Data Breach

News & Analysis as of

5 Things Every Company's Data Security Program Should Include

If you don’t have to keep it, then don’t keep it. If you have to keep it, encrypt it....more

State Data Security Breach Notification Laws

The general definition of “personal information” or “PI” used in the majority of statutes is: An individual’s first name or first initial and last name plus one or more of following data elements: (i) Social Security number,...more

Trendy “Cybersecurity” Versus Traditional “Information Security” Two Sides of the Same Security Coin

Cybersecurity has become a dominant topic of the day. The Snowden revelations, the mega-data breaches of 2013, the pervasiveness of invisible online “tracking” and the proliferation of “ data broker” trading in personal data...more

More Permissive Standard For Standing In Plaintiffs' Data Breach Suits: Federal Judge Endorses Novel Pleading Strategy And Denies...

On March 28, the California federal judge presiding over the suit against LinkedIn Corp. (LinkedIn) — which stems from a data breach from 2012 — denied LinkedIn’s motion to dismiss, and permitted the suit to proceed based on...more

California Bill Imposes Tough Data Retention Restrictions and Broad Liability for Customer Data Breaches

In response to the recent high-profile data breaches involving the personal and financial information of millions of consumers, California legislators have advanced a bill that would hold businesses doing business in...more

Kentucky Enacts Data Breach Notification Law - New Law Limits Cloud Service Providers’ Collection of Student Data

Kentucky is the 47th state, along with the District of Columbia, Guam, Puerto Rico and the Virgin Islands, to enact a data breach notification law requiring business entities to notify individuals of security breaches...more

Privacy Laws in Asia

Privacy rules in Asia are changing at a rapid pace. In the past three years alone, five countries have enacted brand new laws, and three countries or jurisdictions have amended existing laws to address emerging issues such as...more

Get your updated Mintz Matrix!

As our readers know, we maintain a summary of the US state data breach notification laws, which we refer to as the “Mintz Matrix.” We update the Mintz Matrix on a quarterly basis, or more frequently if developments dictate....more

Cybersecurity Issues in the Financial Services Industry: Fasten your cyber belts, it's going to be a bumpy night

Few topics are as hot as cybersecurity. Recent high-profile data breaches at national retailers have made cybersecurity a frequent topic on Capitol Hill and an issue of growing concern to average Americans. Not surprisingly,...more

SEC Issues Cybersecurity Risk Alert

On April 15th, the SEC's Office of Compliance Inspections and Examinations ("OCIE") issued a Risk Alert concerning its initiative to assess the cybersecurity preparedness of the securities industry. The Risk Alert states that...more

The Cybersecurity Race: Executive Branch Takes The Lead While Congress Watches From The Bleachers

The federal government sector has been abuzz lately with whispers and shouts about pending cybersecurity regulations, frameworks, and requirements. This attention is not particularly surprising, especially given the recent...more

New Jersey Federal Court First To Uphold FTC’s UDAP Authority To Enforce Data Security

On April 7, the U.S. District Court for the District of New Jersey denied a hotel company’s motion to dismiss the FTC’s claims that the company engaged in unfair and deceptive practices in violation of Section 5 of the FTC...more

Privacy & Security Bits and Bytes

There has been so much news swirling in the data privacy and security world in the last few days, that it has been difficult to keep up. We’ll give you a roundup here....more

FFIEC Advises Financial Institutions On “Heartbleed” Risks

On April 10, the FFIEC issued an alert advising financial institutions of risks associated with “Heartbleed”, a recently discovered material security vulnerability in a commonly used encryption method known as the OpenSSL...more

A Brief Survey of Current and Future Developments in Privacy, Data Protection and Cyber Security Law

The challenges confronting corporate counsel regarding privacy, data protection and cyber security have never been more daunting: dealing with the threat of increasingly sophisticated cybercriminals, responding to data breach...more

Target Becomes a Target: Proposed California Bill Aims to Make Retailers Liable for Data Breach Incidents

Following a string of high-profile data breaches and new data suggesting that approximately 21.3 million customer accounts have been exposed by data breach incidents over the past two years, the California legislature has...more

BYOD: Where the Employee and the Enterprise Intersect

The proliferation of bring your own device programs – or “BYOD” as it is commonly referred – has drastically changed today’s corporate workplace environment. Employees are availing themselves of smart phones, tablets, and...more

Iowa Adds AG Data Breach Notice Requirement

On April 3, Iowa Governor Terry Branstad signed SF 2259, which amends the state’s data breach notice law to add a requirement that businesses that experience a data breach notify the state attorney general’s office within...more

Heartbleed Won’t Bring Cardiac Arrest for Ediscovery

How do you stop a security professional’s heart from beating? Two words: security breach. In today’s “Internet of Everything” environment, the impact of a security breach can be felt around the world and back again…in...more

Iowa Breach Notification Law Now Requires AG Notification, Applies to Paper Records

Iowa recently joined an increasing number of states that require notification of state regulatory authorities following a breach, as well as a handful of states in which paper records can trigger notification obligations....more

Kentucky Becomes 47th State with a Data Breach Notification Law

On April 10, 2014, Kentucky became the 47th state to enact breach notification legislation. Under the new law, companies that conduct business in Kentucky and hold consumer data of Kentucky residents will now be required to...more

Kentucky Becomes The 47th State To Enact A Data Breach Notification Law

Kentucky is now the 47th state with a data breach notification law, a development that should be of interest not only to Kentucky-based entities, but also to entities that do business in Kentucky and have personal information...more

Heartbleed: What to do now

Hardly a day passes now without some new report of a security vulnerability with inevitable breaches that follow, but Monday’s news about the two-year old vulnerability in OpenSSL is (or should be) catching everyone’s...more

Privacy Tuesday – April 14, 2014: Heartbleed Headaches

Last week was certainly the “week of the Heartbleed.” Unless you have been on vacation on a remote island (and if so, good for you!), you have heard and read much about the latest mass bug to infect the Internet....more

With OpenSSL Compromised by Heartbleed, an Opportunity for Companies to Diversify Cyber Security Efforts

The recent discovery of the “Heartbleed” online bug has sent shockwaves through the internet, causing companies and individuals alike to question very basic assumptions about cyber security. The bug has allegedly existed for...more

534 Results
|
View per page
Page: of 22