Monthly Archives: January 2010

Doctors and Other Health Care Professionals Challenge Application of FTC Red Flags Rule

The FTC Red Flags Rule faces another likely challenge, based on a January 27, 2010 letter sent to the FTC by the American Medical Association, the American Osteopathic Association, the American Dental Association, and the American Veterinary Medical Association.  In that letter, the four health care organizations requested that the Red Flags Rule not be applied to health care professionals (based on the reasoning of the recent court decision that it does not apply to lawyers).  I assume that if the FTC rejects this request,… More

Incident of the Week: OIG Reports that the FBI Routinely Circumvented Electronic Communications Privacy Act

A report entitled A Review of the Federal Bureau of Investigation’s Use of Exigent Letters and Other Informal Requests for Telephone Records (.pdf) from the Department of Justice Office of the Inspector General (OIG) indicates that between 2003 and 2005, FBI routinely “circumvented the requirements of the Electronic Communications Privacy Act (ECPA)” by using so-called “exigent letters” to obtain telephone call data from telecommunications companies. … More

Is Your Password Still “123456”? If So, It’s Time for a Change

If you or your co-workers use any of the passwords listed below, you are asking to be hacked.  According to a report from the consulting firm Imperva, this list reflects an analysis of some 32 million passwords that an unknown hacker stole in December 2009 from RockYou, a company that makes software for users of social networking sites.  Somewhat shockingly, the password “123456” was used by nearly 1% of all RockYou users;… More

Connecticut AG Opens New Era in HIPAA Enforcement with Health Net Suit

In the first instance of a state attorney general exercising the new powers granted by the Health Information Technology for Economic and Clinical Health Act ("HITECH Act"), Connecticut Attorney General Richard Blumenthal (and recently announced candidate for the U.S. Senate) filed suit today against Health Net of Connecticut, Inc. for failing to secure private patient medical records and financial information involving 446,000 enrollees in Connecticut and for failing to promptly notify consumers of the security breach.… More

Is the FTC “Moving to a Post-Disclosure Era” for Online Consumer Privacy?

Is the FTC moving to a "Post-Disclosure Era," in which consumer online privacy would be regulated in a radically different manner than the status quo?  That was a suggestion made by the chairman of the FTC, Jon Leibowitz, and David Vladeck, chief of the FTC’s Bureau of Consumer Protection, during a recent on-the-record discussion about online privacy, reported in the New York Times

For some time, I have been asking the question,… More

Incident of the Week: Twitter Used In Sting Operation To Find Out Who Leaked TSA Security Directive


Rumors are circulating that Special Agents from the Transportation Security Administration (TSA) have been posing as a Connecticut blogger on Twitter to find out who leaked airport security screening procedures put in place after the recent attack by the “underwear bomber.”  This is a new twist in what some are describing as an overzealous investigation of government documents posted online.… More