Emily Ford reports that although OCR found no violation of HIPAA’s Privacy Rule, a patient at the Rowan Regional Medical Center has filed a lawsuit against the center, alleging privacy violations. Rowan Regional Medical Center will undergo voluntary corrective action next month after a former patient filed a privacy complaint against the hospital. Federal investigators…
AU banks: massive social engineering FAIL
Peter Martin reports: A survey of Australian banks’ call centres has found that half of their staff are prepared to help people access someone else’s financial records. In November, customer experience research firm Global Reviews phoned call centre operators at eight of Australia’s leading banks, including each of the big four. Without identifying themselves as…
ESRB unintentionally exposes email addresses of people who filed complaints over Blizzard’s Real ID system
Gregg Reece writes about a reply-all gaffe exposing almost 1,000 individuals’ email addresses: During the recent Real ID catastrophe on the forums, many players decided to appeal to an industry source that might have been able to sway Blizzard to change its mind. These players contacted the ESRB (Entertainment Software Rating Board) as a Better Business Bureau-type…
IE: Assessing the impact on privacy
Lloyd Mudiwa reports: Under the Health Act 2007, the Health Information and Quality Authority (HIQA) has the remit for setting standards for all aspects of health information and to monitor compliance with those standards. Prof Jane Grimson, Director of Health Information at HIQA, told Irish Medical Times that as part of this work, the Authority has…
Company being sued over alleged privacy violation in DVD
Jennifer Emily reports on a lawsuit against Cornell Companies Inc. mentioned previously on this blog. A company that managed a residential facility for court-mandated drug treatment is being sued for allegedly violating the privacy of its female residents by videotaping them and distributing the material as a promotional DVD. According to the lawsuit filed last…
2,000 affected in Fine Gael data breach (update2)
Last week, I posted a news story on PogoWasRight.org that discussed whether the web site of an Irish political party, Fine Gael, might be breaching privacy laws. In a separate development, it seems that the site has now had a security breach: Fine Gael has confirmed that the contact details of just under 2,000…