Charlie White reports: Jeffersonville is notifying city vendors and officials of a recurring “serious” data breach in which their names and addresses — and some Social Security numbers — were mistakenly e-mailed to city employees. “Because this is a serious incident, we strongly encourage you to take preventative measures now to help prevent and detect…
Deal reached over doc's privacy breach
Meanwhile, in New Zealand, Joelle Dally reports on a case similar in some respects to cases I’ve recently mentioned on this blog involving Northern Inyo Hospital and the Guthrie clinic: The Canterbury District Health Board appears to have reached a deal to avoid legal action over a doctor’s 2007 privacy breach. The case could have…
Transcript of Oral Argument in FTC v. Wyndham
Cross-posted from the mother ship, PogoWasRight.org: I splurged and purchased a copy of the transcript of Thursday’s oral argument in FTC v. Wyndham . You can download it here (PDF, 561kB, 186 pp.). Consider it an early holiday gift from PogoWasRight.org to you. I look forward to reading everyone’s reactions after we’ve all had time to read it. I…
Follow-up: Can a clinic be held liable for employee's bad acts?
And speaking of how much a health care facility can do about a rogue employee and whether they are responsible or liable, there is an update to a case I first noted here in 2011 involving a Guthrie Healthcare System clinic in Corning, New York. In that case, a nurse willfully disclosed a patient’s information on…
Diapers.com goes above and beyond to protect customers (update 3)
A Diapers.com customer kindly sent me a copy of the e-mail he received from them today: From: Diapers.com <[email protected]> Date: Sun, Nov 10, 2013 at 12:09 PM Subject: An Important Message Regarding Your Account To: [redacted] Hello [redacted] This is an important message from Diapers.com At Diapers.com we take your security and privacy very seriously….
"Small" breach, big harm.
I recently noted a privacy breach at Northern Inyo Hospital in California. It was one of those “small breaches” (i.e., less than 500 affected) that don’t get reported on HHS’s public-facing breach tool, but it really created distress for its victim. In discussing the breach, I noted my surprise at a statement the patient made…