We are now in the 10-day countdown to the GDPR enforcement date that we’ve been talking about since 2015. If you are a charter member of Procrastinators Anonymous, or just secretly hoped that this would all go away, the sands...more
5/16/2018
/ Breach Notification Rule ,
Cybersecurity ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Vendor Contacts
Answering the centuries’ old question, it appears it is the Federal Trade Commission (“FTC”) that watches the watchmen. The FTC sent warning letters to a pair of foreign app developers cautioning them that their practices of...more
5/9/2018
/ COPPA ,
Corporate Counsel ,
Data Collection ,
Data Protection ,
Federal Trade Commission (FTC) ,
Guidance Update ,
Mobile Apps ,
Online Safety for Children ,
Parental Consent ,
Personally Identifiable Information ,
Smart Devices ,
Website Owner Liability ,
Websites
With the recent enactment of data breach notification laws in South Dakota and Alabama, all 50 US states now have laws regulating data breach notification. We’ve updated the Mintz Matrix (maintained by the Mintz Privacy Team...more
5/1/2018
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Legislation ,
Notice Requirements ,
Personally Identifiable Information ,
State and Local Government ,
State Data Breach Notification Statutes
Letter from the Editors -
As Tolstoy once wrote, “Spring is the time of plans and projects.” Hopefully, the snows of winter are finally behind us, and it’s time to look forward, build, and create! We at Mintz Levin continue...more
“Privacy by design” – while not a new concept – is certainly enjoying a new spot in the sunshine thanks to the European Union’s General Data Protection Regulation (“GDPR”) (50 days and counting…) and its codification of...more
4/5/2018
/ Cybersecurity ,
Data Breach ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Risk Management
Only one U.S. state without a data breach notification law, that is.
South Dakota as become the 49th state to enact a data breach notification law, which take effect on July 1. The South Dakota law follows the pattern...more
Beware of March Madness! Scammers and phishers take advantage of increased web traffic by impersonating popular March Madness websites, including bracket sites and game live streams. Will your employees take the bait?...more
The Securities and Exchange Commission (“SEC”) released expansive interpretive guidance (“2018 Guidance”), posted February 21, 2018, further building upon its far-reaching cybersecurity guidance provided in 2011. Below are...more
3/2/2018
/ Cybersecurity ,
Data Protection ,
Disclosure Requirements ,
Financial Statements ,
Guidance Update ,
Insider Trading ,
Interpretive Opinions ,
Materiality ,
Policies and Procedures ,
Publicly-Traded Companies ,
Regulatory Oversight ,
Risk Management ,
Securities and Exchange Commission (SEC)
We’ve discussed privacy compliance with regulations, legal requirements, etc. in the space since this blog’s inception. “Privacy by design” – while not a new concept – is certainly enjoying a new spot in the sunshine thanks...more
2/21/2018
/ Chief Information Security Officer (CISO) ,
Cybersecurity ,
Data Breach ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Privacy Policy
If your company is one of the broad group of businesses licensed by the New York Department of Financial Services (NY DFS), a very important deadline is bearing down on February 15. Regulated entities have under Thursday to...more
In case you had not heard, the European Union is replacing its current privacy laws with a new, comprehensive General Data Protection Regulation (GDPR), which takes effect May 25, 2018. The essential principles of the EU’s...more
2/13/2018
/ Cybersecurity ,
Data Breach ,
Data Collection ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Health Care Providers ,
International Data Transfers ,
Life Sciences ,
Medical Records ,
Personal Data ,
Personally Identifiable Information ,
Third-Party Service Provider ,
US-EU Safe Harbor Framework
As we near the end of a year that has seen more than its share of massive data breaches, two bills have been introduced (one re-introduced) in the U.S. Senate....more
12/11/2017
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Equifax ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Identity Theft ,
Personally Identifiable Information ,
Popular ,
Proposed Legislation ,
Reporting Requirements ,
Uber
Recently, Uber agreed to a proposed Federal Trade Commission (FTC) consent order (“Consent Order”) to settle charges in an FTC complaint (“Complaint”) regarding behavior stemming back to at least 2014. Acting Chairman Maureen...more
8/25/2017
/ Consent Order ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Federal Trade Commission (FTC) ,
FTC Act ,
Misrepresentation ,
Personally Identifiable Information ,
Popular ,
Uber
If you are a retailer with locations in New Jersey, you will need to review your procedures in anticipation of a new law effective October 1, 2017....more
It seems as though we have been writing about this case for a lifetime. Target Corporation’s data breach saga came one step closer to a conclusion this week. On Tuesday, Target reached an $18.5 million settlement with 47...more
5/26/2017
/ Board of Directors ,
CEOs ,
Civil Monetary Penalty ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Debit and Credit Card Transactions ,
Form 10-K ,
Information Security ,
Personally Identifiable Information ,
Settlement ,
Target Company
Amid the flurry following former FBI Director James Comey’s firing last week, President Trump marked his 111th day in office on Thursday, May 11th by signing an executive order targeting national cybersecurity....more
We’ve been following the latest on the WannaCry ransomware attack that we first told you about over the weekend.
A feared “second strike” did not materialize today, but victimized firms in over 100 countries are still...more
UPDATE: Europol chief Rob Wainwright told the BBC, “Companies need to make sure they have updated their systems and ‘patched where they should’ before staff arrives for work on Monday morning.”
By now, you may have...more
After a quiet winter there has been significant activity in state legislatures to enact, strengthen or clarify their data breach notification statutes. The latest happenings are summarized below and we have updated our “Mintz...more
Recently, a Google researcher discovered a serious flaw with the content delivery network (CDN) provided by CloudFlare. This vulnerability has now become known as Cloudbleed, in a nod to the earlier Heartbleed SSL...more
In an effort to combat the growing prevalence of large-scale corporate cyberattacks, the New York Department of Financial Services (“NYDFS”) is rolling out a revamped cybersecurity regulation for financial services companies...more
The U.S. Federal Trade Commission (“FTC”) has filed a lawsuit against device manufacturer D-link for allegedly deceiving the marketplace about the security of its products and, in turn, unfairly placing customer privacy at...more
Imagine you are the CEO of company sitting across from an interviewer. The interviewer asks you the age old question, “So tell me about your company’s strengths and weaknesses?” You start thinking about your competitive...more
Colorado is the latest state to revisit, and expand upon, its laws pertaining to the use and protection of student data. Colorado Governor John Hickenlooper recently signed into law House Bill 16-1423 (the “Bill”) designed to...more
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently issued a warning regarding vulnerabilities in third-party applications used by entities covered by HIPAA. The OCR warning applies...more