Privacy & Cybersecurity

Viewpoints

Filter by:

HIPAA and Other Privacy Considerations at Play when Building a Health App

November 8, 2017 | Blog | By Dianne Bourque, Cynthia Larose

Consumers are increasingly turning to health apps for a variety of medical and wellness-related purposes. This has in turn caused greater amounts of data—including highly sensitive information—to flow through these apps.
Read more

The GDPR Roadshow - Coming Soon!

November 7, 2017 | Blog | By Cynthia Larose

The clock is ticking down to May 25, 2018 , the date that the European Union's General Data Protection Regulation (GDPR) goes into effect. The GDPR is likely to be a game-changer for US companies doing business with the European Union, and many are racing against the clock to figure out exactly what their compliance obligations are.
Read more

The Law of Unintended Consequences: BIPA and the Effects of the Illinois Class Action Epidemic on Employers

November 5, 2017 | Blog | By Cynthia Larose

Has your company recently beefed up its employee identification and access security and added biometric identifiers, such as fingerprints, facial recognition, or retina scans? Have you implemented new timekeeping technology utilizing biometric identifiers like fingerprints or palm prints in lieu of punch clocks?
Read more

FTC Provides Additional Guidance on COPPA Policy for Voice Recordings

November 1, 2017 | Blog | By Alex Blutman

The Federal Trade Commission (FTC) clarified in recent guidance how the Children’s Online Privacy Protection Act (COPPA) applies to internet-connected device companies and other businesses that collect and use children’s voice recordings.
Read more

Key GDPR Guidance on Behavioral Advertising, Profiling and Automated Decision-Making

October 24, 2017 | Blog | By Susan Foster

The Article 29 Working Party (WP29) advisory group, which will soon become the more transparently-named (and very powerful) European Data Protection Board, is busy drafting and issuing guidance documents to help organizations understand how European data protection authorities will interpret various requirements of the General Data Protection Regulation (GDPR). 
Read more

EU Commission Confirms that Privacy Shield Survives its First Annual Review

October 18, 2017 | Blog | By Susan Foster

As was generally expected from informal comments by EU representatives, Privacy Shield has survived its first annual review. Commissioner Jourova stated: "Our first review shows that the Privacy Shield works well, but there is some room for improving its implementation."
Read more

3 Billion Compromised Yahoo Accounts May Yield Largest Plaintiff Class Ever

October 6, 2017 | Blog | By Kevin McGinty

This week’s disclosure that a 2013 data breach may have affected all 3 billion Yahoo accounts then in existence could alter the scope of the consolidated data breach cases currently pending against Yahoo in the federal court in San Francisco.
Read more

WEBINAR: Privacy Shield & the GDPR - Handling HR Data

October 3, 2017 | Blog | By Cynthia Larose

EU laws concerning the transfer of employee personal data to the US are complex, and penalties for getting it wrong are set to increase dramatically when the General Data Protection Regulation (GDPR) goes into effect in May 2018.
Read more

Will the EU box itself in?  Fate of Standard Contractual Clauses (aka the Model Clauses) for personal data transfers is now in the hands of the EU’s highest court

October 3, 2017 | Blog | By Susan Foster

Many companies around the world rely on the EU’s standard contractual clauses (also known as the model clauses, and referred to in this article as the “SCCs”) as the legal basis for transferring personal data from the European Economic Area (EEA) to countries whose privacy laws have not been found adequate by the EU Commission.
Read more

In the Wake of Harvey and Irma, OCR Reminds Providers of HIPAA Security Rule

September 19, 2017 | Blog

As Texas, Florida, and the Caribbean rebuild after the latest string of deadly hurricanes and prepare for the possibility of future storms, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) reminded health care providers of the importance of ensuring the availability and security of health information during and after natural disasters.
Read more

The Mintz Matrix - September 2017

September 14, 2017 | Blog | By Cynthia Larose, Michael Katz

As data breaches dominate national headlines it remains important as ever for businesses to invest in security and to be ready to respond if a breach occurs. 
Read more

Have you started auditing your contracts with your service providers that handle EU personal data?  UK Information Commissioner’s Office issues draft guidance for compliance with the GDPR’s contracting requirements. 

September 14, 2017 | Blog | By Susan Foster

Many companies have started the potentially lengthy process of auditing their service provider contracts to make sure that they comply with the requirements of the General Data Protection Regulation, which comes into force on May 25, 2018.
Read more

Equifax Breach: Three Takeaways in First Four Days

September 13, 2017 | Blog | By Cynthia Larose

The Equifax breach continues to evolve. 
Read more

D.C. Circuit Holds Cyber-Theft of Customers’ Medical Identifying Information Created Sufficient Increased Risk of Harm to Establish Standing

September 1, 2017 | Blog | By Patrick E. McDonough

Earlier this month, an appellate panel of the federal DC Circuit unanimously held that individuals affected by a healthcare insurer’s data breach in 2014 could pursue claims against the insurer stemming from the cyberattack.
Read more

A Warning from the FTC to Fast-Growing Companies: The Uber Consent Order

August 29, 2017 | Blog | By Cynthia Larose

Uber failed consumers in two key ways: First by misrepresenting the extent to which it monitored its employees’ access to personal information about users and drivers, and second by misrepresenting that it took reasonable steps to secure that data....This case shows that, even if you’re a fast growing company, you can’t leave consumers behind: you must honor your privacy and security promises.
Read more

US-CERT Warns of Potential Hurricane Harvey Phishing Scams

August 29, 2017 | Blog | By Cynthia Larose

As if the devastating effects of Hurricane Harvey are not bad enough, the United States Computer Emergency Readiness Team (US-CERT) of the Department of Homeland Security is warning of a different threat: falling victim (or exposing your entire company) to Harvey-related phishing schemes.
Read more

The Wells Fargo PII Epic Fail - Chapter II

August 22, 2017 | Blog | By John Koss

The law firm that inadvertently produced records containing personally-identifying information (“PII”) relating to 50,000 Wells Fargo customers in response to a third-party subpoena, which we first reported on here, went before a judge earlier this month, seeking to permanently bar the recipient and his counsel from further exploitation of the documents and their customer-identifying contents.
Read more

Ten Foundation Questions for In-House Counsel About Form Arbitration Clauses

August 21, 2017 | Blog | By Cynthia Larose

Mintz Levin continues to be at the forefront of issues related to contractual arbitration provisions, helping clients optimize their dispute resolution and risk mitigation processes.
Read more

Are You Ready for the New York August 28th Compliance Deadline?  

August 14, 2017 | Blog | By Cynthia Larose

If you are one of the many businesses licensed by the New York Department of Financial Services (DFS), and cannot avail yourself of the (very) limited exemptions, you must be ready for the first compliance transition date for the stringent DFS cybersecurity regulations – August 28, 2017.
Read more

FTC Asked to Investigate Google’s Matching of “Bricks to Clicks”

August 8, 2017 | Blog | By Cynthia Larose

Recently, the Electronic Privacy Information Center (“EPIC”) asked the FTC to begin an investigation into a Google program called “Store Sales Management.” The purpose of Store Sales Management is to allow for the matching goods purchased in physical brick and mortar stores to the clicking of online ads, or as we refer to the practice, "Bricks to Clicks."
Read more

Subscribe

Sign up to receive email updates from Mintz.
Subscribe Now
Coronavirus Blog Button

Coronavirus Insights Center

ccpa-toolkit

California Consumer Privacy Act (CCPA) – Toolkit

Mintz Matrix

The Mintz Matrix

Find data breach notification laws by state

Viewpoint Editors

Explore Other Viewpoints:

I'm Looking For...