The Register has an article from Out-Law.com that begins: New rules setting out the circumstances in which telecoms companies need to report personal data breaches, as well as the kind of information they need to share in those reports, have come into force. The EU’s Regulation on the notification of personal data breaches (7-page/756KB PDF) applies…
Ca: Lawsuit on hospital privacy breach gets court ok
Amy Woolvett reports: One of the largest medical privacy breaches in recent Canadian history could see almost 700 patients sue South West Health. A Supreme Court judge has given the okay to proceed with a class action lawsuit over the health authority’s patient information leak. In April 2012, South West Health learned that an employee…
Health apps run into privacy snags
Twenty of the most popular health apps transmit information – usually without user knowledge – to a web of nearly 70 companies, according to research conducted by Evidon for Financial Times. Read more here (sub. required).
One-Hour Breach Notification Out of Final HIX Rule? Yes and No
Joseph Goedert reports: The Centers for Medicare and Medicaid Services, in a final rule setting standards for health plans operating in state health insurance exchanges, has dropped a proposed requirement that privacy and security incidents be reported within one hour of discovery, while at the same time noting it is still required by other regulations….
St. Anthony's doctor's laptop stolen with patient information
Blythe Berhard reports a laptop computer and flash drive containing information on 2,600 St. Anthony’s nursing home patients was stolen from a doctor’s car on July 29. The computer included patient names and birth dates and may have contained medical records. It did not hold social security numbers or any financial information, according to the…
Attorney General Jepsen Reaches Settlement with Citibank on Online Credit Card System Security
Back in June 2011, I noted a breach involving Citibank (previous coverage here and here). There’s now a follow-up to that breach: Citibank N.A. will pay $55,000 to the state of Connecticut and will obtain a third-party data security audit of its online credit card account system under a settlement filed in court today, Attorney…