The Centers for Medicare & Medicaid Services (CMS) maintains the protected health information of millions of Medicare beneficiaries. If CMS has a security breach, they’re obligated to report it just like other HITECH-covered entities. But when HHS’s Office of the Inspector General (OIG) looked at whether CMS was complying with the requirements, they found deficiencies: CMS reported…
UK: Private sector leads the way on data protection compliance but ‘room for improvement’ elsewhere (update1)
The Information Commissioner’s Office issued a press release today on the results of its voluntary audit program: A series of reports published by the Information Commissioner’s Office (ICO) today has highlighted the positive approaches many private sector companies are adopting to look after people’s data. However concerns remain about data protection compliance within the local…
President's bioethics panel urges new privacy protection to ensure benefits from DNA decoding
Lauran Neergaard of Associated Press reports: It sounds like a scene from a TV show: Someone sends a discarded coffee cup to a laboratory where the unwitting drinker’s DNA is decoded, predicting what diseases lurk in his or her future. A presidential commission found that’s legally possible in about half the states — and says…
Ca: Bar and lounge workers warned of potential privacy breach (update1)
Jana G. Pruden reports: Hundreds of employees of the Oil City Hospitality Group are being warned that personal information such as social insurance numbers and birth dates has been “accessed and possibly compromised” after a break-in at the company’s head office this summer. The group owns a number of popular bars and lounges in Edmonton,…
Almost 280,000 to be notified of hack at Northwest Florida State College; ID theft reported
Jim Turner reports: An information security breach has been reported involving employee and student records at Northwest Florida State College in Niceville. […] According to the state Department of Education, the breach included more than 3,000 employee records and approximately 76,000 Northwest College student records containing personal identification information; and approximately 200,000 records with information…
How Zappos’ User Agreement Failed In Court and Left Zappos Legally Naked
Eric Goldman writes: In January, Zappos (part of $AMZN) announced a massive data security breach affecting 24 million consumers. As typically happens in these situations, plaintiffs’ class action lawyers swarmed over Zappos for the breach, filing dozens of lawsuits. Zappos tried to send the lawsuits to arbitration based on an arbitration clause in its user agreement. Recently,…