Cynthia Larose

Cynthia Larose

Mintz Levin

Contact  |  View Bio  |  RSS

Latest Publications


Attorney General Kamala D. Harris Provides New Online Tool to Report California Online Privacy Protection Act (CalOPPA) Violations

It’s time for a compliance check on those website or mobile app privacy policies, before the California Attorney General comes knocking. Attorney General Kamala D. Harris has announced the release of a new tool for...more

10/20/2016 - Attorney Generals CalOPPA Kamala Harris Mobile Apps Online Privacy Protection Act Penalties Policy Violations Privacy Policy Websites

Three Steps to the Right Cloud for Your Business

The term “cloud computing,” — a process by which remote computers are used to store, manage and process data — is no longer an unfamiliar term. According to at least one estimate, “approximately 90 percent of businesses...more

10/4/2016 - Cloud Computing Cloud Storage Data Privacy Data Security Personal Data

TechConnect - Your Law Firm Link to Industry News - September 2016

Letter from the Editors - Dear Readers, The world of raising capital for emerging companies has experienced a revolution. Prior to the enactment of the JOBS Act in 2012, raising capital for private companies was...more

9/29/2016 - Capital Raising Crowdfunding Crowdsourcing Data Breach Data Security Dwolla E-2 Entrepreneurs FinTech Good Faith H-1B Innovation IPO JOBS Act Parole Privacy Laws Private Placements Public Offerings Rule 506 Visas

New York Proposes First-Ever Cybersecurity Regulation for Financial Institutions

The New York Department of Financial Services recently announced a new proposed rule, which would require financial institutions and insurers to implement strong policies for responding to cyberattacks and data breaches. ...more

9/19/2016 - Cyber Attacks Cybersecurity Data Breach Financial Institutions Financial Sector

Summer Round-Up: Four States Bolster Data Breach Notification Laws and More Changes on the Way

As has become typical in the data security space, there was quite a bit of activity in state legislatures over the previous year concerning data breach notification statutes. Lawmakers are keenly aware of the high profile...more

9/6/2016 - Attorney Generals Breach Notification Rule Data Breach Data Security Encryption Personally Identifiable Information Safe Harbors Security Breach State Data Breach Notification Statutes State Legislatures

Eddie Bauer Latest Victim of POS Malware Attack

Last week the clothing retailer Eddie Bauer LLC issued a press release to announce that its point of sale (“POS”) system at retail stores was compromised by malware for more than six months earlier this year. The...more

8/23/2016 - Cybersecurity Data Breach Malware Point of Sale Terminals Retail Sales State Data Breach Notification Statutes

To Protect Data: Keep Your Network Access Close, and Your Vendors Closer

Two recent data breach incidents in the healthcare industry prove what readers of this blog have heard all too often: KNOW THY VENDORS....more

8/9/2016 - Cyber Attacks Data Breach HIPAA Hospitals Point of Sale Terminals Third-Party Risk Vendors

“Privacy Shield” Open For Business – Fees?

The certification forms for the new US-EU Privacy Shield Framework are now available online. What is not easily discernible in the workflow is the fee structure. One needs to refer back to the Federal Register’s...more

8/2/2016 - EU EU-US Privacy Shield Federal Register Fees International Data Transfers

FTC Plants A Flag With LabMD Ruling: What This Means for Enforcement

On Friday, the heads of the Federal Trade Commission overruled the decision of the Administrative Law Judge (“ALJ”) in In the Matter of LabMd., Inc. The FTC concluded that the ALJ had erred in dismissing the Commission’s case...more

8/1/2016 - Actual Injuries ALJ Corporate Counsel Data Security Enforcement Actions FTC FTC Act LabMD Risk Assessment Section 5 Unfair or Deceptive Trade Practices

EU-US Privacy Shield to Launch August 1, Replacing Safe Harbor

I. Introduction: Privacy Shield to Go Live August 1 (at Last) - The replacement for Safe Harbor is finally in effect, over nine months after Safe Harbor was struck down by the Court of Justice of the EU in the Schrems...more

7/25/2016 - Consent Data Protection Authority Data Security EU EU-US Privacy Shield European Commission European Court of Justice (ECJ) FTC International Data Transfers Notice Requirements Personal Data Surveillance U.S. Commerce Department US-EU Safe Harbor Framework

Pokémon Go in the Workplace: Oh Look There’s a Pikachu!

Did you know that the world is now inhabited by creatures called Pokémon? (Or maybe they’ve always been there?) Some run across the plains; others fly through the skies; and some live in the mountains….and some, yes, some,...more

7/21/2016 - Data Security Distracted Driving Employee Engagement Employee Handbooks Games Innovation Technology Video Games Workplace Communication Workplace Safety

FinTech Companies Face Big Privacy Challenges in 2016

According to the FBI, “there are only two types of companies: those that have been hacked and those that will be.” It does not take an actual data breach, however, for a company to be liable for its data security practices. ...more

7/20/2016 - CFPB Cybersecurity Data Breach Data Collection Data Privacy Data Security Dwolla FinTech FTC v Wyndham Hackers Personal Data Privacy Laws

Facebook v. Vachani – User Authorization Can Be Revoked By Service Providers

The U.S. Court of Appeals for the Ninth Circuit recently issued a decision that could have far reaching implications for the relationships between companies that provide online services, their customers or users, and third...more

7/20/2016 - Appeals Business Model CAN-SPAM Act Cease and Desist Computer Fraud and Abuse Act (CFAA) Content Aggregators Corporate Executives Facebook Personal Liability Social Networks Startups Terms of Use

EU Adopts Cybersecurity Directive: What US Companies Need to Know

Not all the news coming out of Europe these days is about Brexit. In fact, the forces of unity and harmonization remain a top priority for European regulators hoping to combat digital security threats and create a safer and...more

7/11/2016 - Amazon Cyber Incident Reporting Cyber Threats Cybersecurity Digital Service Providers Digital Single Market eBay EU European Commission Google International Harmonization Member State Multinationals Network and Information Security Directive Operators of Essential Services

Colorado Student Data Privacy Bill – What EdTech software providers need to know

Colorado is the latest state to revisit, and expand upon, its laws pertaining to the use and protection of student data. Colorado Governor John Hickenlooper recently signed into law House Bill 16-1423 (the “Bill”) designed to...more

6/28/2016 - Cybersecurity Data Collection Data Protection Data Security Educational Institutions Personally Identifiable Information Public Schools Software Student Privacy

OCR Warns of HIPAA Risks in Third-Party Apps

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently issued a warning regarding vulnerabilities in third-party applications used by entities covered by HIPAA. The OCR warning applies...more

6/22/2016 - Business Associates Covered Entities Data Protection Data Security Health Information Technologies HIPAA Mobile Health Apps OCR Risk Management Third-Party

“Interim” No More: DHS and DOJ Publish Final CISA Guidance on Cybersecurity Sharing

The Department of Homeland Security (DHS) and the Department of Justice (DOJ) have issued the long-awaited final procedures for both Federal and Non-Federal Entities under the Cybersecurity Information Sharing Act (CISA)...more

6/20/2016 - Cyber Threats Cybersecurity Cybersecurity Information Sharing Act (CISA) DHS DOJ Information Sharing Private Sector

Practice Fusion and FTC Settle Complaint Over Deceptive Statements About the Privacy of Consumer-Generated Online Content

Last week, the Federal Trade Commission (FTC) announced (press release) that Practice Fusion, the largest cloud-based electronic health company in the United States, has agreed to settle FTC charges over deceptive practices...more

6/20/2016 - Cloud Computing Disclosure Requirements EHR FTC Patient Confidentiality Breaches Privacy Policy Public Disclosure of Private Facts Unfair or Deceptive Trade Practices User-Generated Content

Delta Wins CalOPPA Case – But Your Mobile App May Not Fly

In a decision favorable to the airline industry—but not helpful to other companies—the California Court of Appeal said that a privacy enforcement action against Delta is not going to fly. On May 25, 2016, the Court of Appeal...more

6/2/2016 - Airlines Appeals Attorney Generals CalOPPA Delta Airlines Dismissal With Prejudice Enforcement Actions Kamala Harris Mobile Apps Penalties Privacy Policy

Innocents Abroad: Privacy considerations for employees working abroad

Dear Ned, I understand that one of your employees will be engaging a six-month temporary assignment around Europe to scope market opportunities, and you’d like to have a better understanding of what to be thinking about...more

5/18/2016 - Data Protection EEA Employee Privacy Rights Employer Liability Issues International Data Transfers International Labor Laws Privacy Concerns Surveillance Traveling Employee

PCI DSS 3.2: It’s here, what does it mean for you?

The Payment Card Industry Security Standards Council (PCI SSC) has released a new version of its data security standard for the protection of cardholder data, the Payment Card Industry Data Security Standard (PCI DSS). PCI...more

5/9/2016 - Cyber Attacks Cybersecurity Data Security Debit and Credit Card Transactions Fraudulent Charges PCI-DSS Standard SSL

Breach Response Portal Added by Massachusetts Regulator

If you have had to provide data breach notices across any number of states (and who hasn’t….), you would know that they vary widely in how those notices must be provided to state regulators. In some states (for example,...more

4/28/2016 - Breach Notification Rule Data Breach Incident Response Plans Office of Consumer Affairs Portal State Data Breach Notification Statutes

FCC Broadband Privacy and Security Proposed Rulemaking Underway

As we reported last month, the FCC was preparing a proposed rulemaking (NPRM) to establish privacy and data security requirements for broadband internet access service (BIAS) providers. The FCC has now released that proposal...more

4/13/2016 - Customer Proprietary Network Information (CPNI) FCC Net Neutrality NPRM Open Internet Rules

It’s A Wrap! Sony Pictures Data Breach Case Settles Without A Hollywood Ending For The Plaintiff Class

Everyone loves a good courtroom drama. So just imagine this pitch: henchmen of an evil dictator hack their way into a movie studio computer system. Once inside, they steal the most sensitive personal information of the...more

4/11/2016 - Class Action Data Breach Personally Identifiable Information Settlement Agreements Sony

197 Results
View per page
Page: of 8

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.