Conor McGilvy of SCOTUSblog provides some helpful links on Vermont’s recent petition to the Supreme Court to overturn the Second Circuit’s decision in Sorrell v. IMS Health. The case concerns a state law that restricted access to prescription drug records and that required patient consent for disclosure of the records for sales or marketing purposes….
Search Results for: Sorrell
Vermont Attorney General Enters Unique Data Security Settlement With Software Developer
October 12, 2016 In a settlement announced today, software company Entrinsik agreed to provide better warnings after a Vermont college experienced a security breach that potentially exposed 14,000 social security numbers due to the ordinary use of its reporting tool. Because the Attorney General believes that the software practice involved is widespread and many companies may not…
VT Attorney General settled security breaches with Embassy Suites San Francisco Airport and Auburn University
In May, there were follow-ups to two breaches, but I missed them at the time. In the spirit of better late and complete than never, here’s the press release from the Vermont Attorney General’s Office: Earlier today Attorney General William Sorrell filed a settlement in Washington County Superior Court with Embassy Suites South San Francisco, located in…
Vermont Attorney General Fines Local Business For Failing To Notify Consumers Of Security Breach
Shelburne Country Store in Shelburne, Vermont will pay a $3,000 civil penalty for failing to inform 721 internet buyers of a security breach of their credit card information. In late 2013, the company’s website was hacked and credit card information stolen. Upon being informed of the breach in January 2014, the company quickly fixed the problem, but…
Update to the inVentiv/Adheris lawsuit against HHS over prescription refill reminder programs
There’s an update to a lawsuit I mentioned the other day. The parties have filed a joint motion to suspend the schedule for briefing and motion for an injunction as HHS has agreed not to enforce the guidelines starting September 23 and to issue guidance. The key paragraphs of the joint motion: Following that telephonic…
Reidentification Theory Doesn't Save Privacy Lawsuit–Steinberg v. CVS Caremark
Here’s an update on a lawsuit I noted back in March 2011. Eric Goldman writes: CVS Caremark provided consumer data to pharma companies and data brokers. The plaintiffs alleged that the data transfers violated CVS’s privacy policies, but CVS apparently disclosed only “de-identified” data as contemplated by HIPAA. Plaintiffs couldn’t sue under HIPAA, both because…