Skip to main content

Privacy & Cybersecurity

Viewpoints

Filter by:

Mintz Levin's Immigration Law Blog is running a series titled "Innocents Abroad" addressing issues in an increasingly globalized economy where employers assign employees all over the globe.
In its just-issued decision in Spokeo, Inc. v. Robins, No. 13-1339, slip op. (May 16, 2016), the Supreme Court has held that a plaintiff bringing suit under a federal statute must allege the existence of a concrete injury in order to have Article III standing to bring that statutory claim.
The Payment Card Industry Security Standards Council (PCI SSC) has released a new version of its data security standard for the protection of cardholder data, the Payment Card Industry Data Security Standard (PCI DSS).
We now have a precise date for the European Union's General Data Protection Regulation to go into effect: May 25, 2018.  
If you have had to provide data breach notices across any number of states (and who hasn't....), you would know that they vary widely in how those notices must be provided to state regulators. 
At long last, the Department of Health and Human Services Office for Civil Rights (OCR) has released a revamped audit protocol that now addresses the requirements of the 2013 Omnibus Final Rule. OCR will be using the audit protocol for its impending Phase 2 audits of covered entities and business associates, which are set to begin next month.
The Article 29 Working Party has released opinions on Privacy Shield and "essential guarantees" under EU law relating to surveillance.
As we reported last month, the FCC was preparing a proposed rulemaking (NPRM) to establish privacy and data security requirements for broadband internet access service (BIAS) providers. The FCC has now released that proposal with comments and reply comments due May 27th and June 27th respectively.
Earlier today, the Article 29 Working Party (“WP29”) held a press conference to give a preview of its assessment of the proposed EU-US Privacy Shield arrangements that were slated to replace the struck-down Safe Harbor program and bring much-needed certainty to companies that transfer personal data from the EU to the US.
Everyone loves a good courtroom drama. So just imagine this pitch: henchmen of an evil dictator hack their way into a movie studio computer system. Once inside, they steal the most sensitive personal information of the studio’s stars, executives and employees.
In 2004, Mintz Levin created a compendium of state data breach notification laws and has been updating it on a regular basis ever since.
The HHS Office for Civil Rights (“OCR”) officially launched  the long-awaited (and dreaded) Phase 2 of the HIPAA Audits Program on March 21st. Covered Entities and Business Associates need to be prepared for these audits and be on the lookout for emails (check your spam filter!) from OCR that will begin the audit process.
For our HIPAA-covered entity readers, we have asked these questions before: Have you taken a business associate inventory? Have you undertaken a comprehensive risk assessment as required by HIPAA?
As we wrote previously, the federal government released several guidance documents last month implementing The Cybersecurity Information Sharing Act (CISA). Among these was the Guidance to Assist Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures with Federal Entities under CISA published by the Department of Homeland Security and Department of Justice. 
21st Century Oncology Holdings, a company that operates a chain of 181 cancer treatment centers in the US and Latin America, announced on Friday March 4 that it was latest victim of a cyber-attack affecting 2.2 million individuals.
Last week, a federal court in Atlanta issued an order preliminarily approving a proposed settlement – valued up to $19.5 million – of the consumer claims arising from the 2014 theft of payment card data from Home Depot. The cash and noncash terms of the proposed settlement are unexceptional.
FCC Chairman Tom Wheeler has announced that a proposed rulemaking is being circulated among the Commissioners that would establish privacy and data security requirements applicable to providers of broadband Internet access service (BIAS). 
Verizon Wireless has reached a settlement with the Federal Communications Commission over Verizon’s insertion of unique identifier headers (“UIDH”), also known as “supercookies,” to track customers’ mobile Internet traffic without their knowledge or consent. 
Among the major headlines dominating not only the recent news cycle, but also this week's RSA Conference in San Francisco, has been Apple’s challenge to the federal government’s request that Apple assist in unlocking the iPhone recovered from the perpetrators of the shootings in San Bernardino. 
Last week, we discussed the Federal government’s first steps toward implementing the Cybersecurity Information Sharing Act (CISA). Among the guidance documents released by the Department of Homeland Security and the Department of Justice were the Privacy and Civil Liberties Interim Guidelines.
Sign up to receive email updates from Mintz.
Subscribe Now

Explore Other Viewpoints: