Privacy & Cybersecurity

If your company doesn’t have an office in the EU, but collects or receives personal data from the EU in the course of running its business, it can be a bit tricky to determine whether or not EU Data Protection laws apply to you. 

Rather than look back at 2014, starting tomorrow, the Privacy & Security blog will count down The 12 Days of Privacy, looking ahead to what we might expect in 2015 and what we might be talking about in the year to come.

Federal District Judge Paul Magnuson has ruled that banks that issued credit and debit cards to customers whose data was stolen in the December 2013 Target data breach could continue to litigate claims against Target for negligence and violation of Minnesota’s Plastic Security Card Act (“MPCSA”), Minn. Stat. § 325E.64. 

The Google Spain decision (discussed here) held that a search engine with advertising activities in Europe (directly or through a subsidiary) must delete search results that link to personal information that the person in question thinks is no longer “relevant.” 

Big Data can slice and dice just about anything. Big data analytics company, Datawatch, has created two fun demos using turkey and Thanksgiving dinner data.

Corrective action taken by Verizon Communications to fix security issues with its FiOS and DSL routers resulted in the FTC closing its investigation to determine whether Verizon's distribution of the routers was an unfair or deceptive practice.

This week, the HHS Office of Civil Rights (OCR) issued a bulletin (Bulletin) to remind covered entities and business associates that “the protections of the Privacy Rule are not set aside during an emergency.” 

Welcome to Privacy Monday - here are five privacy & security bits and bytes to start your week:
1)  California AG's Data Breach Report: Who Is Handling Your Patients' Confidential Health Information?

Substantive litigation in the flood of lawsuits concerning the recent Home Depot data breach awaits a determination of where the cases will be heard.  Numerous overlapping lawsuits have been filed in courts throughout the United States asserting claims on behalf of consumers and financial institutions arising from the massive theft of credit card data that was confirmed by Home Depot in September.

A federal district court in New Jersey has dismissed with prejudice a shareholder derivative suit, Palkon v. Holmes, No. 14-CV-01234 (SRC) (D.N.J.), that tried to blame the directors and officers at hospitality company Wyndham Worldwide Corporation (“Wyndham”) for a series of data breaches.

In past posts we’ve taken a close look at the Framework for Improving Critical Infrastructure Cybersecurity put forth by the National Institute of Standards and Technology (NIST), exploring its wide-ranging implications for companies across a number of different industries.

October is National Cyber Security Awareness Month. This is an opportunity to remind employees (and yourselves) about how to keep corporate networks and their own cyber lives secure.

As a service to our readers, we have distilled last week’s joint HHS Office of Civil Rights (OCR) and National Institute of Standards in Technology (NIST) conference, “Safeguarding Health Information: Building Assurance through HIPAA Security” into three phrases:  (i) risk assessment, (ii) workforce training, and (iii) adequate encryption. 

As we promised in our post on the Yelp and TinyCo Federal Trade Commission COPPA enforcement actions, the Mintz Privacy Team has prepared an extensive review and analysis of both actions, and a helpful guide to avoiding COPPA violations.

Happy autumnal equinox
Home Depot Breach - By the Numbers

As we predicted in prior blog posts (here and here), the Federal Trade Commission has begun its vigorous enforcement of the Amended COPPA Rule.  And one of the players is not a child-related site, so read on. 

As the world recovers from the excitement leading up to Tuesday’s Apple Live Event announcement of the new iPhone 6 and Apple Watch, mobile app developers are chomping at the bit to create software that leverages the new operating system and Apple’s widely-anticipated “HealthKit,” a purportedly secure platform that allows mHealth apps to share user’s health and fitness data with the new Health app and with each other. 

When one thinks of the use of technology in school, often the first image that comes to mind is of students sending ill-advised Snapchats and making in-app purchases that line the pockets of the Kardashian family, rather than paying attention in geometry. 

It appears that the data breach victim of the week (perhaps of the year) is The Home Depot. Brian Krebs has reported that it appears that two large dumps of purloined credit card numbers have made an appearance on the black market and that those numbers may have originated at Home Depot locations. 

Some weeks ago, we wrote a piece "What You Need to Know About Backoff Malware: The New Threat Targeting Retailers". It's apparently gotten worse. Any business utilizing point-of-sale (POS) terminals for "swiping" credit cards needs to pay attention to this threat and assess vulnerability.