Zack Whittaker reports:
An internet advertising company specializing in helping law firms sign up potential clients has exposed close to 150,000 records from a database that was left unsecured.
The database contained submissions as part of a lead-generation effort by X Social Media, a Florida-based ad firm that largely uses Facebook to advertise various campaigns for its law firm customers.
Read more on TechCrunch. It’s another could-have-awful-consequences exposure situation. And not surprisingly, the researchers who found it throw in references to HIPAA, although further down in their report, they acknowledge that x Social Media is not covered by HIPAA.
Throwing in references to HIPAA doesn’t help if HIPAA doesn’t apply — even though the public may want the standards of security and privacy to be upheld in the business sector. What would have been more on point for vpnMentor to mention would be any privacy policy for x Social Media or assurances about data security that may have been violated.
Think FTC, not HHS, folks.