Senator Leahy has introduced the Personal Data Privacy and Security Act of 2011. I haven’t had time to read it yet, but just skimming it, I some good provisions in there, but I also see two immediate concerns: 1. It appears to apply only to electronic data (not paper records), and 2. The definition of…
Author: Dissent
Greenville Hospital System: boxes of business records with patient info from Allen Bennett Memorial Hospital found in unsecured storage building
Earlier this year, Greenville Hospital System University Medical Center notified patients of a breach that does not appear on HHS’s breach tool. Kudos to GreenvilleOnline.com for noticing it and reporting on it. The undated notice, which is prominently linked from Greenville’s home page, appears to have been created on February 4, 2011: On December…
NC: Granville Co. school administration laptops stolen (updated)
Associated Press reports: Granville County school officials say confidential employee information was taken when a thief broke into the finance department at the school administration building and stole three laptop computers. The Henderson Dispatch reported Tuesday that school system employees have been notified and asked to be on the lookout for any signs that their…
(follow-up) ACH Legal Ruling Favors Bank
A decision in the PATCO case mentioned previously here. Tracy Kitten writes: A magistrate has recommended that a U.S. District Court in Maine deny a motion for a jury trial in an ACH fraud case filed by a commercial customer against its former bank. According to the order, which must still be reviewed by the presiding judge,…
Sony PlayStation hacks show need for data breach disclosure laws
Lisa Banks reports: The repeated hacking of Sony’s PlayStation Network hack has demonstrated the need for Australia to adopt mandatory data breach disclosure laws, a local security director has claimed. While the PlayStation Network was back up and running for Australian users today, director of Clearswift, Phil Vasic, said mandatory disclosure laws would help prevent…
12 Steps for Surviving an HHS/OCR Privacy Breach Investigation
From their press release: 12 Steps for Surviving an HHS/OCR Privacy Breach Investigation Free Interactive Tool and Checklist for Healthcare Organizations, from ID Experts, Available At http://www2.idexpertscorp.com/breach-tools/ocr-survival-tool/ The U.S Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has been cracking down on its enforcement of the HIPAA/HITECH Privacy, Security and Data…