Privacy & Cybersecurity

Viewpoints

Filter by:

US-CERT Encourages Companies to Act on FBI Guidance to Protect Email Systems

June 2, 2017 | Blog

Recently the United States Computer Emergency Readiness Team (US-CERT), an organization within the Department of Homeland Security’s (DHS) National Protection and Programs Directorate (NPPD) and a branch of the Office of Cybersecurity and Communications’ (CS&C) National Cybersecurity and Communications Integration Center (NCCIC), encouraged users and administrators to review a recent article from the Federal Bureau of Investigation (FBI) regarding Building a Digital Defense with an Email Fortress.
Read more

Target Reaches $18.5 Million Dollar Settlement in Data Breach with States

May 25, 2017 | Blog | By Wynter Deagle, Cynthia Larose

It seems as though we have been writing about this case for a lifetime. Target Corporation’s data breach saga came one step closer to a conclusion this week. On Tuesday, Target reached an $18.5 million settlement with 47 states and the District of Columbia to resolve the states’ investigation into the company’s 2013 data breach.
Read more

May 2017 TCPA Digest

May 24, 2017 | Blog | By Cynthia Larose

This month's issue features updates on the latest regulatory activities and an article on a potential ruling that could have major implications for pending and future TCPA cases.
Read more

HIPAA Spring Check-up: Your Obligations to Safeguard Third-Party Patient Health Information in medical records produced in litigation

May 23, 2017 | Blog | By John Koss

You’ve had your apple a day, but you can’t keep the subpoenas away…  
And, if your organization is facing a request seeking records or other materials that may contain patient health information (“PHI”), it bears repeating that while HIPAA provides a number of methods through which covered entities that hold records containing PHI may produce such records, these guidelines are closely enforced by courts.
Read more

#MLWashingtonCyberWatch: The Cybersecurity Executive Order (at last)

May 18, 2017 | Blog | By Cynthia Larose, Joanne Dynak, Michael Katz

Amid the flurry following former FBI Director James Comey’s firing last week, President Trump marked his 111th day in office on Thursday, May 11th by signing an executive order targeting national cybersecurity.
Read more

Yesterday, #WannaCry. Today, #DocuSignPhish

May 16, 2017 | Blog | By Cynthia Larose

Another day, another data incident. If you use DocuSign, you'll want to pay attention.
Read more

Global Ransomware Attack Update

May 15, 2017 | Blog | By Cynthia Larose

We've been following the latest on the WannaCry ransomware attack that we first told you about over the weekend.
Read more

WannaCry Ransomware Attack Updates -- Europol Says "Patch Before Monday"

May 14, 2017 | Blog | By Cynthia Larose, Dianne Bourque

By now, you may have heard about the global ransomware attacks affecting organizations throughout the world. Estimates range from between 150,000 to 200,000 groups in nearly 150 countries, and those numbers could be higher.
Read more

#MLWashingtonCyberWatch: Trump Administration Restricts Privacy Rights for Non-US Citizens

May 3, 2017 | Blog | By Cynthia Larose

In another example of increased restriction on the rights of non-U.S. Citizens, last week the Department of Homeland Security (“DHS”) published a policy memorandum limiting the privacy rights of immigrants and foreign nationals under the Federal Privacy Act of 1974. 
Read more

Appeal in Home Depot Data Breach Derivative Action Results in Settlement of Corporate Governance Claims

May 2, 2017 | Blog | By Kevin McGinty

Snatching victory of a sort from the jaws of defeat, shareholders who brought a derivative action alleging that the 2014 Home Depot data breach resulted from officers’ and directors’ breaches of fiduciary duties have reached a settlement of those claims.
Read more

Two HIPAA Mistakes Lead to Fines from OCR

May 1, 2017 | Blog

It was a busy April for the Office for Civil Rights (“OCR”) (see our prior post on a settlement from earlier in April). On April 20, OCR announced a Resolution Agreement with Center for Children’s Digestive Health, S.C. (“CCDH”) related to CCDH’s failure to enter into a business associate agreement with a paper medical records storage vendor. 
Read more

From the CISO Corner: Your Most Important Security Relationship

April 28, 2017 | Blog | By Cynthia Larose

Today's Guest Post courtesy of Bill Kyrouz, Mintz Levin's CISO:
Have you come to the conclusion that you need a Managed Security Services Provider (MSSP) to support your small to medium sized enterprise but don’t know where to start?
Read more

Kimpton Data Breach Decision Highlights Lingering Confusion on Standing Issues

April 21, 2017 | Blog | By Kevin McGinty

When data thieves steal payment card data, consumers suffer no legally cognizable injuries. Card issuers absorb the fraudulent charges and replace the affected cards.  Because fraudulent charges are not billed to consumers, they do not show up on consumers’ credit reports or otherwise affect their credit ratings. 
Read more

States Take Action! New Mexico, Tennessee and Virginia Pass New Data Breach Legislation

April 18, 2017 | Blog | By Michael Katz, Cynthia Larose

After a quiet winter there has been significant activity in state legislatures to enact, strengthen or clarify their data breach notification statutes. The latest happenings are summarized below and we have updated our “Mintz Matrix” to reflect these new and pending laws. 
Read more

Gone Phishin': Hack Leads to HIPAA Settlement

April 14, 2017 | Blog

While your business may indeed be a "victim" when hit by a phishing attack, your enterprise can also be responsible for violations of law associated with the incident. Earlier this week, the HHS Office for Civil Rights (“OCR”) announced a $400,000 settlement with Metro Community Provider Network (“MCPN”) related to a 2012 HIPAA breach caused by a phishing scam.
Read more

HIPAA Enforcement Issues Straight from the Regulator

April 6, 2017 | Blog

At last week's Health Care Compliance Association's annual “Compliance Institute," Iliana Peters, HHS Office for Civil Rights’ Senior Advisor for HIPAA Compliance and Enforcement, provided a thorough update of HIPAA enforcement trends as well as a road map to OCR’s current and future endeavors.
Read more

Better Late Than Never: New Mexico on the Cusp of Enacting Data Breach Notification Statute

April 5, 2017 | Blog | By Cynthia Larose, Michael Katz

We are anxiously waiting to learn the fate of the data breach notification statute recently passed by state lawmakers in New Mexico. The bill remains on the desk of the governor who has until the end of the week to sign the legislation into law.
Read more

A New FBI Warning for Healthcare Providers

March 29, 2017 | Blog

The FBI has issued new guidance specifically applicable to medical and dental facilities regarding the cybersecurity risk of File Transfer Protocol (“FTP”) servers operating in “anonymous” mode. FTPs are routinely used to transfer information between network hosts.
Read more

March Fadness: Wearable Tech in the Workplace and Privacy

March 28, 2017 | Blog | By Cynthia Larose, Michael Katz

Wearable technology continues to do a full-court press on the marketplace and in the process, the step counters of the world and health apps tied to devices capable of tracking real-time biostatistics, are revolutionizing the way companies think about wellness.
Read more

EU General Data Protection Regulation Webinar Series

March 22, 2017 | Blog | By Cynthia Larose, Susan Foster

Since September, the Mintz Privacy Webinar Series has focused on the upcoming EU General Data Protection Regulation (GDPR) to help businesses understand the reach and scope of the GDPR and prepare for the potentially game-changing privacy regulation.
Read more

Subscribe

Sign up to receive email updates from Mintz.
Subscribe Now
ccpa-toolkit

California Consumer Privacy Act (CCPA) – Toolkit

Mintz Matrix

The Mintz Matrix

Find data breach notification laws by state

Viewpoint Editors

Explore Other Viewpoints:

I'm Looking For...