Two days before they were scheduled to go into effect, and on the same day that a federal judge ruled that lawyers should be excluded from enforcement, the Federal Trade Commission (FTC) announced today that it was delaying enforcement of its Red Flags Rule until June 1, 2010. Given the timing of the announcement, the most likely explanation for the delay is that the FTC wants to give itself time to appeal the district court’s decision in the ABA suit.
Monthly Archives: October 2009
In an order entered this morning, Federal District Judge Reggie B. Walton granted the American Bar Association’s (ABA) request that lawyers be excluded from enforcement of the Federal Trade Commission’s (FTC’s) controversial Red Flags Rules. This comes as the legal community steeled itself for the FTC’s imminent November 1st enforcement deadline.
Incident of the Week: ChoicePoint Settles FTC Charges That It Failed To Turn On “Key Monitoring Tool”
This week, ChoicePoint, Inc. finalized its settlement with the Federal Trade Commission (FTC) to resolve charges stemming from a 2008 breach that compromised the personal information of 13,750 consumers. This case is notable, even though the size of the breach and the monetary payment involved are relatively modest, because the underlying breach allegedly resulted from the ineffective implementation of security tools.
Massachusetts Court Holds Disclosure of Patient Records Does Not Violate HIPAA or State Consumer Statute
In Mercier v. Courtyard Nursing Care Center, 2009 WL 1873746 (Mass. Super. Ct. Jun. 11, 2009), a resident of a nursing home sued the home in Massachusetts Superior Court for negligence after being assaulted by another resident. The injured resident moved to obtain medical records maintained by the home regarding the resident who had allegedly committed the assault. The home contended that disclosure of the records would violate both HIPAA’s prohibition on disclosure of medical records without a patient’s authorization and Mass.… More
It appears that certain groups, such as the American Bar Association (ABA), may be partially successful in their efforts to convince Congress to narrow the scope of the FTC Red Flags Rules, which are currently scheduled to go into effect on November 1. According to the BNA Privacy & Security Law Report, the House Financial Services Committee has sent H.R. 3763, titled a bill “To amend the Fair Credit Reporting Act to provide for an exclusion from Red Flag Guidelines for certain businesses,”… More
ElcomSoft Co. Ltd., a Moscow-based software company, has announced that its software can unlock wireless networks using a PC fitted with a high-end consumer graphics cards. This software would appear to allow anyone to intercept internet traffic over wireless networks encrypted using common encryption algorithms. The easy availability of this software may mean that companies using WiFi/wireless networks may need to take additional security steps to comply with information security rules in the U.S. and Europe.
Incident of the Week: Ever-Growing Breach Involving Passwords for Hotmail, Gmail, Yahoo, AOL, Earthlink and Comcast
Subject of FBI Investigation Reveals Government Concerns About Access to Federal Courts’ Public PACER System
Reddit co-founder Aaron Swartz was apparently the subject of an FBI investigation for “participating in a project to take the publicly owned US court records from the PACER database (where they were very expensive to access) and put them on the web.”
Mr. Swartz has made this information public by releasing the contents of his FBI file, obtained through a Freedom of Information Act request. His file reveals that the FBI was treating his access of PACER as a crime which cost the victim,… More
Incident of the Week: in our first double feature, we report on the recent breach announced at the University of North Carolina and the plea agreement reached with one Massachusetts inmate who hacked the prison computer system while still behind bars.