Issuing California Consumer Privacy Act (CCPA) warning letters is becoming an annual Data Privacy Day observance for California Attorney General Rob Banta. This year, the letters went to owners and operations of mobile...more
A ransomware gang that has been targeting hospitals and other health care providers has been at least temporarily dismantled by the FBI. Attorney General Merrick Garland and other U.S. officials announced that the FBI's...more
Public companies initiating the year-end reporting process will need to consider, and in many cases take steps to address, a number of significant developments and issues. To assist companies in this process, Mintz has...more
12/9/2022
/ Annual Meeting ,
Breach of Duty ,
Clawbacks ,
Climate Change ,
Corporate Governance ,
Cybersecurity ,
Data Protection ,
Disclosure Requirements ,
Diversity and Inclusion Standards (D&I) ,
Filing Deadlines ,
Insider Trading ,
Privacy Laws ,
Proxy Advisors ,
Publicly-Traded Companies ,
Securities and Exchange Commission (SEC) ,
Shareholders ,
Stock Markets ,
Supply Chain ,
Ukraine
The Federal Trade Commission (“FTC”) announced on Monday that it is settling a case against Drizly and its CEO stemming from a 2020 data breach that impacted roughly 2.5 million consumers. The proposed order not only...more
10/31/2022
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Hackers ,
Identity Theft ,
Personal Data ,
Popular ,
Securities and Exchange Commission (SEC) ,
Settlement
The so-called “HR exemption” taking employee and applicant personal information out of the control of the California Consumer Privacy Act (CCPA) is about to come to an end. Employers who are “businesses” for purposes of the...more
10/18/2022
/ Anti-Retaliation Provisions ,
Audits ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Compliance ,
Data Collection ,
Data Mapping ,
Data Retention ,
Exemptions ,
Opt-Outs ,
Personal Information ,
Policies and Procedures ,
Privacy Notice Rule ,
Right to Delete ,
Right To Know ,
Sensitive Personal Information
If you’ve relied on the temporary “exemption” for employee/applicant and business-to-business (B2B) personal information under the California Consumer Privacy Act (CCPA), those exemptions will expire on January 1, 2023. The...more
California is leading the way on privacy regulation --- again. The California State Assembly has passed AB 2273, which, if approved by the California Governor, would require businesses that provide online services,...more
California Attorney General Rob Bonta has announced a major settlement under the California Consumer Privacy Act (CCPA), and it will cost Sephora, Inc. a whopping $1.2 million in penalties. According to the release from...more
In the spring of 2018 and in the wake of the Facebook-Cambridge Analytica data scandal, tech CEOs Tim Cook of Apple and Mark Zuckerberg of Meta (fka “Facebook”) initiated a contentious and public debate over the ethics of...more
The new California privacy regulatory body, the California Privacy Protection Agency (CPPA), has loudly voiced its opposition to the proposed federal American Data Privacy and Protection Act (ADPPA). The bottom line for...more
State laws that restrict or criminalize abortions will require significant amounts of health information to enforce, putting new pressure on health care providers caught in the middle of competing obligations to their...more
In the wake of the Supreme Court’s ruling in Dobbs vs. Jackson Women’s Health Organization, much has been written about how existing privacy laws, such as the Health Insurance Portability and Accountability Act (“HIPAA”), are...more
It does not look as though Massachusetts will be state number 6 to enact a comprehensive data privacy law – or at least not the one that people have been talking about. The Massachusetts Joint Committee on Health Care...more
Privacy law 101 includes a simple but important basic concept that organizations may only use personal information they collect for what they say they will, and how they say they will. According to the Federal Trade...more
At a Boston College cybersecurity conference sponsored by Mintz, FBI Director Christopher Wray said that agents this summer thwarted a planned attack on Boston Children’s Hospital...more
On April 28, 2022, the Connecticut legislature took the final step to become very close to passing comprehensive consumer privacy legislation as the Connecticut House of Representatives voted 144-5 in favor of Senate Bill 6,...more
5/4/2022
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
CDPA ,
Connecticut ,
COPPA ,
Data Privacy ,
Data Security ,
Enforcement ,
Fair Credit Reporting Act (FCRA) ,
FERPA ,
Governor Lamont ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Notice Requirements ,
Opt-Outs ,
Personal Data ,
Private Right of Action ,
Proposed Legislation ,
State Privacy Laws
Ransomware is the “business pandemic.” Warnings have been issued by multiple agencies around the world to alert businesses to increase their protection and awareness. Most recently, the Department of Health and Human...more
4/29/2022
/ American Hospital Association ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Malware ,
Phishing Scams ,
Popular ,
Ransomware ,
Russia ,
Ukraine ,
Vulnerability Assessments
On Monday, President Biden warned U.S. companies to be on guard against Russian cyberattacks, citing intelligence as a call to action.
“I have previously warned about the potential that Russia could conduct malicious...more
Following closely on its proposal for substantial new cybersecurity requirements for investment advisers and registered investment companies, the Securities and Exchange Commission (SEC) unveiled a new slate of proposed...more
Utah is on the brink of joining California, Colorado, and Virginia to become the fourth state in the US to enact a major comprehensive privacy law. On February 25, the Utah Senate passed the Utah Consumer Privacy Act...more
Facebook’s parent company Meta has agreed to settle one of the longest-running data privacy lawsuits in the country for $90 million. This dispute, originally filed in 2012 in a total of 21 related cases, alleged that Facebook...more
Data Privacy Week kicked off with a major message for US publicly-traded companies: the Securities and Exchange Commission will be looking at cybersecurity. SEC Chairman Gary Gensler said in a speech to a virtual securities...more
As public companies embark on the year-end reporting process, they will need to consider, and in some cases take steps to address, a number of significant developments and issues. As in past years, Mintz has prepared a...more
1/19/2022
/ Annual Meeting ,
Coronavirus/COVID-19 ,
Corporate Governance ,
Cybersecurity ,
Data Privacy ,
Disclosure Requirements ,
Enforcement ,
Environmental Social & Governance (ESG) ,
Executive Compensation ,
Fiscal Year ,
Nasdaq ,
New Legislation ,
NYSE ,
Popular ,
Publicly-Traded Companies ,
Securities and Exchange Commission (SEC) ,
Shareholder Meetings
Before the holidays, we warned of a critical vulnerability in a widely-used Java logging utility that could affect tens of thousands of companies. Since that original alert, multiple US and foreign government cybersecurity...more
We want to make our readers and your security operations aware of a critical vulnerability that is actively being exploited in the wild.
CVE-2021-44228 can easily be exploited to gain complete access to the targeted...more