Alabama has joined the “crazy quilt” of state data breach notification laws with the governor’s signature of the Alabama Data Breach Notification Act of 2018.
Things to take note of under the Alabama law...more
Only one U.S. state without a data breach notification law, that is.
South Dakota as become the 49th state to enact a data breach notification law, which take effect on July 1. The South Dakota law follows the pattern...more
Beware of March Madness! Scammers and phishers take advantage of increased web traffic by impersonating popular March Madness websites, including bracket sites and game live streams. Will your employees take the bait?...more
We’ve discussed privacy compliance with regulations, legal requirements, etc. in the space since this blog’s inception. “Privacy by design” – while not a new concept – is certainly enjoying a new spot in the sunshine thanks...more
2/21/2018
/ Chief Information Security Officer (CISO) ,
Cybersecurity ,
Data Breach ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Privacy Policy
In case you had not heard, the European Union is replacing its current privacy laws with a new, comprehensive General Data Protection Regulation (GDPR), which takes effect May 25, 2018. The essential principles of the EU’s...more
2/13/2018
/ Cybersecurity ,
Data Breach ,
Data Collection ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Health Care Providers ,
International Data Transfers ,
Life Sciences ,
Medical Records ,
Personal Data ,
Personally Identifiable Information ,
Third-Party Service Provider ,
US-EU Safe Harbor Framework
As we near the end of a year that has seen more than its share of massive data breaches, two bills have been introduced (one re-introduced) in the U.S. Senate....more
12/11/2017
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Equifax ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Identity Theft ,
Personally Identifiable Information ,
Popular ,
Proposed Legislation ,
Reporting Requirements ,
Uber
As data breaches dominate national headlines it remains important as ever for businesses to invest in security and to be ready to respond if a breach occurs. Part of your preparedness program should be staying current on data...more
On September 7, 2017, Equifax, one of the three large credit reporting bureaus, announced a cybersecurity incident impacting approximately 143 million U.S. consumers. According to Equifax, the breach occurred mid-May through...more
9/13/2017
/ Breach Notification Rule ,
Consumer Financial Protection Bureau (CFPB) ,
Credit Cards ,
Credit Reporting Agencies ,
Cybersecurity ,
Data Breach ,
Data Security ,
Enforcement Actions ,
Equifax ,
FBI ,
Federal Trade Commission (FTC) ,
Personally Identifiable Information ,
Popular
Recently, Uber agreed to a proposed Federal Trade Commission (FTC) consent order (“Consent Order”) to settle charges in an FTC complaint (“Complaint”) regarding behavior stemming back to at least 2014. Acting Chairman Maureen...more
8/25/2017
/ Consent Order ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Federal Trade Commission (FTC) ,
FTC Act ,
Misrepresentation ,
Personally Identifiable Information ,
Popular ,
Uber
Recently, the Electronic Privacy Information Center (“EPIC”) asked the FTC to begin an investigation into a Google program called “Store Sales Management.” The purpose of Store Sales Management is to allow for the matching...more
If you are a retailer with locations in New Jersey, you will need to review your procedures in anticipation of a new law effective October 1, 2017....more
It seems as though we have been writing about this case for a lifetime. Target Corporation’s data breach saga came one step closer to a conclusion this week. On Tuesday, Target reached an $18.5 million settlement with 47...more
5/26/2017
/ Board of Directors ,
CEOs ,
Civil Monetary Penalty ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Debit and Credit Card Transactions ,
Form 10-K ,
Information Security ,
Personally Identifiable Information ,
Settlement ,
Target Company
After a quiet winter there has been significant activity in state legislatures to enact, strengthen or clarify their data breach notification statutes. The latest happenings are summarized below and we have updated our “Mintz...more
We are anxiously waiting to learn the fate of the data breach notification statute recently passed by state lawmakers in New Mexico. The bill remains on the desk of the governor who has until the end of the week to sign the...more
Google’s recent changes to its privacy policy are coming under fire from a complaint filed late last year with the Federal Trade Commission (“FTC”) that accuses the company of downplaying “transformational change” in its...more
As has become typical in the data security space, there was quite a bit of activity in state legislatures over the previous year concerning data breach notification statutes. Lawmakers are keenly aware of the high profile...more
Colorado is the latest state to revisit, and expand upon, its laws pertaining to the use and protection of student data. Colorado Governor John Hickenlooper recently signed into law House Bill 16-1423 (the “Bill”) designed to...more
Sophisticated phishing scams and muscular hacking efforts continue to compromise personal and sensitive information held by insurers, hospital systems, and businesses large and small. In response, many states have...more
6/15/2016
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Encryption ,
Exemptions ,
Gramm-Leach-Blilely Act ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Personal Data ,
Personal Information Protection Act ,
Personally Identifiable Information ,
Phishing Scams ,
PIPA ,
Safe Harbors ,
State Data Breach Notification Statutes
Everyone loves a good courtroom drama. So just imagine this pitch: henchmen of an evil dictator hack their way into a movie studio computer system. Once inside, they steal the most sensitive personal information of the...more
The general definition of “personal information” used in the majority of statutes is: An individual’s first name or first initial and last name plus one or more of the following data elements: (i) Social Security number, (ii)...more
This week, the Federal government took the first steps toward implementation of the The Cybersecurity Information Sharing Act (CISA), enacted into law last December. CISA aims to encourage sharing of cyber threat indicators...more
For the first Tuesday in November, we have 10 easy steps to make sure that your data breach incident response planning is viewed from that pesky point of view of a litigator....more
11/3/2015
/ Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Breach Plans ,
Data Privacy ,
Data Protection ,
Data Security ,
Email Policies ,
Personally Identifiable Information ,
Popular ,
Tone At The Top ,
Training
Rather than our usual Privacy Monday “bits and bytes,” we have a breaking story relating to the ongoing Wyndham/FTC saga.
Today, Wyndham Worldwide Corp. lost a critical round in the Third Circuit. Anticipated since...more
8/25/2015
/ Best Practices ,
Credit Cards ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Federal Trade Commission (FTC) ,
FTC Act ,
FTC v Wyndham ,
Personally Identifiable Information ,
Section 5 ,
Unfair or Deceptive Trade Practices ,
Wyndham
While you enjoy what is left of the summer of 2015, we will kick off your week with a few privacy and security bits and bytes....more
8/4/2015
/ Cyber Threats ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Food and Drug Administration (FDA) ,
Hackers ,
Healthcare Facilities ,
Hospitals ,
Medical Devices ,
NAIC ,
Nursing Homes ,
Personally Identifiable Information
Once again, data breaches and hacks are front and center, so here are three stories you should know about to start your week....more
7/21/2015
/ Auto-Dialed Calls ,
Breach Notification Rule ,
Credit Monitoring ,
Cyber Crimes ,
Data Breach ,
Encryption ,
FCC ,
Hackers ,
Personally Identifiable Information ,
Robocalling ,
TCPA ,
UCLA ,
UCLA Medical Center