Privacy & Cybersecurity

Last December, the FTC gave to us the long awaited (or maybe not so much by covered entities!) final amendments to the 14-year old Children’s Online Privacy Protection Act (COPPA) Rule (the “COPPA Rule,” and as amended, the “Amended COPPA Rule”).

As public companies prepare for the New Year and the start of yet another annual reporting season, it is the perfect time to reflect on our 2013 prediction that the SEC would require greater disclosure relating to cybersecurity risks and data breaches. As predicted, the SEC has been quite busy.

Web cameras, burglar alarms, fitness monitors, smartphones, and a host of other internet connected devices all have the potential to invade privacy by collecting and sharing personal information. 

The Department of Defense (DoD) has published its new final rule governing the security measures imposed on DoD unclassified technical information resident on or passing through the unclassified information systems of its contractors and subcontractors.

In 2013 geolocation and biometrics were hot topics. Apple included a fingerprint reader on the new iPhone which was either really cool or an epic fail depending on your viewpoint, and Google and the NSA are tracking our every move.

2013 was a busy year for California. We passed a budget with a surplus, let Kim and Kanye get engaged in one of our stadiums and panicked over possibly losing Sriracha sauce. At the same time, we also passed a number of significant pieces of legislation related to data privacy, the effects of which will be felt throughout the year.

The year 2013 started with a bang for HIPAA-regulated entities, with the passage of the long-awaited HIPAA Omnibus Rule, implementing privacy, security, breach notification, enforcement and other provisions of the HITECH Act. Omnibus Rule momentum carried through much of the year with an industry-wide push to comply with the September 23, 2013 compliance date for significant provisions of the Omnibus Rule.

Haul out the holly, fill up the stockings, even though it's just one week past Thanksgiving day.....
Rather than look back at 2013, next week the Privacy & Security blog will count down The 12 Days of Privacy, looking ahead to what we might expect in 2014.

If you haven't been paying attention to "password hygiene" preached by this blog and others, perhaps it's time. Jose Pagliery from CNNMoney reports of a large-scale hack that has compromised over 2 million passwords at Facebook, Gmail, Twitter, Yahoo and others.

This past weekend if you survived the towel aisle and other Black Friday dangers and made it to the register to purchase your items, it is possible you were asked to provide an email address so that your receipt could be emailed to you.

(LONDON) The European Commission, which has the authority to make changes to the US Safe Harbor program, has published a paper titled “Rebuilding Trust in EU-US Data Flows” that sets out the changes that the Commission would like to see the US adopt. 

Earlier this month, Google, Inc. (“Google” or “Company”) entered into an  agreement with the Attorney Generals of 37 states and the District of Columbia, settling allegations of violation of  the participating states’ consumer protection or applicable computer abuse statutes (the “Settlement Agreement”).

We don't do this very often, but this is an excellent opportunity for a lawyer with privacy experience at a long-time Mintz client.

The month of November is quickly slipping by - this is the time to be looking at the 2014 cybersecurity and data privacy goals and updates and planning ahead.

Walking around a department store isn’t the only time you’re being tracked while you shop. If you’ve ever visited a web page and seen an advertisement for the exact same pair of shoes you were looking at on a different web page the day before, then you know that something similar is happening while you surf the web. 

If you’ve ever dealt with that pushy salesperson at Bed, Bath & Beyond who won’t take your word for it that you’re just browsing and not ready to commit to a high-end home espresso machine, you know that being followed around at a retail store can be unsettling and intrusive.

We have published prior advisories concerning the development by the National Institute of Standards and Technology of a cybersecurity “Framework” intended to be adopted by owners of critical infrastructure to enhance the security of their information systems.

As health care providers continue to try to navigate the world of social media, the Rhode Island Board of Medical Licensure and Discipline (the “Board”) has issued policy guidelines (the “Guidelines”) to address the use of social media by the state’s physicians.

The FTC has announced (press release) that, as a result of the recent shut down of the agency, the Commission has voted unanimously to extend the public comment periods for two recent proposals under the COPPA Rule.

The Los Angeles Times (the “Times”) reported this week the theft of two laptops from an administrative office of hospital group AHMC Healthcare Inc. (“AHMC”) in Alhambra, California that compromised the health data of approximately 729,000 individuals.