Privacy & Cybersecurity

2013 was a busy year for California. We passed a budget with a surplus, let Kim and Kanye get engaged in one of our stadiums and panicked over possibly losing Sriracha sauce. At the same time, we also passed a number of significant pieces of legislation related to data privacy, the effects of which will be felt throughout the year.

The year 2013 started with a bang for HIPAA-regulated entities, with the passage of the long-awaited HIPAA Omnibus Rule, implementing privacy, security, breach notification, enforcement and other provisions of the HITECH Act. Omnibus Rule momentum carried through much of the year with an industry-wide push to comply with the September 23, 2013 compliance date for significant provisions of the Omnibus Rule.

Haul out the holly, fill up the stockings, even though it's just one week past Thanksgiving day.....
Rather than look back at 2013, next week the Privacy & Security blog will count down The 12 Days of Privacy, looking ahead to what we might expect in 2014.

If you haven't been paying attention to "password hygiene" preached by this blog and others, perhaps it's time. Jose Pagliery from CNNMoney reports of a large-scale hack that has compromised over 2 million passwords at Facebook, Gmail, Twitter, Yahoo and others.

This past weekend if you survived the towel aisle and other Black Friday dangers and made it to the register to purchase your items, it is possible you were asked to provide an email address so that your receipt could be emailed to you.

(LONDON) The European Commission, which has the authority to make changes to the US Safe Harbor program, has published a paper titled “Rebuilding Trust in EU-US Data Flows” that sets out the changes that the Commission would like to see the US adopt. 

Earlier this month, Google, Inc. (“Google” or “Company”) entered into an  agreement with the Attorney Generals of 37 states and the District of Columbia, settling allegations of violation of  the participating states’ consumer protection or applicable computer abuse statutes (the “Settlement Agreement”).

We don't do this very often, but this is an excellent opportunity for a lawyer with privacy experience at a long-time Mintz client.

The month of November is quickly slipping by - this is the time to be looking at the 2014 cybersecurity and data privacy goals and updates and planning ahead.

Walking around a department store isn’t the only time you’re being tracked while you shop. If you’ve ever visited a web page and seen an advertisement for the exact same pair of shoes you were looking at on a different web page the day before, then you know that something similar is happening while you surf the web. 

If you’ve ever dealt with that pushy salesperson at Bed, Bath & Beyond who won’t take your word for it that you’re just browsing and not ready to commit to a high-end home espresso machine, you know that being followed around at a retail store can be unsettling and intrusive.

We have published prior advisories concerning the development by the National Institute of Standards and Technology of a cybersecurity “Framework” intended to be adopted by owners of critical infrastructure to enhance the security of their information systems.

As health care providers continue to try to navigate the world of social media, the Rhode Island Board of Medical Licensure and Discipline (the “Board”) has issued policy guidelines (the “Guidelines”) to address the use of social media by the state’s physicians.

The FTC has announced (press release) that, as a result of the recent shut down of the agency, the Commission has voted unanimously to extend the public comment periods for two recent proposals under the COPPA Rule.

The Los Angeles Times (the “Times”) reported this week the theft of two laptops from an administrative office of hospital group AHMC Healthcare Inc. (“AHMC”) in Alhambra, California that compromised the health data of approximately 729,000 individuals.

Last fall the Federal Trade Commission brought cases against a software developer and rent-to-own stores that secretly monitored people in their homes.

Privacy tidbits and bytes for this Monday --
App Developers - Put this on your calendar!

(LONDON) Various data protection power players have called for the suspension or curtailment of the US Safe Harbor program ever since the Snowden revelations that the US NSA has required large internet service providers such as Google to provide vast amounts of personal data transmitted by individuals in Europe (and elsewhere).

The comic book industry is no stranger to displays of heroic anger and berserker rage, but over the weekend New York Comic Con (NYCC) was on the receiving end of considerable fan fury after it began ghostwriting effusive tweets about NYCC and posting on the Twitter pages of NYCC attendees in a way that made it appear as though the attendee was the author of the tweet.

The federal government may be completely unable to pass laws but that certainly isn’t the case with the State of California, which has just completed a data privacy hat trick by passing three significant laws addressing a broad subset of data privacy issues.