Update: Post from Daily Online Examiner blog. If you’re a power Facebook user, you are likely tired of the constant changes to privacy settings. At last count, the most recent change was the 13th. This report may make your day. The Wall Street Journal reports this afternoon (registration required) that Facebook is finalizing a proposed settlement… Continue Reading
Uncategorized
Subscribe to Uncategorized RSS FeedSenators Kerry & McCain to FTC and Commerce: Get Moving on Final Reports
Posted in UncategorizedSenators John Kerry and John McCain today requested that the Department of Commerce and the Federal Trade Commission issue their final reports on consumer privacy protections. Both agencies released draft reports identifying large holes in current privacy protections in December 2010, but have not yet issued final reports. Senators Kerry and McCain introduced legislation aimed… Continue Reading
Monday Morning Privacy 101
Posted in Data Breach, Data Breach Notification, HIPAA/HITECH, UncategorizedCan you identify the major problems lurking in this one short paragraph? We’ve given you some help. The UCLA Health System has notified more than 16,000 patients of the theft of their PHI during a home invasion of a former employee. The PHI was contained on an external computer hard drive and although the information… Continue Reading
Privacy and Security Bits and Bytes
Posted in UncategorizedAfter yet another week without power due to a history-making “Snowtober” storm, the Northeast is starting to recover, along with the editor of this blog. Here are some bits and bytes for a Friday afternoon: For those of you now able to log on and read this, here is a recent Mintz article centering on… Continue Reading
Privacy & Security Bits and Bytes
Posted in UncategorizedHere are some things to ponder during the Columbus Day weekend: My colleague, Dianne Bourque, has written an interesting piece about the new Texas health information law — combine this with the expanded breach notification laws that could impose Texas-style breach notification requirements on all 50 states, and we perhaps have a glimpse into Governor… Continue Reading
New Privacy Task Force Established by Connecticut AG’s Office
Posted in UncategorizedConnecticut Attorney General George Jepsen has announced the creation of a Privacy Task Force to help educate the public about data protection requirements and to focus his Office’s response to Internet privacy concerns and data breaches that affect consumers. According to Attorney General Jepsen’s press release, “Internet and data privacy have been among the biggest issues… Continue Reading
Changes in Airline Security
Posted in UncategorizedWhile this may not be directly related to the “information management” focus of our blog, it is of immense importance to those who travel with children under the age of 12 — the Transportation Security Authority (TSA) has changed the rules for kids who travel by air: keep your shoes on! Homeland Security Secretary Janet… Continue Reading
Some reading while waiting for Hurricane Irene (on the East Coast)…
Posted in UncategorizedMy new article on the Sony breach just published by Westlaw Journal’s Bank & Lender Liability– Once More Into the Breach: Are We Learning Anything?
FTC Targets Mobile Application Developer for Violations of COPPA
Posted in UncategorizedWritten by Stu Eaton In the FTC’s first enforcement action involving mobile applications, W3 Innovations, LLC agreed to pay $50,000 to settle charges that it violated the Children’s Online Privacy Protection Act (COPPA) and the FTC’s COPPA Rule by collecting and disclosing the personal information from thousands of children under the age of 13 without… Continue Reading
Federal Data Security Legislation Update: House Subcommittee Approves SAFE Data Act
Posted in UncategorizedWritten by Julie Babayan The House Energy and Commerce Subcommittee on Commerce, Manufacturing and Trade has approved a data security bill by a voice vote, moving it to the full Energy and Commerce Committee for consideration. The Secure and Fortify Electronic Data (“SAFE Data”) Act would establish national rules for securing data containing personal information,… Continue Reading
Massive Heist of Classified Documents – Pentagon Reports of Cyberwar
Posted in Uncategorized“In a single intrusion this March, 24,000 files were taken.” Chilling words yesterday from Deputy Defense Secretary William J. Lynn in a speech revealing the nation’s strategy for cyberspace. Last night, CBS News Pentagon Correspondent David Martin got an unprecedented look inside the command center at the Pentagon and filed a report worth watching: CBS News Report… Continue Reading
New Texas Electronic Health Record Law Exceeds HIPAA Requirements
Posted in UncategorizedWritten by Dianne Bourque Texas covered entities (health care providers, health insurers and clearinghouses) and other entities that use and disclose PHI of Texas residents using electronic health records (EHRs) face new risks and stringent requirements under HB300, a new Texas privacy law. The new law, which is effective September 1, 2012, is more stringent… Continue Reading
The HIPAA Auditors Are Coming! The HIPAA Auditors Are Coming!
Posted in UncategorizedIt is time for covered entities and business associates to jump start HIPAA privacy and security programs and make sure that everything is in compliance. GovInfoSecurity reports that the Department of Health and Human Services (HHS) has awarded a $9.2 million contract to KPMG to develop protocols for conducting the long-awaited HITECH Act-mandated HIPAA compliance audit… Continue Reading
Mixed Decision on Motion to Dismiss Google Street View Class Action Augurs Continuing Difficulty in Maintaining Privacy Class Actions
Posted in UncategorizedUPDATE — Google has filed an appeal to the 9th Circuit to review this lower court decision “before forcing to proceed with protracted litigation” on the federal wiretapping case. Good article by David Kravets of Wired here Written by Kevin McGinty Regular readers of this blog will be familiar with my view that difficulty in proving… Continue Reading
University of California Pays Close to $1M to Settle Celebrity Health Record Snooping Complaint
Posted in UncategorizedWritten by Dianne Bourque and Cynthia Larose The University of California has paid $865,500 to the Office of Civil Rights (OCR) and agreed to a Corrective Action Plan to settle allegations that UCLA Health System (UCLAHS) employees repeatedly snooped in the electronic health records of celebrity patients. The OCR’s investigation was prompted by two separate… Continue Reading
FTC Announces $1.8 Million Settlement for Violation of Fair Credit Reporting Act
Posted in UncategorizedWritten by Stu Eaton In a settlement announced by the Federal Trade Commission (“FTC”) on June 27, 2011, Teletrack, Inc. agreed to pay $1.8 million to settle FTC charges that it violated the Fair Credit Reporting Act (“FCRA”) by selling consumer reports to marketers without a “permissible purpose.” Teletrack sells credit reports and other services… Continue Reading
Two events coming up in San Diego/Irvine
Posted in UncategorizedWe have partnered with WinMagic and Lenovo to present two privacy compliance workshops. On June 28th, the workshop will be presented at Donovan La Jolla (register here) from 5 to 8 pm (including dinner) and on June 29th, we’ll be presenting the same workshop at Il Fornaio in Irvine (register here) from 5 to 8 pm… Continue Reading
“Reasonable” security does not necessarily equal “best” security – even if ACH fraud involved
Posted in UncategorizedWritten by Stu Eaton Bank Info Security reports that a magistrate for the U.S. District Court in Maine issued an Order that further defines what constitutes “reasonable” security practices. The Order, which must be approved by the judge, recommends dismissal of a complaint filed by PATCO Construction Company against Ocean Bank regarding more than $500,000… Continue Reading
Commerce Department: Call for national, voluntary codes of cybersecurity conduct
Posted in UncategorizedPrivacy and security has become a major focus of the Department of Commerce. The Department’s Internet Policy Task Force has issued its second green paper, this one proposing the creation of nationally recognized voluntary codes of conduct to help strengthen cybersecurity. Comments will be accepted on “Cybersecurity, Innovation and the Internet Economy” through August 1, 2011…. Continue Reading
Court Approves Settlement of Flash Cookie Class Action
Posted in UncategorizedWritten by Kevin McGinty On Monday, a federal judge in Los Angeles issued an order granting final approval to a previously-announced settlement of consolidated class actions alleging that the use of so-called “flash cookies” in connection with advertising on web sites resulted in unauthorized tracking of web users’ browsing activity. In addition, plaintiffs alleged that… Continue Reading
Legislative Interest in Federal Data Security Legislation Continues
Posted in UncategorizedSenate Judiciary Committee Chairman Patrick Leahy (D-VT) Introduces Data Security Bill Written by Julie Babayan Senate Judiciary Committee Chairman Patrick Leahy (D-VT) has introduced a data security bill that would require certain business entities that store personal data to implement data privacy and security programs, modeled after those established for financial institutions to protect customer… Continue Reading
RSA Offers to Replace SecurID Tokens – For Everyone
Posted in UncategorizedUPDATE — link to interesting article from Channel Insider. Back in March, we reported on a massive and sophisticated attack on RSA Security’s well-known SecurID tokens, used by millions of corporate workers to access sensitive corporate networks. Yesterday, the security unit of EMC Corp. posted a letter to customers on its website, acknowledging for… Continue Reading
Reminder: Privacy Wednesday Webinar TOMORROW
Posted in UncategorizedOur next webinar in the “Privacy Wednesday” series will be TOMORROW — “Privacy & Security Under HIPAA/HITECH in an Era of Heightened Enforcement” Registration is here – don’t miss it!
Privacy and Security Bits and Bytes
Posted in UncategorizedA Friday roundup – – From The Los Angeles Times — Social Security numbers and other payroll information of about 4,000 Securities and Exchange Commission employees were included in an unencrypted e-mail sent out by a contractor at the SEC’s National Business Center. First, SEC employees were nabbed downloading porn, and now this…. A bank courier… Continue Reading
