Friday, October 22, 2010

We've moved! Note our URL change!

After a "summer hiatus," we have relaunched the Privacy and Security MATTERS Blog on a new platform. Note our new blog address an...
Friday, August 6, 2010

Patient privacy group welcomes HHS withdrawal of HITECH Act breach notification rule

The Patient Privacy Rights Foundation welcomed last week’s announcement by the Department of Health and Human Services (HHS) that it was wit...
Friday, July 30, 2010

Online Behavioral Advertising: The European Union Controversy

On June 24, 2010, the European Union's body that addresses data protection issues, the so-called Article 29 Working Party, adopted Opini...

HHS Withdraws Breach Notification Final Rule (but breach notification still effective)

Interesting press release from the Department of Health and Human Services (HHS) relating to the HITECH Breach Notification Final Rule. Th...
Wednesday, July 28, 2010

Improper Disposal Costs Rite Aid $1 Million

Written by Dianne Bourque Rite Aid has agreed to pay $1 million to settle allegations that it violated HIPAA by disposing of labeled pill b...
Tuesday, July 13, 2010

Analysis of Proposed HHS Regulations Implementing HITECH Act

As promised last week in an earlier post , here is our first Mintz Levin client advisory analyzing the 234 pages of regulations issued on T...

Australian Privacy Commissioner Concludes Google Breached Privacy Act

Written by Jillian Collins Australian Privacy Commissioner Karen Curtis has concluded her investigation into Google's collection of uns...
Monday, July 12, 2010

No Harm, No Foul; Ninth Circuit Affirms Dismissal of Data Breach Case Against The Gap

Written by Kevin McGinty It’s a distressingly common scenario. A corporate laptop containing job applicant data, including social security n...
Thursday, July 8, 2010

REMINDER - HITECH/201 CMR 17.00 Compliance Workshop

Just a reminder of the FREE upcoming data security compliance workshop - Space is limited, so register today at http://tinyurl.com/35pk3yr !...

First Ever State-initiated HIPAA Enforcement Action Settled

Written by Dianne Bourque Connecticut Attorney General Richard Blumenthal has settled the first state-initiated HIPAA enforcement action. Th...

HHS (Finally!) Issues Proposed HIPAA Privacy & Security Rule Changes

The long-awaited proposed changes to the HIPAA Privacy Rules have finally been released by the Department of Health and Human Services (HHS)...
Thursday, July 1, 2010

Data Breaches du Jour

Information regarding the latest reports of data breaches -- common thread: it is taking a startingly long time for entities to (a) discover...
Tuesday, June 29, 2010

Latest Postponements and Exemptions of FTC Enforcement of ‘Red Flags’ Rule

Written by Kenneth Gantz At the urging of congressional lawmakers, the Federal Trade Commission has for the fifth time delayed enforcement o...
Monday, June 28, 2010

Major Data Breach at California Health Insurer

Written by Kenneth Gantz Anthem Blue Cross is notifying approximately 230,000 members and applicants for individual health insurance of a br...
Friday, June 25, 2010

July 13 Data Security Workshop - FREE

On July 13, Mintz Levin will be joined by Sophos, Six Weight Consulting, and MFA Cornerstone Consulting to hold a free compliance workshop...
Thursday, June 24, 2010

Twitter Settles With FTC

Twitter has reached a settlement with the Federal Trade Commission (FTC) over charges that it “deceived consumers and put their privacy at r...
Tuesday, June 22, 2010

FTC Highlights Need for Privacy and Security in Internet Commerce

Written by Jillian Collins The Federal Trade Commission has weighed in as part of the Department of Commerce's public comment process on...

The Google Payload Data Fallout Continues

Written by Jillian Collins Connecticut Attorney General Richard Blumenthal says he will lead a multistate investigation into Google Street V...

More on Supreme Court Ruling in Quon

And as promised in our last post, here is the latest Client Advisory on the Supreme Court's ruling in the Quon case.
Thursday, June 17, 2010

Breaking News: Supreme Court Issues Decision in Employee Privacy Case

Written by Martha Zackin As we’ve blogged in this space,, back in December, the Supreme Court agreed to hear City of Onatario v. Quon , a c...
Wednesday, May 26, 2010

Congressmen Question Google on Wi-Fi

Today, Congressmen Joe Barton (R-TX), Edward Markey (D-MA), and Henry Waxman (D-CA)wrote to Google Chairman and CEO Eric Schmidt seeking an...
Monday, May 24, 2010

Red Flags Rule Compliance Date Approaching - American Medical Association Sues

It’s been a while since we have visited the Federal Trade Commission’s Red Flags Rule here in this blog. The oft-postponed deadline is no...
Thursday, May 13, 2010

Facebook Holding Privacy Summit

As a follow-on to yesterday's posts regarding the public face of the Facebook privacy brouhaha, at this hour Facebook is holding an “all...
Wednesday, May 12, 2010

The back-and-forth on Facebook's privacy travails

Whether the terse discussions in the public arena over Facebook’s privacy “changes” demonstrate that the world’s largest social network is p...

Two privacy issues from North of the Border

Ann Cavoukian, Ontario’s information and privacy commissioner, has issued her 2009 Annual Report , entitled “Access & Privacy, A Time fo...
Thursday, May 6, 2010

Privacy Events Calendar

Symposium on Privacy and Innovation Tomorrow , the Commerce Department is hosting a day-long symposium called “A Dialogue on Privacy and Inn...
Monday, May 3, 2010

Welcome to the Privacy Revolution

This is "Choose Privacy Week" – an initiative by the American Library Association to raise awareness about sharing information on...
Sunday, May 2, 2010

OT -- Emergency Response 2.0 : Solutions to Respond to Oil Spill in the Gulf of Mexico

Off the privacy topic, but certainly an issue of national security. Mintz Levin client, InnoCentive, is crowdsourcing a solution to respon...
Friday, April 30, 2010

Privacy and Security Bits and Bytes

On this last day of April, there are a couple of breaches and another clarion warning about copy machines -- We have blogged on this issue h...
Thursday, April 29, 2010

Connecticut Woman Files First Suit Under Federal Law Prohibiting Genetic Discrimination

Written by Jennifer Rubin A Connecticut woman has filed a charge of discrimination under the Federal Genetic Information Nondiscrimination A...
Monday, April 26, 2010

Proposed HITECH Regulations Out in May?

Buried in a part of today's Federal Register was the publication of the Department of Health and Human Services' regulatory agenda....
Thursday, April 15, 2010

Brokerage firm victim of elaborate extortion scheme - but also gets hit with a fine

Brokerage firm DA Davidson has agreed to pay a fine of $375,000 for failing to protect confidential client data from Latvian hackers who br...

Federal Regulators Release Model Consumer Privacy Notice Online Form Builder

Last year, the eight federal regulators that regulate the financial services industry issued a "simplified" model privacy notice t...
Friday, April 9, 2010

Privacy and Security Bits and Bytes

Our Friday afternoon feature -- Virginia Adds Medical Information Breach Law - The Commonwealth of Virginia has amended its data breach not...
Thursday, April 8, 2010

Mississippi Becomes 46th State to Enact Data Breach Notification Law

It appears that Governor Haley Barbour has signed legislation sent to his desk by the Legislature on April 1, making Mississippi the 46th st...
Tuesday, April 6, 2010

More on last week's NJ Supreme Court decision -

The decision we blogged about in this space last week is creating quite a bit of buzz in both privacy and employment law circles. My employ...
Wednesday, March 31, 2010

BREAKING NEWS: NJ Court Upholds Employee E-mail Privacy

In a precedent-setting decision, the New Jersey Supreme Court today ruled that a company should not have read e-mails a former employee sent...
Tuesday, March 30, 2010

Government "Outs" Mystery Retailers in Gonzalez Hack Case

Interesting post in today’s Wired: Threat Level blog about a motion in the Alberto Gonzalez hacking case that was unsealed on Monday. We n...
Monday, March 29, 2010

More detail on Dave & Buster's FTC Settlement

As we blogged here last week, we were going to post our Client Alert with further details about the settlement and consent order reached by...

French Senate Passes Breach Notice Bill

The French Senate has overwhelmingly approved a major draft bill updating the country's 1978 data protection act to, among other things,...
Friday, March 26, 2010

Privacy and Security Bits and Bytes

Some news items for the last Friday in March - Another state has joined the Payment Card Industry Data Security Standard (" PCI ")...

HHS Announces Delay in Enforcement of HITECH Rules as Applied to Business Associates

As we have discussed before , HHS’s Office of Civil Rights has let it be known that a proposed rule implementing the HITECH Act’s privacy an...

Restaurant Chain Settles FTC Data Breach Charges

Yesterday, the Federal Trade Commission (“FTC”) weighed in with another proposed settlement agreement requiring that the Dave & Buster...
Thursday, March 25, 2010

TJX hacker sentenced to 20 years

A computer hacker has been sentenced to 20 years in prison for helping engineer one of the largest thefts of credit and debit card numbers i...
Wednesday, March 24, 2010

Senate Commerce Committee Approves Rockefeller-Snowe Cybersecurity Act

We will post a link to the amended legislation as soon as it is released by the Committee. The Senate Commerce Committee press release -- WA...

Boston ranks 2nd in U.S. cyber-crime study

A new study has Boston ranked No. 2 among U.S. cities as a "hotspot" of cybercrime. In a study published yesterday by California d...

Quick Compliance Survey

No, we're not "taking names" here. This is just a 10-question survey to gauge some basic compliance metrics. Please partic...
Tuesday, March 23, 2010

International Cybercrime Reporting and Cooperation Act introduced this afternoon

Senators Gillibrand and Hatch this afternoon introduced their cybersecurity bill, the International Cybercrime Reporting and Cooperation Ac...

Massachusetts Data Security Compliance Workshop

In case your data security compliance plan is stuck in neutral, you have questions, or you haven't started yet...there will be a free (!...
Monday, March 15, 2010

Maine Legislative Committee Votes to Repeal Marketing Law Aimed at Minors

We have blogged about the on-again, off-again, then on-again (but revised) Maine "Act to Prevent Predatory Marketing Practices Against ...
Thursday, March 11, 2010

Privacy and Security Bits and Bytes

Our Friday afternoon feature is back (albeit on Thursday due to schedule tomorrow) – a quick round-up of bits and bytes related to data pri...

Big Fines Coming in UK for Data Breaches

By Susan Foster, Mintz Levin London As of April 6, 2010, the UK’s Information Commissioner’s Office (ICO) can levy fines of up to £500,000 f...
Wednesday, March 10, 2010

Another Potential Privacy Pitfall on Facebook

Rumors are flying that Facebook will unveil a new geolocation sharing device next month. According to a post in Bits Blog in the New York ...
Tuesday, March 9, 2010

Breaking News - ID Theft Company to Pay $12 Million for Deceptive Advertising

“[E]nough holes that you could drive a truck through it…..” That’s how Federal Trade Commission Chairman Jon Leibowitz described the identit...
Thursday, March 4, 2010

Major "goof" at Citibank

For all of you who have been struggling with data security compliance obligations from various fronts, and trying to handle complex technica...
Tuesday, March 2, 2010

Hotel Chain Hacked Again....

Wyndham Hotels and Resorts has apparently notified the U.S. Secret Service and several state attorneys that hackers stole customer names and...
Monday, March 1, 2010

Today is the day......

After implementation delays and rule changes, new data protection regulations that are widely considered the most stringent in the nation ta...
Friday, February 26, 2010

Top 3 questions relating to compliance with 201 CMR 17.00

At the beginning of the "countdown" to the March 1st effective date of 201 CMR 17.00, we offered some posts with "misapprehen...

And, it's Friday, February 26th......

And that means today is the last business day before the new Massachusetts data security regulations go live-- as Jim Cramer would say, ...
Thursday, February 25, 2010

“Stunning”/ “Shear Madness” – Reaction to Google Convictions

The reactions are coming in fast and furious to yesterday’s conviction of three Google executives in an Italian court. Linked here are just...
Wednesday, February 24, 2010

BREAKING NEWS: Google Executives Convicted on Privacy Charges in Italy

In the first case of its kind, an Italian judge today convicted three Google executives on privacy violations in Milan court. Global Privacy...
Monday, February 22, 2010

Today's compliance deadline - Enforcement of the HITECH/HIPAA data breach notification rule

February and March are just full of significant deadlines for privacy/security reporting and compliance. Today is the day that the Health ...