Data Privacy Monitor

Data Privacy Monitor

Commentary on Data Privacy & Information Security Subjects

Category Archives: Identity Theft

Subscribe to Identity Theft RSS Feed

Florida Gives Breach Notification Statute More Teeth

Posted in Breach Notification, Data Breach Notification Laws, Data Breaches, Identity Theft, Information Security
On June 20, 2014, Florida Governor Rick Scott signed the Florida Information Protection Act of 2014 (“FIPA”), which will repeal Florida’s current breach notification statute at Fla. Stat. § 817.5681 and replace it with a new statute at Fla. Stat. § 501.171 effective July 1, 2014.  On the same day, Governor Scott also signed SB … Continue Reading

Iowa Breach Notification Law Now Requires AG Notification, Applies to Paper Records

Posted in Breach Notification, Data Breach Notification Laws, Data Breaches, Identity Theft, Information Security
Iowa recently joined an increasing number of states that require notification of state regulatory authorities following a breach, as well as a handful of states in which paper records can trigger notification obligations.  On April 3, 2014, Iowa Governor Terry Branstad signed S.F. 2259 into law, amending Iowa’s Personal Information Security Breach Protection statute (Iowa … Continue Reading

Some Things Better Left Unshared: Social Media and Medical Identity Theft

Posted in Data Breaches, HIPAA/HITECH, Identity Theft, Medical Privacy, Social Media
The Washington Post recently published an article reminding individuals not to tweet or otherwise share information concerning their medical conditions on social media, warning that disclosing such information publicly “is akin to posting your address along with the dates you’ll be away on vacation.”  Quoting Jennifer Trussell, who investigates medical identity theft on behalf of … Continue Reading

Once Again, Clapper Defeats Data Breach Class Action

Posted in Data Breaches, Identity Theft, Litigation, Online Privacy, Privacy
Article III standing has once again proved to be an insurmountable hurdle for data breach class action plaintiffs whose personal information hasn’t been misused.  In Galaria v. Nationwide Mutual Insurance Co., an Ohio federal court relied on the United States Supreme Court’s decision in Clapper v. Amnesty Intern. USA, 133 S.Ct. 1138 (2013), and held … Continue Reading

FTC Databook Highlights Consumer Fraud

Posted in Cybersecurity, Identity Theft, Information Security, Online Privacy
The FTC last week announced the release of the Consumer Sentinel Network Databook for January – December 2012.  The “Consumer Sentinel Network” is the FTC’s platform for law enforcement collaboration on issues affecting consumers. The program collects data from a wide range of sources, providing a comprehensive, nationwide picture of consumer complaints. Given the possible existence … Continue Reading

The HIPAA/HITECH Final Rule Has Been Released

Posted in Breach Notification, Data Breach Notification Laws, Data Breaches, Enforcement, Federal Legislation, HIPAA/HITECH, Identity Theft, Medical Privacy, Privacy
The long awaited HIPAA/HITECH Final Rule is out.  The final rule is effective March 26, 2013, but covered entities (CEs) and business associates (BAs) will have 180 days beyond the effective date to come into compliance. While we are still conducting a comprehensive review of this 563-page document, below are a few of the changes we have found so far: … Continue Reading

Lame Duck Congress Acts on Privacy Bills, Mostly With an Eye Toward 2013

Posted in Identity Theft, Mobile Privacy, Online Privacy
While continuing congressional inaction on the fiscal cliff is getting most of the ink/pixels in news headlines over the last couple weeks, several privacy bills have advanced in the House and Senate. Though only one is likely to become law before the 112th Congress ends in a few days, they embody what will be the … Continue Reading

It’s Raining PII in New York

Posted in Identity Theft, Privacy
On November 25, 2012, the front page of the New York Post blasted the headline, “Drop Secret. Shred Alert! Covert cop files used as parade confetti.” The Post reported that shredded files appearing to contain material from Long Island’s Nassau County Police Department were dropped during this year’s Thanksgiving Day parade. The confetti reportedly contains … Continue Reading

Internet Banking Authentication Security Procedures Found Commercially Unreasonable

Posted in Financial Privacy, Identity Theft, Online Privacy
It is a common scenario—a company’s computer system becomes infected with some variant of the Zeus Trojan with a key logger that sends key strokes out to a command and control server operated by a criminal. The criminal searches the key strokes to find login credentials to that company’s Internet bank account, which are used … Continue Reading

Reading This Might Just Preserve Your Identity and Reputation

Posted in Identity Theft, Information Security, Online Privacy
Authorship Credit: Dave Taylor, Director, Information Technology, Baker & Hostetler LLP We are seeing a dramatic increase in spam and email phishing schemes once again.  These schemes have become very sophisticated in their ability to mimic the multitudes of legitimate on-line transactions that occur every day.  Please consider the following when reading and reacting to … Continue Reading

SEC and CFTC Propose Identity Theft Prevention Rules

Posted in Financial Privacy, Identity Theft
Reflective of an increased interest in data privacy concerns, on February 28, 2012, the Securities and Exchange and Commodity Futures Trading commissions jointly released proposed rules designed to protect investors from identity theft by mandating the creation of programs to detect potential security threats.  The proposed rules are meant to implement Title X of the … Continue Reading

FTC Report Shows Rise in Identity Theft Complaints

Posted in Identity Theft
The Federal Trade Commission has released the Consumer Sentinel Network Data Book, its annual report of complaints filed with the FTC and other state organizations. The report tracks consumer complaints by categories such as fraud, identity theft, and other. Fraud complaints span 30 different categories, including debt collection, bank/lending services, prizes/sweepstakes/lotteries, impostor scams, shop-at-home and … Continue Reading

Privacy and Data Breach Regulatory Activity–A Year in Review

Posted in Breach Notification, Data Breach Notification Laws, Data Breaches, Enforcement, HIPAA/HITECH, Identity Theft, Information Security, Medical Privacy, Online Privacy, Payment Card Industry, Privacy
While plaintiffs continue to face an uphill battle proving damages in privacy litigation – regulatory actions and investigations seem to be increasing.  During 2011, we saw activity from many government agencies—both state and federal—including the Federal Trade Commission (FTC), Department of Education (DOE), Department of Health and Human Services (HHS) Office for Civil Rights (OCR), … Continue Reading

Hackers Are Using Compromised Personal Information to Further Hacking Schemes

Posted in Identity Theft, Information Security
In talking to friends and clients, we are seeing a recent upsurge in attacks by hackers who appear to have access to compromised personal information and are using that information to further hacking schemes.  We are sharing the facts of two recent attacks so that you can be on the lookout for these hacking techniques. 1.  An individual reported receiving an authentic looking email … Continue Reading