Privacy & Cybersecurity

The cost of data breaches keeps on rising. Add another million to this week's HIPAA charges.

The practices of online data aggregator and broker Spokeo, Inc. (“Spokeo”) have come under the scrutiny of consumers and consumer privacy advocates for a while now, and have been on the FTC’s radar since at least last summer when the Center for Democracy and Technology filed a complaint against Spokeo with the Commission.

The Federal Trade Commission has extended the public comment period on its December 1, 2010 report -- FTC Privacy Report. The FTC press release says that, in light of the complex issues raised by the report, a number of organizations have requested an extension of the original January 31, 2011 deadline. 

We’ve had several questions lately regarding “mixups” with mailings of W-2 forms, and whether certain situations are really “data breaches.”   

Once again, a public event has piqued the "curiosity" of hospital employees in violation of HIPAA. The University Medical Center (UMC) at Tucson has fired three administrative staff and a contracted nurse for wrongfully accessing medical records related to the shooting rampage that killed six people and seriously injured Congresswoman Gabrielle Giffords.

Just before the end of 2010, both the Commerce Department (here) and the Federal Trade Commission released their agencies' respective proposals for privacy frameworks in the United States.

Yesterday, the Department of Commerce published a notice in the Federal Register, seeking feedback on proposals in its recently-unveiled privacy report.

Since March 1, 2010, privacy professionals have been waiting for a data breach that could bring an enforcement action under 201 CMR 17.00, the Massachusetts privacy regulations. I just spoke with Paul Roberts, editor of threatpost.com, a blog that posted an entry yesterday regarding a breach that could do just that.  

In last week's Privacy Report , the Federal Trade Commission posed a series of questions, soliciting comment and discussion from stakeholders to better inform its final report on the subject, due to be issued mid-2011.

In all the flurry of privacy-related issues over the last few weeks, a deadline has been slowly creeping up......remember the Red Flags Rule?  

The Federal Trade Commission (FTC) has just released its long-awaited (and 123-page long) report on consumer privacy: "Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers"  (the "Report").

The Federal Trade Commission (FTC) has reached a settlement with EchoMetrix over charges that it failed to inform parents that information it was collecting about their children would be disclosed to third-party marketers. 

Recently, a California state appellate court in Cutler v. Dike, No. B210624, 2010 WL 3341663 (Cal. Ct. App. Aug. 26, 2010), upheld a jury finding that an employer illegally fired an employee because he objected to the manner in which his employer maintained its confidential patient information.

Back on July 1, we blogged in this space about a very large data breach experienced by health insurer WellPoint. According to WellPoint, over 470,000 individual insurance customers may have been affected by a breach that went unreported for over five months. 

Recently, a news bulletin in Health Data Management  highlighted the point that many security experts are trying to make these days: Encryption is not always a "safe harbor."

It’s a distressingly common scenario. A corporate laptop containing job applicant data, including social security numbers, is stolen from an employee who has taken the laptop off of corporate premises. Access to the social security numbers makes it possible for wrongdoers to engage in identity theft.

On July 13, Mintz Levin will be joined by Sophos, Six Weight Consulting, and MFA Cornerstone Consulting to hold a free compliance workshop focused on both the gaps and overlap of Massachusetts’ data protection regulation 201 CMR 17.oo and the recent updates to federal health and medical data privacy found in the HITECH Act.

At the urging of congressional lawmakers, the Federal Trade Commission has for the fifth time delayed enforcement of the “Red Flags” Rule – this time through December 31, 2010. In the interim, Congress plans to consider legislation that would alter the scope of entities covered under the Rule.

Anthem Blue Cross is notifying approximately 230,000 members and applicants for individual health insurance of a breach involving a web site used by individuals to apply for insurance and track the status of their applications.

It’s been a while since we have visited the Federal Trade Commission’s Red Flags Rule here in this blog. The oft-postponed deadline is now fast approaching on June 1. Except, that is, for lawyers and now, doctors.