Privacy & Cybersecurity

As a service to our readers, we have distilled last week’s joint HHS Office of Civil Rights (OCR) and National Institute of Standards in Technology (NIST) conference, “Safeguarding Health Information: Building Assurance through HIPAA Security” into three phrases:  (i) risk assessment, (ii) workforce training, and (iii) adequate encryption. 

The Federal Trade Commission (FTC) has made good on its promise to actively enforce the recently amended Children’s Online Privacy Protection Act (COPPA). Here is what you should know about the latest enforcement actions against Yelp and TinyCo and how these might affect your business.

As we promised in our post on the Yelp and TinyCo Federal Trade Commission COPPA enforcement actions, the Mintz Privacy Team has prepared an extensive review and analysis of both actions, and a helpful guide to avoiding COPPA violations.

Happy autumnal equinox
Home Depot Breach - By the Numbers

As we predicted in prior blog posts (here and here), the Federal Trade Commission has begun its vigorous enforcement of the Amended COPPA Rule.  And one of the players is not a child-related site, so read on. 

As the world recovers from the excitement leading up to Tuesday’s Apple Live Event announcement of the new iPhone 6 and Apple Watch, mobile app developers are chomping at the bit to create software that leverages the new operating system and Apple’s widely-anticipated “HealthKit,” a purportedly secure platform that allows mHealth apps to share user’s health and fitness data with the new Health app and with each other. 

When one thinks of the use of technology in school, often the first image that comes to mind is of students sending ill-advised Snapchats and making in-app purchases that line the pockets of the Kardashian family, rather than paying attention in geometry. 

It appears that the data breach victim of the week (perhaps of the year) is The Home Depot. Brian Krebs has reported that it appears that two large dumps of purloined credit card numbers have made an appearance on the black market and that those numbers may have originated at Home Depot locations. 

Some weeks ago, we wrote a piece "What You Need to Know About Backoff Malware: The New Threat Targeting Retailers". It's apparently gotten worse. Any business utilizing point-of-sale (POS) terminals for "swiping" credit cards needs to pay attention to this threat and assess vulnerability.

The National Institute of Standards and Technology (NIST), publishers of the Framework for Improving Critical Infrastructure Cybersecurity (the “Framework”) last February, have published a Request for Information in the Federal Register seeking comments on industry experience with the Framework to date. 

According to recent media reports, Google is allegedly designing a Google account for children under 13 which would permit children in this age group to officially create  their own Gmail account and to access a kid-friendly version of YouTube.

Technology, retail, medical, financial services, education ..... and more experience data losses on a daily basis through employee negligence, poor controls, insider attacks, advanced persistent threats from malevolent outsiders or computer viruses.

Wearable devices, including health and activity monitors, video and audio recorders, location trackers, and other interconnected devices in the form of watches, wristbands, glasses, rings, bracelets, belts, gloves, earrings and shoes are being heavily promoted in the next wave of consumer electronics.

Wearable devices, including health and activity monitors, video and audio recorders, location trackers, and other interconnected devices in the form of watches, wristbands, glasses, rings, bracelets, belts, gloves, earrings, and shoes are being heavily promoted in the next wave of consumer electronics.

Community Health Systems, Inc. (the “Company”), one of the largest hospital organizations in the country, announced via a public filing (Form 8K) made yesterday with the Securities and Exchange Commission (“Report”) that the Company was the target of a cyber attack that compromised the health data of 4.5 million individuals.

The issue of cyberliability risk is finally making its way to the board room. We have written about the importance of board education and board involvement in the assessment of cyber threats and liability risk and the Securities and Exchange Commission is looking carefully at public company disclosures of cybersecurity risks as a factor for the investing public. 

 (LONDON) Could the European Court of Justice’s May 13, 2014 Google Spain decision delay the adoption of the EU Data Protection Regulation?

There is another retail data breach to talk about in this Privacy Monday post – privacy & security bits and bytes to start your week.

We are just two Mondays away from Labor Day, the traditional end of summer in the United States. Here are some privacy tidbits to get your week started. See especially Jake Romero's piece on the new Delaware data destruction law.

Rarely do Microsoft, AT&T, Verizon, Apple, Cisco and the ACLU all agree on a particular subject; rarer still that such an unlikely coalition fails.