The House of Representatives passed H.R. 3763, a bill that amends the Fair Credit Reporting Act to provide for an exclusion from Red Flag Guidelines for certain businesses. As passed by the House, the following would not be considered “creditors” under the new Red Flag Rules: a health care practice with 20 or fewer employees…
Consumer Watchdog Asks HHS to Repeal Rule Allowing Health Care Providers to Decide When Notification of Breached Electronic Medical Records is Necessary
Consumer Watchdog today called on the Health and Human Services Department to repeal a rule that allows health care providers and insurers to decide whether consumers must be notified when the security of their electronic confidential health information has been breached. In a letter to HHS Secretary Kathleen Sebelius the nonprofit, nonpartisan consumer advocacy group…
EXCLUSIVE: UW-Madison discovers 40 computers used for file-sharing
A site reader alerted DataBreaches.net to a recent breach involving the Department of Chemistry at University of Wisconsin-Madison recently. According to the notification letter, a copy of which was provided to this site, the university notified some faculty and students that their personal information was on 40 departmental computers that had been hacked. In a…
CZ: State institute found to be illegally collecting personal medical data
Christian Falvey reports: The Office for Personal Data Protection says it has never encountered such a large-scale database of illegally collected personal data: information from 200,000 drug prescriptions a day for the last six months showing who uses what kind of medicine. And the body collecting it? The State Institute for Drug Control. What the…
Insurer Zurich loses customers’ details
Nick Collins of the Telegraph reports: Insurance giant Zurich has admitted losing the personal details of 51,000 British customers. The group said the backup tape was lost during a routine transfer to a data storage centre in South Africa in August last year. It said it had no evidence that the data had been misused,…
Local NHS Trust pledges to improve data security
Antony Sumara, the Chief Executive of Mid Staffordshire NHS Foundation Trust, has agreed to take action to comply with the Data Protection Act following a significant security breach. The breach occurred after a member of the Trust’s human resources team transferred personal information to a home computer. The information, known as a ‘Statement of Case’,…