “Hague Service Convention” or the “Convention”) does not prohibit service by mail. 

Oregon Ramps up State Consumer Protections in an Era of Deregulation

June 28, 2017 | Blog | By Cynthia Larose, Rithika Kulathila

Oregon’s legislature recently expanded the scope of statutory consumer protections by passing a bill to amend the state’s Unlawful Trade Practices Act (the “Act”). Recently, Oregon’s Governor Kate Brown signed H.B. 2090 into law after near unanimous passage by state lawmakers.
Despite some courts’ evident confusion about the impact of payment card theft on consumer cardholders, other courts are getting it right. Just this week, a judge in the Northern District of Illinois issued an order dismissing the second amended complaint filed by consumer cardholders in In re Barnes & Noble Pin Pad Litig. (N.D. Ill.). 
Recently the United States Computer Emergency Readiness Team (US-CERT), an organization within the Department of Homeland Security’s (DHS) National Protection and Programs Directorate (NPPD) and a branch of the Office of Cybersecurity and Communications’ (CS&C) National Cybersecurity and Communications Integration Center (NCCIC), encouraged users and administrators to review a recent article from the Federal Bureau of Investigation (FBI) regarding Building a Digital Defense with an Email Fortress.

Target Reaches $18.5 Million Dollar Settlement in Data Breach with States

May 25, 2017 | Blog | By Wynter Deagle, Cynthia Larose

It seems as though we have been writing about this case for a lifetime. Target Corporation’s data breach saga came one step closer to a conclusion this week. On Tuesday, Target reached an $18.5 million settlement with 47 states and the District of Columbia to resolve the states’ investigation into the company’s 2013 data breach.

May 2017 TCPA Digest

May 24, 2017 | Blog | By Cynthia Larose

This month's issue features updates on the latest regulatory activities and an article on a potential ruling that could have major implications for pending and future TCPA cases.
You’ve had your apple a day, but you can’t keep the subpoenas away…  
And, if your organization is facing a request seeking records or other materials that may contain patient health information (“PHI”), it bears repeating that while HIPAA provides a number of methods through which covered entities that hold records containing PHI may produce such records, these guidelines are closely enforced by courts.
Sign up to receive email updates from Mintz.
Subscribe Now

Days Left Until CCPA

Explore Other Viewpoints: