Privacy gaffes and tidbits to start your week.
Keeping up with Kardashians is NOT a defense under HIPAA
[Originally posted in Mintz Levin's Health Law & Policy Matters Blog]
Written by Dianne Bourque
The LA Times recently reported the firing of six workers at Cedars-Sinai Medical Center in connection with the unauthorized access to patient medical records. The firings occurred in the days following the birth of reality TV show personality Kim Kardashian and rapper Kanye West’s baby, although the hospital has not confirmed the identities of the affected patients. The incident demonstrates the need for vigilance in maintaining the security of records that are subject to public curiosity and value to the paparazzi. The incident also demonstrates – remarkably – that there is information about Kim Kardashian that is not public.
Vendor Group to Develop "Best Practices" for Retail Location Analytics -- But is Perception More than Reality?
A group of mobile vendors is teaming with The Future of Privacy Forum. According to the FPF's statement, "[t]he companies, including Euclid, WirelessWERX, Mexia Interactive and ShopperTrak, provide solutions to retailers to develop aggregate reports used to reduce waiting times at check-out, to optimize store layouts and to understand consumer shopping patterns. The reports are generated by recognizing the Wi-Fi or Bluetooth MAC addresses of cellphones as they interact with store Wi-Fi networks.' Whether the best practices will benefit retailers, the vendors who develop apps to better track in-store location and shopper activity or a combination of both, privacy advocates argue that the consumer will likely not reap benefits of added privacy -- only some additional vague "notices" in fine print (perhaps on those signs way up at ceiling level that say "Video surveillance active.." or some such sign, and most certainly buried deep within a multi-screen TOS document on launch of a store app. The argument is that shoppers can always "opt-out" or turn off that phone -- neither one of which is practical if you have been in a mall anytime in the last few years. Sounds like yet another "industry guideline" that will not lead to legally enforceable standards.
To read more:
Apropos of the Above Post -- The Do-Not-Track Standards Group is Off Track
On a conference call last week, the co-chair of a group trying to create DNT standards apparently has been unable to break the log jam. Last February, Peter Swire announced that the World Wide Web Consortium's (W3C) tracking protection group should reach "last call" by July. That would mean that the group would have reached final consensus and release a report for public comment by the end of this month. On a conference call last week, Swire reportedly announced to group participants that "there is not a way to get to last call by the end of July." Talks have reportedly turned "acrimonious" and it is unlikely that the group will ever agree.
To read more: Wendy David at the Daily Online Examiner has been following this issue closely -- Daily Online Examiner
Lloyds of London: Cybersecurity is the No.3 Global Business Threat
The index – a survey of more than 500 of the world’s most senior business leaders – noted that cybersecurity is firmly at the top of the agenda for boards of global enterprises, third only to the risks posed by high taxation and the loss of customers. “With the risks to global organizations higher than ever, it is clear that cybersecurity has finally reached the attention of business decision makers across the enterprise – no longer just an agenda item but a key point of discussion,” said Matt Middleton-Leal, regional director for UK & Ireland at Cyber-Ark.
To read more: InfoSecurity Europe Magazine