Cynthia Larose

Cynthia Larose

Mintz Levin

Contact  |  View Bio  |  RSS

Latest Publications

Share:

EU-US Privacy Shield to Launch August 1, Replacing Safe Harbor

I. Introduction: Privacy Shield to Go Live August 1 (at Last) - The replacement for Safe Harbor is finally in effect, over nine months after Safe Harbor was struck down by the Court of Justice of the EU in the Schrems...more

7/25/2016 - Consent Data Protection Authority Data Security EU EU-US Privacy Shield European Commission European Court of Justice (ECJ) FTC International Data Transfers Notice Requirements Personal Data Surveillance U.S. Commerce Department US-EU Safe Harbor Framework

Pokémon Go in the Workplace: Oh Look There’s a Pikachu!

Did you know that the world is now inhabited by creatures called Pokémon? (Or maybe they’ve always been there?) Some run across the plains; others fly through the skies; and some live in the mountains….and some, yes, some,...more

7/21/2016 - Data Security Distracted Driving Employee Engagement Employee Handbooks Games Innovation Technology Video Games Workplace Communication Workplace Safety

FinTech Companies Face Big Privacy Challenges in 2016

According to the FBI, “there are only two types of companies: those that have been hacked and those that will be.” It does not take an actual data breach, however, for a company to be liable for its data security practices. ...more

7/20/2016 - CFPB Cybersecurity Data Breach Data Collection Data Privacy Data Security Dwolla FinTech FTC v Wyndham Hackers Personal Data Privacy Laws

Facebook v. Vachani – User Authorization Can Be Revoked By Service Providers

The U.S. Court of Appeals for the Ninth Circuit recently issued a decision that could have far reaching implications for the relationships between companies that provide online services, their customers or users, and third...more

7/20/2016 - Appeals Business Model CAN-SPAM Act Cease and Desist Computer Fraud and Abuse Act (CFAA) Content Aggregators Corporate Executives Facebook Personal Liability Social Networks Startups Terms of Use

EU Adopts Cybersecurity Directive: What US Companies Need to Know

Not all the news coming out of Europe these days is about Brexit. In fact, the forces of unity and harmonization remain a top priority for European regulators hoping to combat digital security threats and create a safer and...more

7/11/2016 - Amazon Cyber Incident Reporting Cyber Threats Cybersecurity Digital Service Providers Digital Single Market eBay EU European Commission Google International Harmonization Member State Multinationals Network and Information Security Directive Operators of Essential Services

Colorado Student Data Privacy Bill – What EdTech software providers need to know

Colorado is the latest state to revisit, and expand upon, its laws pertaining to the use and protection of student data. Colorado Governor John Hickenlooper recently signed into law House Bill 16-1423 (the “Bill”) designed to...more

6/28/2016 - Cybersecurity Data Collection Data Protection Data Security Educational Institutions Personally Identifiable Information Public Schools Software Student Privacy

OCR Warns of HIPAA Risks in Third-Party Apps

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently issued a warning regarding vulnerabilities in third-party applications used by entities covered by HIPAA. The OCR warning applies...more

6/22/2016 - Business Associates Covered Entities Data Protection Data Security Health Information Technologies HIPAA Mobile Health Apps OCR Risk Management Third-Party

“Interim” No More: DHS and DOJ Publish Final CISA Guidance on Cybersecurity Sharing

The Department of Homeland Security (DHS) and the Department of Justice (DOJ) have issued the long-awaited final procedures for both Federal and Non-Federal Entities under the Cybersecurity Information Sharing Act (CISA)...more

6/20/2016 - Cyber Threats Cybersecurity Cybersecurity Information Sharing Act (CISA) DHS DOJ Information Sharing Private Sector

Practice Fusion and FTC Settle Complaint Over Deceptive Statements About the Privacy of Consumer-Generated Online Content

Last week, the Federal Trade Commission (FTC) announced (press release) that Practice Fusion, the largest cloud-based electronic health company in the United States, has agreed to settle FTC charges over deceptive practices...more

6/20/2016 - Cloud Computing Disclosure Requirements EHR FTC Patient Confidentiality Breaches Privacy Policy Public Disclosure of Private Facts Unfair or Deceptive Trade Practices User-Generated Content

Delta Wins CalOPPA Case – But Your Mobile App May Not Fly

In a decision favorable to the airline industry—but not helpful to other companies—the California Court of Appeal said that a privacy enforcement action against Delta is not going to fly. On May 25, 2016, the Court of Appeal...more

6/2/2016 - Airlines Appeals Attorney Generals CalOPPA Delta Airlines Dismissal With Prejudice Enforcement Actions Kamala Harris Mobile Apps Penalties Privacy Policy

Innocents Abroad: Privacy considerations for employees working abroad

Dear Ned, I understand that one of your employees will be engaging a six-month temporary assignment around Europe to scope market opportunities, and you’d like to have a better understanding of what to be thinking about...more

5/18/2016 - Data Protection EEA Employee Privacy Rights Employer Liability Issues International Data Transfers International Labor Laws Privacy Concerns Surveillance Traveling Employee

PCI DSS 3.2: It’s here, what does it mean for you?

The Payment Card Industry Security Standards Council (PCI SSC) has released a new version of its data security standard for the protection of cardholder data, the Payment Card Industry Data Security Standard (PCI DSS). PCI...more

5/9/2016 - Cyber Attacks Cybersecurity Data Security Debit and Credit Card Transactions Fraudulent Charges PCI-DSS Standard SSL

Breach Response Portal Added by Massachusetts Regulator

If you have had to provide data breach notices across any number of states (and who hasn’t….), you would know that they vary widely in how those notices must be provided to state regulators. In some states (for example,...more

4/28/2016 - Breach Notification Rule Data Breach Incident Response Plans Office of Consumer Affairs Portal State Data Breach Notification Statutes

FCC Broadband Privacy and Security Proposed Rulemaking Underway

As we reported last month, the FCC was preparing a proposed rulemaking (NPRM) to establish privacy and data security requirements for broadband internet access service (BIAS) providers. The FCC has now released that proposal...more

4/13/2016 - Customer Proprietary Network Information (CPNI) FCC Net Neutrality NPRM Open Internet Rules

It’s A Wrap! Sony Pictures Data Breach Case Settles Without A Hollywood Ending For The Plaintiff Class

Everyone loves a good courtroom drama. So just imagine this pitch: henchmen of an evil dictator hack their way into a movie studio computer system. Once inside, they steal the most sensitive personal information of the...more

4/11/2016 - Class Action Data Breach Personally Identifiable Information Settlement Agreements Sony

State Data Security Breach Notification Laws - April 2016

The general definition of “personal information” used in the majority of statutes is: An individual’s first name or first initial and last name plus one or more of the following data elements: (i) Social Security number, (ii)...more

4/4/2016 - Breach Notification Rule Corporate Counsel Cybersecurity Data Breach Data Security Personally Identifiable Information Popular Young Lawyers

Pay Attention to Business Associate Agreements!

For our HIPAA-covered entity readers, we have asked these questions before: Have you taken a business associate inventory? Have you undertaken a comprehensive risk assessment as required by HIPAA?...more

3/24/2016 - Business Associates Corrective Actions Covered Entities HIPAA HIPAA Audits HIPAA Breach OCR Risk Assessment Settlement

Beware of the CEO Email Request Phishing Scam: A Different Form of March Madness

Not only is it “March Madness” time, it is also prime tax return filing time. That means that the email scammers are out in full force as well. In the last 10 days, we have seen a marked uptick in what are called...more

3/17/2016 - CEOs Data Breach Email Human Resources Professionals Identity Theft Payroll Records Phishing Scams Popular Tax Scams

Apple vs. FBI: The House Judiciary Committee Hearing and Takeaways

Among the major headlines dominating not only the recent news cycle, but also this week’s RSA Conference in San Francisco, has been Apple’s challenge to the federal government’s request that Apple assist in unlocking the...more

3/3/2016 - All Writs Act Apple CALEA Corporate Counsel Criminal Investigations Encryption FBI iPhone Personal Data Right to Privacy Search Warrant Young Lawyers

CISA Guidelines: Privacy and Civil Liberties Interim Guidelines for Federal Agencies

Last week, we discussed the Federal government’s first steps toward implementing the Cybersecurity Information Sharing Act (CISA). Among the guidance documents released by the Department of Homeland Security and the...more

3/2/2016 - Cybersecurity Cybersecurity Information Sharing Act (CISA) Fair Information Practice Principles (FIPPs) Information Sharing Transparency

California by the Numbers (Part 1): 24 Million Compromised in 2015

California Attorney General Kamala Harris has released a report of the data breaches that have been reported to her office from 2012 until 2015. Although the California data breach notification law took effect in 2003,...more

2/27/2016 - Attorney Generals Cybersecurity Data Breach Data Protection Hackers Kamala Harris Malware Social Security Numbers

California by the Numbers (Part 2): How to Stay out of the 2017 Report

Receently, we reviewed the staggering numbers in California Attorney General Kamala Harris’ 2016 Data Breach Report. In addition to providing a comprehensive analysis of four years of data breaches, the report provides...more

2/26/2016 - Annual Reports Attorney Generals Cybersecurity Data Breach Data Protection Kamala Harris

Ransomware Strikes California Hospital – Could You Be Next?

In a chain of events that should be a wake-up call to any entity using and storing critical health information (and indeed, ANY kind of critical information), Hollywood Presbyterian Medical Center (“HPMC”) has announced that...more

2/23/2016 - Electronic Medical Records FBI Hackers HIPAA Hospitals Popular Ransomware

Cyber Threat Information Sharing Guidelines Released by DHS

This week, the Federal government took the first steps toward implementation of the The Cybersecurity Information Sharing Act (CISA), enacted into law last December. CISA aims to encourage sharing of cyber threat indicators...more

2/18/2016 - Cyber Threats Cybersecurity Information Sharing Act (CISA) DHS DOJ Federal Register Government Agencies New Guidance Personally Identifiable Information Private Sector

188 Results
|
View per page
Page: of 8

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×