Header graphic for print
Workplace Privacy, Data Management & Security Report

Category Archives: Data Security

Subscribe to Data Security RSS Feed

FTC’s Hammer Gets Bigger with LabMD Case

The on-going fight to hammer out the extent of the Federal Trade Commission’s authority to bring regulatory enforcement actions in data breach cases took another blow last week in LabMD v. FTC. In that case, the U.S. Court of Appeals for the Eleventh Circuit sided with the FTC holding companies that find themselves subject to… Continue Reading

Healthcare Providers and Business Associates: Don’t Ignore the Insider Threats

News reports of security risks, hackings and breaches caused by individuals, terror groups or even countries around the world certainly are important and can be unsettling. But, for many organizations, including healthcare providers and business associates, a significant and perhaps more immediate area of data risk rests with an organization’s workforce members. An organization’s information… Continue Reading

President Obama to Call For National Data Breach Notification Law and Other Cybersecurity Measures

About two years ago, President Obama signed an executive order on the date that he delivered his State of the Union address which directed certain federal agencies to develop voluntary standards for achieving cybersecurity. Preparing for his 2015 State of the Union address, Bloomberg and other news outlets are reporting this morning that President Obama will… Continue Reading

Indiana Attorney General Enforces HIPAA For First Time – Another Lesson for Small Business

As we reported, state Attorneys General have authority to enforce the privacy and security regulations under the Health Insurance Portability and Accountability Act (HIPAA), pursuant to the authority granted under the Health Information Technology for Clinical and Economic Health (HITECH) Act. Shortly after announcing plans to seek legislation requiring stronger protections for personal and financial… Continue Reading

FCC Promises Action Against Those Who Fail to Safeguard

On December 19, 2014, the FCC published Chairman Thomas Wheeler‘s response to Senator Bill Nelson’s (D-FL) letter regarding the FCC’s recent proposed $10 million fine against two telecom companies. In the response, Chairman Wheeler reiterated the need for FCC action in this area and explained that consumers regularly entrust their most personal, confidential, and sensitive information… Continue Reading

Indiana Joins a Growing List of States Seeking to Tighten Data Security and Data Breach Notification Requirements in 2015

As we reported, there are a number of signs pointing to a significant tightening of regulation and increased enforcement of data security mandates. Following efforts in New Jersey, New York and Oregon, Indiana Attorney General Greg Zoeller announced his office is seeking legislation that would better protect the online personal and financial information of Indiana… Continue Reading

New Data Protection Powers Requested in Oregon

On December 9, Oregon’s Attorney General, Ellen Rosenblum, announced to the Oregon House and Senate Judiciary Committee that she would be introducing legislation to expand existing personal data protections for Oregon consumers while implementing additional enforcement measures to combat non-compliance. According to Ms. Rosenblum, Oregon’s laws have not kept up with the rapid increase in… Continue Reading

EMPLOYERS BEWARE: MEDICAL IDENTITY THEFT ON THE RISE AND IS THE GOLDEN TARGET FOR HACKERS

As we’ve discussed previously, medical identity information is worth more than ten (10) times that of financial information on the black market. This gives hackers a financial incentive to obtain such information that is maintained not only by medical providers and pharmacies but also by employers who provide medical insurance coverage to their employees. Employers… Continue Reading

Protective Order Can Limit Disclosure of Company’s Non-Public Information in Employment Dispute

Written by David Kight When involved in litigation, a company’s non-public information, such as trade secrets, can be prevented from becoming public information by a court-granted protective order. While a blanket protection is unlikely to be granted by a court, early consideration of information potentially sought by a plaintiff would allow a company to limit… Continue Reading

Negligence Claims for Breach of Patient Privacy Not Preempted by HIPAA, Connecticut Supreme Court Holds

Healthcare providers continue to have challenges with responding to attorney requests for information and subpoenas. We highlighted some of these last year, along with some issues providers should be considering to help meet those challenges.  In this case, after the patient advised the provider not to disclose her PHI to her significant other, the provider received a… Continue Reading

On the Heels of FTC, FCC Joins GPEN to Better Watch Data Abroad

Data is rarely still. It is captured, processed and moved around the world at speeds we wouldn’t have dreamed possible 20 years ago. Data often disrespects borders. By way of example, companies often mistakenly store personal data in the cloud to be accessed by multiple international locations, without considering the legal rights of the data… Continue Reading

FCC Issues First Data Security Fine

On October 24, 2014, the Federal Communications Commission (FCC) announced its intention to fine two telecom companies $10 million for several violations of laws protecting the privacy of phone customers’ personal information.  This marks the FCC’s first data security case and the largest privacy action in the FCC’s history. According to the FCC, TerraCom, Inc…. Continue Reading

Computer Fraud and Abuse Act No Help to Employer Suing Employee Who Took Proprietary Business Info

Written By Michelle Hackim An employer had no cause of action under the Computer Fraud and Abuse Act (“CFAA”) against an employee who accessed its computer systems to misappropriate confidential and proprietary business information to start a competing business, the U.S. District Court for the Southern District of Ohio has held. Cranel Inc. v. Pro… Continue Reading

Re-Emphasis on Third-Party Service Provider Security In Financial Services…A Reminder for All Businesses

A New York Times article earlier this week reported that top officials at the Treasury Department have identified a key area for strengthening data security – third-party service providers. Reuters reported that on Tuesday of this week New York State Department of Financial Services superintendent, Benjamin Lawsky, sent a letter to a number of banks inquiring… Continue Reading

Data Breach Notification Deadline Extended 10 Days for Certain Healthcare Providers in California

While recent legislation has tended to tighten data breach notification requirements (e.g., Florida and California), Assembly Bill 1755 extended the breach notification deadline from five to 15 days for certain healthcare providers. More specifically, according to AB1755 which becomes effective January 1, 2015, the deadline to provide notification of a breach of medical information for healthcare providers covered by… Continue Reading

Enterovirus D-68 and Ebola Cases Raise Privacy Concerns for Healthcare Providers and their Workers

On September 25, a four-year old boy from New Jersey died of Enterovirus D-68, reports myfoxphilly.com. Increasingly, there are reports about potential Ebola cases in the U.S. Naturally, the spread of infectious disease raises concern for everyone, particularly for healthcare workers who want to do their jobs, and also protect their families. There are already… Continue Reading

California AB-1710 – Requires Credit Monitoring Information in Data Breach Notice, Including Services Must Last 12 Months and Be Provided at No Cost

California Governor Jerry Brown signed AB-1710 into law yesterday amending its existing data breach notification statute. The most significant change – companies that experience a data breach must provide information in the notification that if identity theft prevention and mitigation services are provided, they must be provided for at least 12 months to affected persons… Continue Reading