Privacy & Cybersecurity

Viewpoints

Filter by:

States Take Action! New Mexico, Tennessee and Virginia Pass New Data Breach Legislation

April 18, 2017 | Blog | By Michael Katz, Cynthia Larose

After a quiet winter there has been significant activity in state legislatures to enact, strengthen or clarify their data breach notification statutes. The latest happenings are summarized below and we have updated our “Mintz Matrix” to reflect these new and pending laws. 
Read more

Gone Phishin': Hack Leads to HIPAA Settlement

April 14, 2017 | Blog

While your business may indeed be a "victim" when hit by a phishing attack, your enterprise can also be responsible for violations of law associated with the incident. Earlier this week, the HHS Office for Civil Rights (“OCR”) announced a $400,000 settlement with Metro Community Provider Network (“MCPN”) related to a 2012 HIPAA breach caused by a phishing scam.
Read more

HIPAA Enforcement Issues Straight from the Regulator

April 6, 2017 | Blog

At last week's Health Care Compliance Association's annual “Compliance Institute," Iliana Peters, HHS Office for Civil Rights’ Senior Advisor for HIPAA Compliance and Enforcement, provided a thorough update of HIPAA enforcement trends as well as a road map to OCR’s current and future endeavors.
Read more

Better Late Than Never: New Mexico on the Cusp of Enacting Data Breach Notification Statute

April 5, 2017 | Blog | By Cynthia Larose, Michael Katz

We are anxiously waiting to learn the fate of the data breach notification statute recently passed by state lawmakers in New Mexico. The bill remains on the desk of the governor who has until the end of the week to sign the legislation into law.
Read more

A New FBI Warning for Healthcare Providers

March 29, 2017 | Blog

The FBI has issued new guidance specifically applicable to medical and dental facilities regarding the cybersecurity risk of File Transfer Protocol (“FTP”) servers operating in “anonymous” mode. FTPs are routinely used to transfer information between network hosts.
Read more

March Fadness: Wearable Tech in the Workplace and Privacy

March 28, 2017 | Blog | By Cynthia Larose, Michael Katz

Wearable technology continues to do a full-court press on the marketplace and in the process, the step counters of the world and health apps tied to devices capable of tracking real-time biostatistics, are revolutionizing the way companies think about wellness.
Read more

EU General Data Protection Regulation Webinar Series

March 22, 2017 | Blog | By Cynthia Larose

Since September, the Mintz Privacy Webinar Series has focused on the upcoming EU General Data Protection Regulation (GDPR) to help businesses understand the reach and scope of the GDPR and prepare for the potentially game-changing privacy regulation.
Read more

More Broken Privacy Promises from Upromise: Key Takeaways From Upromise’s Latest Settlement with the FTC

March 20, 2017 | Blog | By Wynter Deagle, Cynthia Larose

“Don’t make promises that you don’t intend to keep” is an admonishment received by every child and delivered by every parent. This pithy maxim is equally applicable to consent orders entered into with regulatory authorities. Indeed, Upromise’s failure to abide by it is costing the company $500,000 in the form of a civil penalty from the Federal Trade Commission (FTC).
Read more

Avoiding Employee Data Breaches Has Nothing to Do With Luck .....

March 17, 2017 | Blog | By Cynthia Larose

We are well into March Madness … and Happy St. Patrick’s Day!
You may have already had your bracket busted by now…..but you should have Mintz Levin’s Third Annual Employment Law Summit on your schedule and the panel on Cybersecurity and Employee Data Breaches may help you avoid a security incident/personal data buster.
Read more

Cloudbleed: Three Risk Management Lessons Learned 

March 13, 2017 | Blog | By Cynthia Larose

Recently, a Google researcher discovered a serious flaw with the content delivery network (CDN) provided by CloudFlare. This vulnerability has now become known as Cloudbleed, in a nod to the earlier Heartbleed SSL vulnerability. 
Read more

Does Class Settlement Of Bank Claims In Home Depot Data Breach Litigation Pass The “Superiority” Test?

March 10, 2017 | Blog | By Kevin McGinty

Counsel for a class of card-issuing banks filed a settlement agreement on March 8 proposing a class settlement to resolve claims arising from the 2014 theft of payment card data from Home Depot point-of-sale terminals.
Read more

It’s Not Too Early! ICO Guidance Regarding Consent Under GDPR

March 7, 2017 | Blog | By Michael Katz

The European Union’s General Data Protection Regulation (the “GDPR”) goes into effect in a little over fourteen months and from a quick glance at our bullet points analysis you can see there is a lot to consider. 
Read more

A Deep Dive into Privacy/Security Disclosures in Snap's S-1

March 6, 2017 | Blog | By Julia Siripurapu, Joanne Dynak, Cynthia Larose

Last week, Snap Inc. (“Snap” or the “Company”) – the parent company of the wildly popular app Snapchat (“Snapchat” or the “App”) – became a publicly traded company on the New York Stock Exchange in the biggest tech IPO since Alibaba in 2014. 
Read more

It's March 1: The Cybersecurity Goal Post Has Been Moved

March 1, 2017 | Blog | By Cynthia Larose, Joanne Dynak, Michael Katz

In an effort to combat the growing prevalence of large-scale corporate cyberattacks, the New York Department of Financial Services (“NYDFS”) is rolling out a revamped cybersecurity regulation for financial services companies to take effect TODAY (March 1, 2017).
Read more

Data Breaches Will Cost Yahoo and Verizon Long After Sale

February 27, 2017 | Blog | By Cynthia Larose

Five Things You (and Your M&A Diligence Team) Should Know
Recently it was announced that Verizon would pay $350 million less than it had been prepared to pay previously for Yahoo as a result of data breaches that affected over 1.5 billion users, pending Yahoo shareholder approval. Verizon Chief Executive Lowell McAdam led the negotiations for the price reduction.
Read more

Failure of Audit Controls Can Cost $$$

February 22, 2017 | Blog

Last week, the HHS Office for Civil Rights (OCR) disclosed a $5.5 million settlement with Memorial Healthcare Systems (MHS) for HIPAA violations affecting the protected health information (PHI) of 115,143 individuals.
Read more

The February 2017 Update – The Mintz Matrix

February 16, 2017 | Blog | By Cynthia Larose

As our readers know we maintain a summary of U.S. state data breach notification laws, which we refer to as the “Mintz Matrix.”
Read more

WEBINAR – Access, Correction, Erasure and Portability under the GDPR: How to Minimize the Burden

February 14, 2017 | Blog

Since September, the Mintz Levin Privacy Webinar Series has focused on the upcoming EU General Data Protection Regulation (GDPR) to help businesses understand the reach and scope of the GDPR and prepare for the potentially game-changing privacy regulation.
Read more

Who is Watching you Watch TV? If You Have VIZIO ... Your TV Might Be Watching You

February 13, 2017 | Blog | By Cynthia Larose, Joanne Dynak

What does your TV-watching history say about you? According to a recent lawsuit against VIZIO, Inc., it might be more than you think! One of the world’s largest sellers of “smart” televisions has recently paid a $2.2 million settlement following charges by the Federal Trade Commission and the Office of the New Jersey Attorney General that it was unlawfully tracking and selling 11 million consumers’ viewing data.
Read more

Ruling Vacating Target Consumer Class Settlement Highlights The Problem Of Standing In Data Breach Cases

February 9, 2017 | Blog | By Kevin McGinty

When hackers steal consumer data, injury to consumers is not a foregone conclusion. This is particularly so where credit and debit card numbers are stolen. Banks, not consumers, bear the cost of fraudulent charges.
Read more

Subscribe

Sign up to receive email updates from Mintz.
Subscribe Now
what-were-reading

What We're Reading

ccpa-toolkit

California Consumer Privacy Act (CCPA) – Toolkit

Mintz Matrix

The Mintz Matrix

Find data breach notification laws by state

Viewpoint Editors

Explore Other Viewpoints:

I'm Looking For...