On June 24, 2010, the European Union’s body that addresses data protection issues, the so-called Article 29 Working Party, adopted Opinion 2/2010 (the “Opinion”) providing further clarification on the amended e-Privacy Directive (below) as applied to online behavioral advertising. The Working Party also issued a press release on this topic.
Monthly Archives: July 2010
HHS Withdraws Breach Notification Final Rule (but breach notification still effective)
Posted in Data BreachInteresting press release from the Department of Health and Human Services (HHS) relating to the HITECH Breach Notification Final Rule. The Interim Final Rule is still effective, but one can’t help but wonder what HHS may be reconsidering given the numbers of breaches reported since September 2009.
Improper Disposal Costs Rite Aid $1 Million
Posted in Data BreachWritten by Dianne Bourque Rite Aid has agreed to pay $1 million to settle allegations that it violated HIPAA by disposing of labeled pill bottles in unsecured dumpsters accessible to the public. The $1 million fine settles a joint Office of Civil Rights (OCR)/Federal Trade Commission (FTC) investigation prompted by televised media reports of pharmacies… Continue Reading
Analysis of Proposed HHS Regulations Implementing HITECH Act
Posted in LegislationAs promised last week in an earlier post, here is our first Mintz Levin client advisory analyzing the 234 pages of regulations issued on Thursday by the Department of Health and Human Services. Thanks to colleagues Alden Bianchi, Dianne Bourque and Stephen Bentfield. The regulations are slated to be published in the Federal Register tomorrow,… Continue Reading
Australian Privacy Commissioner Concludes Google Breached Privacy Act
Posted in Data BreachWritten by Jillian Collins Australian Privacy Commissioner Karen Curtis has concluded her investigation into Google’s collection of unsecured WiFi payload data in Australia using Street View vehicles and finds that such collection violated Australian law. “On the information available I am satisfied that any collection of personal information would have breached the Australian Privacy Act,”… Continue Reading
No Harm, No Foul; Ninth Circuit Affirms Dismissal of Data Breach Case Against The Gap
Posted in Data BreachWritten by Kevin McGinty It’s a distressingly common scenario. A corporate laptop containing job applicant data, including social security numbers, is stolen from an employee who has taken the laptop off of corporate premises. Access to the social security numbers makes it possible for wrongdoers to engage in identity theft. Is an applicant’s fear that… Continue Reading
REMINDER – HITECH/201 CMR 17.00 Compliance Workshop
Posted in LegislationJust a reminder of the FREE upcoming data security compliance workshop – Space is limited, so register today at http://tinyurl.com/35pk3yr! On July 13, Mintz Levin will be joined by Sophos, Six Weight Consulting, and MFA Cornerstone Consulting to hold a free compliance workshop focused on both the gaps and overlap of Massachusetts’ data protection regulation… Continue Reading
First Ever State-initiated HIPAA Enforcement Action Settled
Posted in LegislationWritten by Dianne Bourque Connecticut Attorney General Richard Blumenthal has settled the first state-initiated HIPAA enforcement action. The settlement totals $250,000 in statutory damages and Health Net’s agreement to implement a variety of measures to improve the security of consumer health and personal information. Health Net also agreed to provide two years of credit monitoring… Continue Reading
HHS (Finally!) Issues Proposed HIPAA Privacy & Security Rule Changes
Posted in LegislationThe long-awaited proposed changes to the HIPAA Privacy Rules have finally been released by the Department of Health and Human Services (HHS). A joint statement issued today by the HHS and the Office of Civil Rights (OCR) says that the proposed regulations “would expand individuals’ rights to access their information and restrict certain disclosures of… Continue Reading
Data Breaches du Jour
Posted in Data BreachInformation regarding the latest reports of data breaches — common thread: it is taking a startingly long time for entities to (a) discover that they have been breached, and (b) to then take action to notify affected customers of potential compromises to personal information. Update on Major Data Breach at California Health Insurer Updating a… Continue Reading