Privacy & Cybersecurity

Nearly as predictable as the sun coming up in the morning, the recent theft of 6.5 million LinkedIn user passwords has resulted in the filing of a class action lawsuit in a California federal court. 

Recently, the National Labor Relations Board Acting General Counsel Lafe E. Solomon issued his third and latest report on social media cases, providing specific guidance on how to construct a lawful social media policy.

Spokeo, Inc. has agreed to pay the FTC $800,000 to settle the FTC’s claims alleging that Spokeo violated the Fair Credit Reporting Act (FCRA) and committed unfair or deceptive acts or practices under the FTC Act. Spokeo is a data broker that collects personal information of millions of consumers and compiles that information into online profiles for each person.

Last week at the OCR/NIST conference, Building Assurance through HIPAA Security, Linda Sanches of The Office for Civil Rights provided an extensive update on the pilot HITECH audit program, including preliminary findings, what regulated entities can expect next and suggestions for covered entities concerned about being audited. 

Here is some weekend reading for those looking at e-discovery issues. Our colleagues, John Koss and Rebecca Diamond, have published an article in Bloomberg BNA - Digital Discovery and e-Evidence delving into deleted text messages in the Deepwater Horizon controversy.

4:44 PM -- LinkedIn has confirmed reports of hacking -

Welcome to June! It's time for an an updated version of our "Mintz Matrix" --- the Mintz Levin matrix of state data security breach notification laws. We update this matrix quarterly, or as developments dictate.

The FTC has again provided us with a road map to compliance through the Myspace consent order. Here are the takeaways that should concern every company with an online presence.

A recent Massachusetts Superior Court decision, Falmouth Firefighters Union v. Town of Falmouth, answers “no.”

Allow us to take a moment to congratulate one of our own. Mintz Levin colleague, Julia Siripurapu, has joined the ranks of certified privacy professionals! The CIPP credential is one of the best-recognized certifications in the "privacy world" and demonstrates Julia's knowledge and proficiency with privacy-related matters.

Last October, a Maloney Properties, Inc. (“MPI”) company laptop was stolen containing unencrypted personal information, including social security numbers, for over 600 Massachusetts residents. Shortly after the incident, MPI sent letters to customers alerting them of the incident and related data breach.  

Global Payments, Inc. (NYSE: GPN) (“Global”) has reported a significant data security breach for approximately 1.5 million credit card customers. According to a statement that Global released on Sunday, their investigation has revealed that “Track 2 card data may have been stolen, but that cardholders’ names, addresses and social security numbers were not obtained by criminals.” 

The Department of Commerce has already taken the first steps to implementing the White House's Consumer Privacy Bill of Rights announced last month. Commerce has invited comment on "what issues should be addressed through the privacy multi-stakeholder process and how to structure these discussions so they are open, transparent, and most productive."

This has been a big week for privacy.

At the White House today, President Obama unveiled his administration's framework for new privacy regulations and the long-awaited white paper entitled "Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy."

The Federal Communications Commission (“FCC”) has adopted new rules that require companies to obtain prior express written consent from consumers before calling them with prerecorded telemarketing “robocalls.” 

Here is an article published in Westlaw Journal on the top 5 data security and privacy issues in 2012 (and there could be a "top 20" if we'd had the column inches!) -- a little crystal ball-gazing:

International Data Protection and Privacy Day is Monday, January 28th.
The European Commission certainly found a way to mark the day.

The Chinese Year of the Dragon started with a bang as the Supreme Court issued a much anticipated ruling in this Fourth Amendment case that was neither brave nor innovative. In United States v. Antoine Jones the Court chose to affirm the district and circuit courts’ Fourth Amendment ruling on extremely narrow grounds.

The announcement of the proposal for comprehensive reform of EU data protection rules is expected on Wednesday of this week at 12:30 PM CET (6:30 AM EST). You will be able to watch the press conference with Viviane Reding, Vice President of the EU Commission in charge of Justice streamed live.