Rebecca J. Schwartz writes: On February 26, 2013, the United States Supreme Court in Clapper v. Amnesty International confirmed a demanding threshold showing for plaintiffs suing based on increased risk of harm in privacy-related. The decision effectively resolves a circuit split over the application of the Article III standing requirement in data breach cases. Plaintiffs must show that the…
ICO: Companies Laissez Faire over BYOD personal data
Antony Savvas reports: The Information Commissioner’s Office (ICO) says many employers “appear to have a laissez faire attitude” to allowing staff to use their personal devices for business, which may be placing people’s personal information at risk. ICO commissioned YouGov to question 2,150 UK adults, which found that almost half (47 percent) now use their…
Bank of America Gets A Burn Notice
Krypt3ia analyzes the BofA leak, which I had mentioned on this blog, here. Here’s a snippet from his post: One of the problems I have with the Paranoia analysis is that they take it to the conspiratorial level and make it out to be some pseudo CIA like entity. The reality though is that from…
RQRHA did not adequately protect health information
Pamela Cowan reports: The Regina Qu’Appelle Regional Health Authority (RQRHA) failed to follow provisions of the Health Information Protection Act (HIPA) in a 2010 privacy breach, according to Saskatchewan’s Information and Privacy Commissioner. Gary Dickson’s office began an investigation into the Regina breach after 15 addressograph cards – blue cards attached to patients’ charts when…
$250,000 penalty issued to Lucile Packard Children's Hospital was an error – CDPH
A breach at Lucile Salter Packard Children’s Hospital in 2010 generated a number of posts on this blog – especially after the hospital was reportedly fined $250,000 by California for a delay in notifying patients of the breach. I recently reported that the hospital had settled its appeal with the state and did not have…
VA routinely transmitted sensitive information over unencrypted network – OIG. No, we didn't – OIT.
A report released yesterday by the Office of the Inspector General (OIG) for the Department of Veterans Affairs indicates that they substantiated allegations that the VA was routinely transmitting sensitive information, including PII, PHI, and internal network routing information, over an unencrypted telecom carrier network. The Office of Information and Technology (OIT) disputes their findings,…