Those who want to see HHS/OCR come down like a ton of bricks on more entities and impose heavier civil monetary penalties for HIPAA breaches will likely not be happy to learn that HHS has decided to reduce the maximum civil penalties it will impose for the four tiers of violations of HIPAA. Under the…
Category: Commentaries and Analyses
University of Alaska discovered a breach in February, 2018 that they are first revealing now?
The following is not quite the typical press release like we’ve been seeing on an almost daily basis. If this notice doesn’t include typos, then it appears that the University of Alaska first became aware that they had a problem in February of 2018. They started an investigation that they expanded in March, 2018 after…
Safeguard your network and customer credentials: Tips from the latest FTC data security case
One of the other enforcement actions the FTC has taken stems from the ClixSense breach in 2016. Lesley Fair of the FTC writes: Suppose a lunch companion says, “I think there’s something wrong with this tuna salad.” To determine if the problem is tuna not to their taste vs. tuna gone bad, would you scarf…
Greek DPA Issues EUR 30,000 Fine For Data Protection Violation by Hellenic Petroleum S.A.
Hunton Andrews Kurth writes: On April 15, 2019, the Greek Data Protection Authority (“DPA”) fined Hellenic Petroleum S.A. EUR 20,000 for unlawful processing of personal data and EUR 10,000 for failing to adopt appropriate data security measures. Hellenic Petroleum S.A. had engaged a vendor to conduct a study on its behalf. The study was exposed…
i-Dressup and a data security mess-up
Lesley Fair of the FTC writes: Kids love to play dress-up, but parents wouldn’t want them rummaging through the attic or climbing to the top shelf of the wardrobe without permission and proper supervision. The i-Dressup.com website offered users – including children – a virtual way to play dress-up and design clothes without those potential…
Marcus Hutchins’ plea leaves unsettled whether writing certain types of code is illegal – Ekeland
In May, 2017, a young man from the U.K. became known as an “accidental hero” for saving the world from the further spread of WannaCry ransomware. But months later, this same hero, Marcus Hutchins, known online as @MalwareTech, was arrested in the U.S. as he tried to fly home after attending the Black Hat and…