Privacy & Cybersecurity

The Centers for Medicare & Medicaid Services (CMS) has released proposed regulations establishing Accountable Care Organizations (ACOs) and creating the Medicare Shared Savings Program (the Program).

Sony Corp. has acknowledged on its PlayStation website that between April 17 and April 19, its PlayStation and Qriocity networks were the subject of a hacking attack.

Apple has published a Q&A document to educate consumers on the back story relating to collection of location data. 

Lawmakers including Senate Judiciary Subcommittee on Privacy Chairman Al Franken (D-MN) and House Bi-Partisan Privacy Caucus Co-Chairman Ed Markey (D-MA) are scrutinizing Apple Inc.’s and Google Inc.’s practices of tracking users’ location information through their mobile phones. 

On Tuesday, the US Supreme Court heard arguments (transcripts here) about whether or not the Vermont data mining law violates free speech by preventing pharmaceutical manufacturers and their sales people from obtaining data on physician prescription habits.

As we have been saying since the beginning of the new session of Congress, it appears that privacy is the true bipartisan issue. 

By now, you've probably received one or more emails like this:

Once again, we have evidence that failures to implement the most basic of data security measures can cost real money.

In the two-plus years since the enactment of the HITECH Act, the health care industry has seen a dramatic shift in federal and state HIPAA enforcement posture.

Our ongoing effort to summarize the comments (see post here) filed in response to the FTC’s Privacy Framework continues this week as we focus on the Telecommunications and Media industry.

We've been writing extensively on the decision out of California in Pineda v. Williams-Sonoma and collection of zip codes in credit card transactions. Our colleagues on the West Coast have published a new advisory that makes interesting reading.

The 2010 Ponemon Institute study on the cost of data breaches has been released. The numbers are eye-opening. The average total cost per reporting company in the study was $7.2 million per breach -- the most expensive data breach cost $35.3 million and the least expensive breach cost $780,000.  

In our continuing effort to summarize the more than 400 comments posted in response to the FTC’s Privacy Framework, we have organized our summaries into the following five industry groups: Retail/Promotion/Advertising; Software/Technology; Telecommunications/Media; Privacy Advocates/Government; and Financial Services/General Business.

This week, we heard about the first civil money penalty under the HIPAA Privacy Rule for failure to provide access to medical records and willful neglect -- and it was a whopper.

The cost of data breaches keeps on rising. Add another million to this week's HIPAA charges.

The practices of online data aggregator and broker Spokeo, Inc. (“Spokeo”) have come under the scrutiny of consumers and consumer privacy advocates for a while now, and have been on the FTC’s radar since at least last summer when the Center for Democracy and Technology filed a complaint against Spokeo with the Commission.

The Federal Trade Commission has extended the public comment period on its December 1, 2010 report -- FTC Privacy Report. The FTC press release says that, in light of the complex issues raised by the report, a number of organizations have requested an extension of the original January 31, 2011 deadline. 

We’ve had several questions lately regarding “mixups” with mailings of W-2 forms, and whether certain situations are really “data breaches.”   

Once again, a public event has piqued the "curiosity" of hospital employees in violation of HIPAA. The University Medical Center (UMC) at Tucson has fired three administrative staff and a contracted nurse for wrongfully accessing medical records related to the shooting rampage that killed six people and seriously injured Congresswoman Gabrielle Giffords.

Just before the end of 2010, both the Commerce Department (here) and the Federal Trade Commission released their agencies' respective proposals for privacy frameworks in the United States.