Federal – Page 40 – DataBreaches.Net

M.D. Anderson’s $4.3 Million Fine for Patient Data Loss Vacated

Posted on January 14, 2021 by Dissent

This is huge. Mary Anne Pazanowski reports: The University of Texas’s M.D. Anderson Cancer Center dodged a $4.3 million fine for losing over 35,000 people’s protected health information after the Fifth Circuit ruled Thursday that HHS acted arbitrarily and capriciously in finding that the provider violated two information security regulations. You can read more on…

Data Analytics Company Settles with FTC Over Alleged Data Security Violations

Posted on January 7, 2021 by Dissent

Sheila A. Millar and Tracy P. Marshall of Keller & Heckman write: Third-party service providers are vital to many companies and they handle a wide range of business activities essential for companies to deliver their own offerings. But a company is not adequately protecting consumers if it fails to perform proper due diligence on service…

IoT Devices to See New Security Guidelines in 2021

Posted on December 28, 2020 by Dissent

Joseph Lazzarotti writes: Setting up that new IoT device you received for Christmas? Maybe you’ve been derelict in feeding the dog and found a smart dog feeder under the tree, one that will alert you that Luna has been fed or that you have to refill the feeder. Smart gizmos are not just for the home, approximately 25%…

FTC Announces Enforcement for Inadequate Third Party Risk Management Practices Under the GLBA’s Safeguards Rule

Posted on December 27, 2020 by Dissent

Hunton Andrews Kurth writes: On December 15, 2020, the Federal Trade Commission announced a proposed settlement with Ascension Data & Analytics, LLC, a Texas-based mortgage industry data analytics company (“Ascension”), to resolve allegations that the company failed to ensure one of its vendors was adequately securing personal information of mortgage holders. The FTC alleged that Ascension’s vendor, OpticsML,…

OCR Settles Thirteenth Investigation in HIPAA Right of Access Initiative

Posted on December 23, 2020 by Dissent

The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) announces its thirteenth settlement of an enforcement action in its HIPAA Right of Access Initiative. OCR announced this initiative as an enforcement priority in 2019 to support individuals’ right to timely access their health records at a reasonable cost…

Twitter Fine: a View into the Consistency Mechanism, and “Constructive Awareness” of Breaches

Posted on December 22, 2020 by Dissent

Mark Young, Shona O’Donovan and Paul Maynard of Covington & Burling writes about the recent news-making fine the DPC issued to Twitter. They write, in part: Process aside, the DPC’s decision contains some interesting points on when a controller is deemed to be “aware” of a personal data breach for the purpose of notifying a…