Privacy & Cybersecurity

Mintz is presenting a webinar on January 30, 2013 to discuss the impact of the HIPAA Omnibus Rule - the first, sweeping overhaul of the HIPAA privacy and security rules in a decade.

The Department of Health and Human Services, Office for Civil Rights (OCR) has posted on its website sample business associate agreement provisions to help covered entities and business associates comply with the new business associate agreement requirements under the final HIPAA Omnibus Rule.

Something everyone can do for Data Privacy Day:  make it a point to change at least one password and make it "long and strong."

Time for some tips to keep your company (and your employees) safe online --

US marketers who have been paying attention to anti-spam developments north of the border are concerned about proposed new Canadian regulations. If you have not been paying attention, it's probably time that you did. We have a guest post today discussing the progress of those regulations.

The final regulations1 from Department of Health and Human Services Office of Civil Rights (OCR) containing modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules (Omnibus Rule) have finally been released, but the hard work of interpreting them has just begun for covered entities, business associates, and downstream entities of business associates, all of whom are significantly affected by the rule.

As we pore through the 562-page HITECH Omnibus Rule released by the Department of Health and Services late yesterday afternoon.

We posted this alert back in March, and now California Attorney General Kamala Harris has released a recommended set of privacy best practices for app developers and advertising networks entitled "Privacy on the Go: Recommendations for the Mobile Ecosystem."

The European Parliament recently published a report on the European Commission’s draft of a new EU Data Protection Regulation. The report, which includes the European Parliament’s proposal for a revised draft of the Regulation runs to an astounding 215 pages. 

As we continue our "new year, new look" series into important privacy issues for 2013, we boldly predict:
Regulatory Scrutiny of Data Collection and Use Practices of Mobile Apps Will Increase in 2013

The Department of Health and Human Services, Office for Civil Rights (OCR) reached its first settlement for a data breach involving less than 500 individuals. Under the December 2012 settlement, the Hospice of North Idaho (HONI) will pay OCR a $50,000 penalty to resolve allegations that it violated the HIPAA Security Rule. 

Happy New Year! We are beginning this week with a series of top Privacy and Security issues for 2013, as we see them. Let's start with an issue of interest to publicly traded companies, or companies considering going public in 2013 - a reminder that cybersecurity issues are of interest to the Securities and Exchange Commission (SEC) and are a shareholder disclosure issue.  

After years of consideration and feedback the Federal Trade Commission released the final revision to the 14-year old Children’s Online Privacy Protection Act (COPPA) Rule. 

The Center for Digital Democracy (CDD) filed a complaint yesterday asking the Federal Trade Commission (FTC)  to investigate violations of the Children’s Online Privacy Protection Act (COPPA) by Nickelodeon and mobile app-maker PlayFirst.

Delta Airlines, Inc. may have to pay fines equal to 20 “excess bag” fees for each user that has downloaded its “Fly Delta” mobile application. California Attorney General Kamala Harris has filed a complaint against Delta, alleging that Delta has failed to conspicuously post a privacy policy on its mobile application, in violation of California’s Online Privacy Protection Act (“CalOPPA”).

People's United Bank of Maine has agreed to pay about $ 390,000 to settle a claim that its security practices allowed unauthorized persons to withdraw funds from a construction company's account (Patco Construction Co. v. People's United Bank, D. Me., No. 09-503, agreed dismissal filed 11/19/12).

Can your organization answer "yes" to any of the following questions?

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has released guidance on the methods that covered entities and business associates can use to de-identify protected health information (PHI) in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule. 

When is a gallon of gas like an iTunes track? That may sound like a riddle from a Lewis Carroll novel, but it was one of the questions considered by the California Supreme Court during oral arguments in Apple v. Superior Court (Krescent) as Apple, Inc. attempted to persuade the Court that the Song-Beverly Credit Card Act of 1971, which prohibits retails from recording a customer’s personal identification information as a condition of accepting a credit card payment, does not apply to online retailers.

Sometimes the most interesting things that emerge from conferences are whispered across the aisle just after a presentation or debated by attendees off-site over a glass or two of wine.