Remember when Prime Healthcare and Shasta Regional Medical Center were fined by federal and state agencies for breaching patient privacy? They had willfully disclosed patient details to the media after the media had reported the patient’s complaint about them. At the time, I noted that just because a patient discloses information, that does not give the covered entity the…
Category: Commentaries and Analyses
“Small” breach, big impact, redux
In November 2013, I blogged about the case of a privacy breach at Northern Inyo Hospital that was so devastating to the patient that she was going to move away. The breach was a willful insider breach that impacted a custody dispute. That same year, and unbeknownst to most people, there was a lawsuit filed over another insider…
More reaction to the Third Circuit opinion in FTC v. Wyndham
Two more commentaries site visitors interested in this issue may wish to read: What Exactly Does Reasonable Mean? – Josephine Wolff, Slate The FTC’s Wyndham victory is good for privacy but confusing for businesses – Stacey Higginbotham, Fortune
ICO raises concerns about data breach notification overload
From the where-have-I-heard-this-all-before dept.: The Information Commissioner’s Office (ICO) said it welcomed proposals outlined by the national governments that make up the EU which would restrict the cases where organisations would be required to notify data protection authorities and consumers of data breaches under the General Data Protection Regulation that EU law makers are currently…
In Wyndham, the FTC won a battle but perhaps lost its data security war
Gus Hurwitz has a slightly different take on the Third Circuit’s opinion in FTC v. Wyndham. On the issue of notice, he writes, in part: The court goes on to find that Wyndham had sufficient notice of the requirements of Section 5 under the standard that applies to judicial interpretations of statutes. And it expressly notes…
Audit: California agencies vulnerable to IT security breach
Juliet Williams of AP reports: Many California state agencies are not complying with the state’s information technology standards, leaving them vulnerable to a major security breach of sensitive data such as Social Security numbers, health information or tax returns, the state auditor reported Tuesday. “Our review found that many state entities have weaknesses in their…