Header graphic for print
Workplace Privacy, Data Management & Security Report

Category Archives: Data Security

Subscribe to Data Security RSS Feed

Stolen Laptops = HIPAA Settlements Totaling Nearly Two Million Dollars

Unencrypted laptop computers and other mobile devices pose significant risks to the security of patient information, reminds the U.S. Department of Health and Human Services Office for Civil Rights (OCR) in its announcement yesterday that it collected $1,975,220 from two entities collectively to resolve potential violations of the Health Insurance Portability and Accountability Act (HIPAA)… Continue Reading

Iowa Amends Its Breach Notification Law, Attorney General Notification Required For Breaches Affecting More Than 500 Iowans

Iowa made changes to its breach notification law (Iowa Code § 715C.1 et seq.) when the state’s Governor, Terry Branstad, signed S.F. 2259 into law. The amendment makes the following key changes which become effective July 1, 2014: The existing law applies to “computerized” personal information. The amendment clarifies that this includes personal information maintained in any medium,… Continue Reading

Kentucky Enacts a Data Breach Notification Law and Protects Student Data in the Cloud

Kentucky Gov. Steve Beshear signed H.R. 232 on April 10, 2014, making the Commonwealth the 47th state to enact a data breach notification law. The law also limits how cloud service providers can use student data. A breach notification law in New Mexico may follow shortly. Data Breach Notification Mandate The Kentucky law follows the same general structure of… Continue Reading

Cities And Counties Are Not Immune From HIPAA Enforcement, Skagit County, WA Pays $215,000

Skagit County, Washington, has agreed to settle potential violations of the privacy and security rules under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), according to an announcement by the Office for Civil Rights (OCR) on Friday.  OCR reported that Skagit County, home to approximately 118,000 residents, agreed to a $215,000 monetary settlement and to comply… Continue Reading

Best Practices For Gramm-Leach-Bliley Compliance

The U.S. Commodity Futures Trading Commission (Commission) issued a Staff Advisory on best practices for financial institutions that must comply with Gramm-Leach-Bliley Act (GLBA) provisions on data security and customer privacy. GLBA was enacted to ensure that financial institutions respect the privacy of their customers and protect the security and confidentiality of nonpublic personal information.  Specifically,… Continue Reading

FTC Announces Identity Theft Was Top Consumer Complaint During 2013, 14 Years Running

According to an FTC press release, identity theft tops the national ranking of consumer complaints for 2013, with American consumers losing a reported $1.6 billion to fraud last year. Here is how some of the numbers break down: Fourteen (14) percent of the more than two million complaints to the FTC (or 290,056) stemmed from identity theft. Thirty… Continue Reading

California Attorney General Announces More Active Role in Dealing with Data Breaches, and Helpful Guide for Small Business

On Thursday, California Attorney General Kamala Harris announced heightened enforcement concerning data breaches, reports USAToday. AG Harris’ office also issued a Guide that provides recommendations to California businesses, particularly small businesses, to help them protect against and respond to the increasing threat of malware, data breaches and other cyber risks. The circumstances are certainly threatening for small business. According to… Continue Reading

Is it really deleted?

A significant percentage of “recycled” computers were found to still contain personal information, according to a study conducted by the National Association for Information Destruction (NAID). As reported in e-Place Solutions, the NAID-ANZ Secondhand Hard Drive Study, found that “15 of 52 hard drives randomly purchased contained highly confidential personal information.” What kind information: “spreadsheets… Continue Reading

“Blackphone” to address key smartphone privacy and security concerns?

Smartphone privacy and security concerns continue to weigh on businesses, particularly for companies in certain industries such as healthcare, and for those that have or are thinking of moving to a “bring your own device” (BYOD) model. Promoters of the “Blackphone,” according to a Reuters report, hope that their version of Google’s Android software will enable… Continue Reading

U.S. Attorney General Eric Holder Urges the Passage of a National Data Breach Notification Law

After years of identity theft holding the top spot for crimes reported to the Federal Trade Commission, and following recent reports of massive data breaches, U.S. Attorney General Eric Holder urged Congress today to enact a national law setting a uniform standard for notifying individuals regarding breaches involving their personal information, according to a report by… Continue Reading

What Employers Need to Know About Bitcoin

Written by B. Tyler Philippi Ask the average person what they know about Bitcoin and they might be able to tell you that it is a digital currency. Most have probably heard the name mentioned in articles about its giant fluctuations in value or in connection with black market internet transactions. Beyond that, how Bitcoin… Continue Reading

Increased Use of Medical Devices by Healthcare Providers Results in More Cyberattacks and Data Breaches

A study (registration required) by two data security firms, Norse in Silicon Valley and SANS, discussed in a recent L.A. Times article, confirms the concerns raised by the FDA and others about increased use of internet-connected medical devices by healthcare providers and the corresponding increase in the information systems of those providers being attacked, and in some… Continue Reading

Employee’s Unauthorized Texting of Confidential Health Information May Impose Employer Liability

Written by Jeffrey M. Schlossberg When does a medical clinic’s employee’s unauthorized texting of patient confidential health information result in liability to the clinic? The answer; it depends. In Doe v. Guthrie Clinic, Ltd., the Second Circuit Court of Appeals dismissed a patient’s claim against a medical corporation for alleged breach of fiduciary duty based… Continue Reading

No First Amendment Protection for Police Officer’s Facebook Rant, a Reminder of the Risks of Employee Activity in Social Media

If you are a public sector employer, you may be particularly interested in an article written by my fellow shareholder and practice group member, Marlo Johnson Roebuck. She writes about a recent case, Graziosi v. City of Greenville, involving a police department’s decision to terminate a police officer for statements she made on Facebook. As… Continue Reading

Top 14 for 2014

In honor of National Data Privacy Day, we provide the following “Top 14 for 2014.”  While the list is by no means exhaustive, it does provide critical areas businesses will need to consider in 2014. Location Based Tracking.  As the utilization of GPS enable devices becomes more and more prevalent, employers are often faced with… Continue Reading

Dealing with Personal Information at the Water’s Edge…

Privacy and data security issues and concerns do not stop at the water’s edge. Companies needing to share personal information, even when the sharing will take place inside the same “company,” frequently run into challenges when that sharing takes place across national borders. In some ways, the obstacles created by the matrix of federal and… Continue Reading

Another Small Healthcare Provider Settles Potential HIPAA Violations Following Data Breach, Office For Civil Rights Announces

A familiar story – small health care provider suffers a data breach affecting patient data, reports incident to the federal Office for Civil Rights (OCR) and winds up becoming subject to an OCR investigation that goes well beyond the breach itself, resulting in a significant settlement payment and corrective action plan. In this case, a relatively… Continue Reading

Fordham Law School Study of Public Schools Finds Widespread Use of Cloud Services, Student Data at Risk

On December 13, 2013, Fordham Law School’s Center on Law and Information Policy published a study (Study) that paints a sobering picture of how many public schools across the country handle student data, particularly with respect to data they store and services they (and students) use in the “cloud.” There is little doubt that many school districts… Continue Reading

New Jersey Settles Alleged COPPA Violation

In a recent consent order, the New Jersey Division of Consumer Affairs settled an investigation involving Dokogeo, Inc., a California based mobile application developer. Under the Children’s Online Privacy Protection Act (“COPPA”) websites and online services which collect information from children younger than 13 are subject to certain parental notice and consent requirements. In the Dokogeo… Continue Reading