Data Privacy Monitor

Data Privacy Monitor

Commentary on Data Privacy & Information Security Subjects

Category Archives: Privacy

Subscribe to Privacy RSS Feed

Health System Investigated for Leaving PHI in Doctor’s Driveway – Settles with OCR for $800K

Posted in Enforcement, HIPAA/HITECH, Medical Privacy, Privacy
While OCR enforcement activity has focused on a covered entity’s safeguarding of ePHI, organizations cannot forget about PHI in non-electronic form.  To settle potential violations of the HIPAA Privacy Rule, Parkview Health System, Inc. (“Parkview”), a nonprofit healthcare system providing community-based healthcare services to individuals in northeast Indiana and northwest Ohio, entered into a resolution … Continue Reading

FTC Testifies to Congress on Proposed Senate Geolocation Data Privacy Bill

Posted in Geolocation, Privacy
Earlier this month, the Federal Trade Commission (FTC) testified to the Senate Judiciary Committee’s Subcommittee for Privacy, Technology and the Law about proposed Senate Bill 2171, “The Location Privacy Protection Act of 2014 (LPPA).” The Act would prohibit companies from collecting or disclosing geolocation information from electronic communications devices without users’ consent. The Act would … Continue Reading

HHS Attorney: Major HIPAA Fines and Enforcement Coming

Posted in Data Breaches, Enforcement, HIPAA/HITECH, Information Security, Medical Privacy, Privacy
As regularly blogged about on the Data Privacy Monitor, the past 12 months have seen record-breaking HIPAA enforcement activity by HHS OCR.  But according to recent remarks by a high-ranking HHS attorney, if you thought these past 12 months were significant, just wait for the next 12 months. According to Law360, Jerome B. Meites, Chief … Continue Reading

New CA Privacy Disclosure Requirements Clarified By AG

Posted in Mobile Privacy, Privacy
California has a number of privacy notice requirements for businesses collecting data from California residents, including as of January 1 of this year a requirement that websites, mobile apps and online services make certain disclosures regarding how they respond to browser and other “do not track signals” and regarding the presence and functionality of tracking … Continue Reading

FTC Workshop Addresses New Data Privacy Issues Concerning Consumer Generated Health Data

Posted in HIPAA/HITECH, Privacy
On May 7, 2014, the FTC hosted the latest seminar in their Spring Privacy Series to address the status of Consumer Generated and Controlled Health Data and relate results of recent FTC studies on the topic.  Consumers are embracing new technologies, particularly in the fitness domain and are generating vast amounts of “health data” both … Continue Reading

Big Data and Power Asymmetries: Recent White House Report Addresses Opportunities and Challenges Created by Increasingly Interconnected Technologies

Posted in Big Data, Privacy
In the latest round of reactions to the Edward Snowden leak, on May 1, 2014, the Obama Administration called for the United States to take a leading role in developing new standards for privacy protections in light of the ongoing “social, economic, and technological revolution.”  In a report titled “Big Data: Seizing Opportunities, Preserving Values,”  … Continue Reading

HHS OCR Settles Post-Data Breach Investigation for Record $4.8M

Posted in Data Breaches, Enforcement, HIPAA/HITECH, Medical Privacy, Privacy
On May 7, 2014, HHS OCR announced a pair of resolution agreements with New York Presbyterian Hospital (NYP) and Columbia University (CU) totaling $4.8 million dollars—the highest settlement amount to date.  These resolution agreements make it clear that organizations must be able to propose steps to analyze security risks for ePHI as specified by HIPAA … Continue Reading

Snapchat Settlement Signals Greater FTC Scrutiny for Tech Start-Up Privacy Policies

Posted in Online Privacy, Privacy, Social Media
By now, you have probably heard about the FTC’s recent settlement with Snapchat, the popular mobile photo and video messaging service, over allegations that it deceived consumers with promises about the disappearing nature of messages sent through its service.  It did not take long for major media outlets to cover the story, highlighting both consumer … Continue Reading

Kentucky Enacts Data Breach Notification Statute

Posted in Breach Notification, Data Breach Notification Laws, Data Breaches, Education, Information Security, Privacy
On April 10, 2014, Kentucky Governor Steve Beshear signed H.B. 232 into law, making Kentucky the 47th state to enact data breach notification legislation.  Prior to H.B. 232, Kentucky was one of only four states—including Alabama, New Mexico, and South Dakota—that had not adopted data breach notification legislation.  H.B. 232 also includes a separate section … Continue Reading

Ill Conceived California Privacy Bill Threatens Viability Of Commercial Educational Online Services

Posted in Education, Privacy
SB 1177, the Student Online Privacy Protection Act was recently introduced in the California legislature.  This is a bad bill for the private educational industry, and ultimately for parents and students.  It would drastically expand the privacy protections of the Federal Educational Rights and Privacy Act (FERPA), and state equivalents, which impose reasonable limits on … Continue Reading

Privacy Law in a Nutshell

Posted in Cybersecurity, Federal Legislation, Information Security, International Privacy Law, Marketing, Privacy
BakerHostetler Privacy and Data Protection Partner Erica Gann Kitaev is a co-author of the recently published Privacy Law in a Nutshell, Second Edition, through West Academic Publishing. Legal issues related to privacy are exploding in the U.S., and virtually all businesses face privacy considerations, particularly as technology and the law evolves.  The Privacy Nutshell is … Continue Reading

ONC’s Security Risk Assessment Tool Is Useful but Could Be Improved

Posted in HIPAA/HITECH, Privacy
The Office of the National Coordinator for Health Information Technology (ONC) released a Security Risk Assessment Tool (SRA Tool) on March 28.  According to the User Guide for the SRA Tool (available here), the Tool is designed to help small and medium-sized healthcare practices “evaluate risks, vulnerabilities, and adherence to the HIPAA Security Rule.”  User … Continue Reading

The FTC Takes a Closer Look at Alternative Scoring Products

Posted in Online Privacy, Privacy
The Federal Trade Commission (“FTC”) hosted a panel discussion, in late March on “Alternative Scoring Products” as part its 2014 Spring Privacy Series, signaling the Commission’s increased attention on this burgeoning industry. The FTC has indicated that its “goal is to study what is happening in the alternative scoring space, what may be on the horizon … Continue Reading

Moving Towards a Global Harmonized Approach to Cross-Border Data Transfers?

Posted in Information Governance, Information Security, International Privacy Law, Online Data Tracking, Online Privacy, Privacy
Today, data can be transferred around the world instantaneously, making the global marketplace seem almost borderless.  As any multinational company knows, however, compliance with each country’s data transfer and privacy laws can be onerous.  As the U.S. contemplates data protection legislation, the FTC last week announced a joint initiative with agency officials from the European … Continue Reading

When Can Online Terms of Use and Privacy Policies Be Changed?

Posted in Online Privacy, Privacy, Social Media
Recently, a California court dismissed a plaintiff’s claims that Instagram’s updated Terms of Services constituted a breach of the covenant of good faith and fair dealing implied in all contacts because Instagram took expanded rights over user’s photos.  Rodriguez v Instagram, LLC  (California Superior Court of San Francisco Case CGC-13-532875) (February 28, 2014). We have … Continue Reading

Governing Big Data

Posted in Cybersecurity, HIPAA/HITECH, Information Governance, Information Security, Privacy, Uncategorized
Sources and volumes of data are growing exponentially.  Website clicks, social media, sensors, and card swipers are generating massive amounts of data every second.  More and more enterprises are beginning to collect and utilize this Big Data for all kinds of purposes, including improved business intelligence, targeted marketing and fraud detection.  With so much attention … Continue Reading

Once Again, Clapper Defeats Data Breach Class Action

Posted in Data Breaches, Identity Theft, Litigation, Online Privacy, Privacy
Article III standing has once again proved to be an insurmountable hurdle for data breach class action plaintiffs whose personal information hasn’t been misused.  In Galaria v. Nationwide Mutual Insurance Co., an Ohio federal court relied on the United States Supreme Court’s decision in Clapper v. Amnesty Intern. USA, 133 S.Ct. 1138 (2013), and held … Continue Reading

Careful! Your Company May Be a Defacto Data Broker: Are Privacy Regulators Going for Broke(rs) as part of the 2014 Legislative and Privacy Enforcement Agenda?

Posted in Enforcement, Federal Legislation, Privacy
Concerns about privacy practices in the data broker industry, and the privacy implications about the lack of transparency “behind-the-scenes,” will remain a topic of intense regulatory and legislative focus in 2014.   The Federal Trade Commission has defined “data brokers” as companies that collect personal information about consumers from a variety of public and non-public sources … Continue Reading

Information Governance – 2013 in Review

Posted in Data Breaches, Online Data Tracking, Online Privacy, Privacy, Privacy Litigation
By: Judith A. Selby and James A. Sherer 2013 was the year that the term “Information Governance” or “IG” began to be widely used outside of technical circles. Despite that fact, the concept of IG is not well understood. Gartner, a premier information advisory company, defines IG as the specification of decision rights and an accountability framework … Continue Reading

Something Wicked This Way Comes – Dark and Dusty Data and the Risk Your Organization Already Owns

Posted in Data Breaches, Privacy
This blog post is a joint submission with BakerHostetler’s Discovery Advocate blog. Authored by: James Sherer During the final panel of Thomson Reuters’ 17th Annual eDiscovery & Information Governance in Practice Forum, Thomas Barnett, Ignatius Grande, and Sandra Rampersaud led a lively discussion on Managing Big Data, Dark Data, and Risk.  And while the exchange … Continue Reading

A guide to native advertising’s legal issues

Posted in Behavioral Advertising, Online Privacy, Privacy
Native advertising has by all accounts been the darling of the digital marketing world in 2013. Although it comes in all shapes and sizes, the general consensus defines “native advertising” as the practice of designing ads to look like the natural editorial content of the website on which they appear. Native’s proponents hail it as … Continue Reading

Google is No Cookie Monster, says Delaware Federal Court

Posted in Privacy
This post was co-authored by Julian D. Perlman and is a joint submission with BakerHostetler’s Class Action Lawsuit Defense blog. In a decisive victory for Google and several co-defendants, a Delaware federal court dismissed the claims of a putative class of individuals who alleged that they were injured by Google’s practice of circumventing certain internet browsers’ … Continue Reading

Opening the Flood Gates? California Voters May Create Presumption of Harm in Privacy Breach Cases

Posted in Data Breaches, Privacy, Privacy Class Actions, Privacy Litigation
Authored by: Julian Perlman Editor’s Note: This post is a joint submission with BakerHostetler’s Class Action Lawsuit Defense blog. California has moved one step closer towards amending its Constitution to create a presumption of harm whenever personal data is shared without a consumer’s express opt-in, a change that would clear a significant hurdle to many privacy breach … Continue Reading