Information Risk

Subscribe to Information Risk via RSS

Any illusion an organization may hold that it is operating “under the radar” of regulators should be shattered in the current compliance environment. Governmental agencies are increasingly able to efficiently coordinate with one another in matters of enforcement, and this post is a good example of that.
Continue Reading Inter-agency Cooperation Nabs HIPAA Violator for HHS

Promising a company that you will safeguard its employees’ information and then failing to do it according to Federal Trade Commission (FTC) standards likely will be viewed by the FTC as an unfair and deceptive business practice and trigger an enforcement action.

This was the case for Lookout Services, Inc., a company that maintains large amounts of

The National Association of Secretaries of State has recognized that the newest victims of identity theft are small and medium-sized businesses. These businesses need to take steps to safeguard not only personal information of customers, employees and others, but also the businesses’ corporate and financial data.
Continue Reading Small to Mid-Sized Businesses Wake Up! The National Association of Secretaries of State Warns Identity Theft Does Not Just Hurt Individuals

A recent criminal case involving a government employer harmed by a computer hacking incident affecting its personnel records may provide support for companies seeking to recover the costs they incur when taking appropriate steps to investigate these data incidents and mitigate harm when a breach is found to have occurred.
Continue Reading Restitution Includes Credit Monitoring Costs Following Data Breach Under CFAA

Companies frequently receive requests for information about current and former employees. These requests often come in the form of an attorney’s demand letter or a subpoena and apply to the individual’s medical records. Failing to carefully think through whether and how to respond can be a costly trap for the unwary.
Continue Reading ADA Violated When Employer Responds to State Subpoena and Discloses Former Employee’s Medical Records

Last month, the Federal Trade Commission’s Bureau of Consumer Protection posted FAQs on its website to guide health care providers and health plans when their patients and subscribers are affected by medical identity theft. 

When most people hear about an identity theft or a data breach, they typically think about credit card data or Social Security

As employees become more savvy with electronic communications and employers face increasing challenges with controlling vast amounts of data, the circumstances in this recent San Francisco Examiner story are likely being repeated all over the country – employee takes company information to support her wrongful termination case.
Continue Reading Employers Beware: Aggrieved Employee Commits Data Breach Affecting 2400 Individuals

The demand for "data breach" insurance appears to be growing based on our experiences, as well as commentary such as a recent article by Pamela Lewis Dolan of American Medical News.

As we’ve reported, data breach coverage is something quite different than traditional "cyber-risk" coverage which tends to address "hazards such as unauthorized Web site access, online