Privacy & Cybersecurity

The European Parliament recently published a report on the European Commission’s draft of a new EU Data Protection Regulation. The report, which includes the European Parliament’s proposal for a revised draft of the Regulation runs to an astounding 215 pages. 

As we continue our "new year, new look" series into important privacy issues for 2013, we boldly predict:
Regulatory Scrutiny of Data Collection and Use Practices of Mobile Apps Will Increase in 2013

The Department of Health and Human Services, Office for Civil Rights (OCR) reached its first settlement for a data breach involving less than 500 individuals. Under the December 2012 settlement, the Hospice of North Idaho (HONI) will pay OCR a $50,000 penalty to resolve allegations that it violated the HIPAA Security Rule. 

Happy New Year! We are beginning this week with a series of top Privacy and Security issues for 2013, as we see them. Let's start with an issue of interest to publicly traded companies, or companies considering going public in 2013 - a reminder that cybersecurity issues are of interest to the Securities and Exchange Commission (SEC) and are a shareholder disclosure issue.  

After years of consideration and feedback the Federal Trade Commission released the final revision to the 14-year old Children’s Online Privacy Protection Act (COPPA) Rule. 

The Center for Digital Democracy (CDD) filed a complaint yesterday asking the Federal Trade Commission (FTC)  to investigate violations of the Children’s Online Privacy Protection Act (COPPA) by Nickelodeon and mobile app-maker PlayFirst.

Delta Airlines, Inc. may have to pay fines equal to 20 “excess bag” fees for each user that has downloaded its “Fly Delta” mobile application. California Attorney General Kamala Harris has filed a complaint against Delta, alleging that Delta has failed to conspicuously post a privacy policy on its mobile application, in violation of California’s Online Privacy Protection Act (“CalOPPA”).

People's United Bank of Maine has agreed to pay about $ 390,000 to settle a claim that its security practices allowed unauthorized persons to withdraw funds from a construction company's account (Patco Construction Co. v. People's United Bank, D. Me., No. 09-503, agreed dismissal filed 11/19/12).

Can your organization answer "yes" to any of the following questions?

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has released guidance on the methods that covered entities and business associates can use to de-identify protected health information (PHI) in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule. 

When is a gallon of gas like an iTunes track? That may sound like a riddle from a Lewis Carroll novel, but it was one of the questions considered by the California Supreme Court during oral arguments in Apple v. Superior Court (Krescent) as Apple, Inc. attempted to persuade the Court that the Song-Beverly Credit Card Act of 1971, which prohibits retails from recording a customer’s personal identification information as a condition of accepting a credit card payment, does not apply to online retailers.

Sometimes the most interesting things that emerge from conferences are whispered across the aisle just after a presentation or debated by attendees off-site over a glass or two of wine.

If a haunted house or trick-or-treating was your scariest experience last week, you must not be one of the 100 mobile application developers who received a notice of non-compliance from California Attorney General Kamala D. Harris. 

The Federal Trade Commission (the “FTC”) has filed its response to the Wyndham Hotel & Resorts LLC’s (“Wyndham”) Motion to Dismiss. 

As the New York Times reports, Barnes & Noble disclosed this week that it learned over one month ago – on September 14 – that hackers broke into point of sale PIN pad devices at 63 Barnes & Noble stores around the country and stole credit and debit card information for customers who had made purchases at those stores.

Class action plaintiffs asserting claims against Sony in connection with the 2011 Sony PlayStation Network (“PSN”) data breach face permanent dismissal of their claims unless they can allege actual losses resulting from the breach.

Last week, the U.S. Department of Health and Human Services Office of Inspector General (OIG) released the results of a study entitled CMS Response to Breaches and Medical Identity Theft.

Facebook announced last week that it now has upwards of 1 billion active users. That same week, over 10 million Twitter messages were sent during the U.S. presidential debate.

We have two "Save the Date" announcements today - for registration information click on the links below:

It’s time for an updated version of our “Mintz Matrix” – the Mintz Levin matrix of state data security breach notification laws. We update this matrix quarterly, or as developments dictate.