Skip to main content

Privacy and Security Bits and Bytes

On this last day of April, there are a couple of breaches and another clarion warning about copy machines --

We have blogged on this issue here and here -- and again, there is another warning about the treasure trove of information residing on the hard drive of your copy machine. A CBS Evening News investigation revealed just how much information is stored on copy machines that gets passed on when the machine’s lease is up and the machine is resold. Adding one more to the mounting pile of privacy-related investigation requests the Federal Trade Commission has received in recent days, U.S. Rep. Edward Markey (D-MA) requested the commission look into the issue in a statement released yesterday.

Make sure that you don’t violate data protection laws in Guernsey – the offshore banking center has amended its privacy law to include prison time for violations. Persons found guilty under Section 55 of the law of unlawfully obtaining (or disclosing) personal data without the consent of the data controller may now face a prison sentence. Previously, the most severe penalty available was a fine of up to £10,000 Data protection law amended - International Law Office

Add Mexico to the list of countries with a national comprehensive data protection law. Mexico's Senate on Tuesday unanimously approved the Federal Law of Protection of Personal Information. The law establishes the rights and principles of data protection in the private sector, and was nine years in the making.

And two “breaches du jour: The Louisville Courier-Journal reports that a flash drive containing the personal information of 24,600 patients of a psychiatric hospital has gone missing. According to the report, the drive contained patient names, admission and discharge dates and dates of birth. (Begs the question of why protected health information (or PHI) is on an unsecured flash drive in the first place…. ) And, in California, St. Jude Heritage Healthcare has notified 22,000 patients about the theft of five hospital computers containing their PHI.

Subscribe To Viewpoints


Cynthia J. Larose

Member / Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.