Privacy & Cybersecurity

The Chairman of the Federal Trade Commission, Jon Leibowitz, said: It's the law, it's the right thing to do, and, as today's settlement demonstrates, violating COPPA will not come cheap.

With the inevitability of death and taxes, data breaches spawn class action lawsuits. The massive Sony PlayStation Network data breach has now resulted in the filing of a class action in federal court in Massachusetts captioned Thompson v. Sony Computer Entertainment. 

There have been hundreds of articles written in the past week on the Sony Playstation Network breaches. Cynthia Larose, chair of Mintz Levin's Privacy and Data Security practice, has been quoted in several articles over the weekend, including The Wall Street Journal, Reuters, and The Chicago Tribune.

We've had the Epsilon breach. We've had Sony Breach One and Sony Breach Two. Today, Bloomberg News reports on a breach that may be, as one security expert in the article calls it, "the nastiest password hack in history...." LastPass is reporting that hackers may have broken into its database and stolen info on as many as 1.25 million users.

Yesterday, in a Customer Service Notification posted on its website, Sony Online Entertainment LLC (“SOE”) based in San Diego, California revealed that its systems were also the subject of a hacking attack.

There are many articles being written and blogged today regarding the PSN breach. The Hill reports this afternoon that Representative Mary Bono Mack (R-CA) has announced a plan to introduce legislation to protect online consumer information.

The Centers for Medicare & Medicaid Services (CMS) has released proposed regulations establishing Accountable Care Organizations (ACOs) and creating the Medicare Shared Savings Program (the Program).

Sony Corp. has acknowledged on its PlayStation website that between April 17 and April 19, its PlayStation and Qriocity networks were the subject of a hacking attack.

Apple has published a Q&A document to educate consumers on the back story relating to collection of location data. 

Lawmakers including Senate Judiciary Subcommittee on Privacy Chairman Al Franken (D-MN) and House Bi-Partisan Privacy Caucus Co-Chairman Ed Markey (D-MA) are scrutinizing Apple Inc.’s and Google Inc.’s practices of tracking users’ location information through their mobile phones. 

On Tuesday, the US Supreme Court heard arguments (transcripts here) about whether or not the Vermont data mining law violates free speech by preventing pharmaceutical manufacturers and their sales people from obtaining data on physician prescription habits.

As we have been saying since the beginning of the new session of Congress, it appears that privacy is the true bipartisan issue. 

By now, you've probably received one or more emails like this:

Once again, we have evidence that failures to implement the most basic of data security measures can cost real money.

In the two-plus years since the enactment of the HITECH Act, the health care industry has seen a dramatic shift in federal and state HIPAA enforcement posture.

Our ongoing effort to summarize the comments (see post here) filed in response to the FTC’s Privacy Framework continues this week as we focus on the Telecommunications and Media industry.

We've been writing extensively on the decision out of California in Pineda v. Williams-Sonoma and collection of zip codes in credit card transactions. Our colleagues on the West Coast have published a new advisory that makes interesting reading.

The 2010 Ponemon Institute study on the cost of data breaches has been released. The numbers are eye-opening. The average total cost per reporting company in the study was $7.2 million per breach -- the most expensive data breach cost $35.3 million and the least expensive breach cost $780,000.  

In our continuing effort to summarize the more than 400 comments posted in response to the FTC’s Privacy Framework, we have organized our summaries into the following five industry groups: Retail/Promotion/Advertising; Software/Technology; Telecommunications/Media; Privacy Advocates/Government; and Financial Services/General Business.

This week, we heard about the first civil money penalty under the HIPAA Privacy Rule for failure to provide access to medical records and willful neglect -- and it was a whopper.