Monthly Archives: October 2009

ALERT: FTC Announces Delay in Red Flags Enforcement Until June 1, 2010

Two days before they were scheduled to go into effect, and on the same day that a federal judge ruled that lawyers should be excluded from enforcement, the Federal Trade Commission (FTC) announced today that it was delaying enforcement of its Red Flags Rule until June 1, 2010. Given the timing of the announcement, the most likely explanation for the delay is that the FTC wants to give itself time to appeal the district court’s decision in the ABA suit.

Federal Judge Rules That Lawyers Need Not Comply With Red Flags Rules

In an order entered this morning, Federal District Judge Reggie B. Walton granted the American Bar Association’s (ABA) request that lawyers be excluded from enforcement of the Federal Trade Commission’s (FTC’s) controversial Red Flags Rules. This comes as the legal community steeled itself for the FTC’s imminent November 1st enforcement deadline.

Incident of the Week: ChoicePoint Settles FTC Charges That It Failed To Turn On “Key Monitoring Tool”

This week, ChoicePoint, Inc. finalized its settlement with the Federal Trade Commission (FTC) to resolve charges stemming from a 2008 breach that compromised the personal information of 13,750 consumers. This case is notable, even though the size of the breach and the monetary payment involved are relatively modest, because the underlying breach allegedly resulted from the ineffective implementation of security tools.

Massachusetts Court Holds Disclosure of Patient Records Does Not Violate HIPAA or State Consumer Statute

In Mercier v. Courtyard Nursing Care Center, 2009 WL 1873746 (Mass. Super. Ct. Jun. 11, 2009), a resident of a nursing home sued the home in Massachusetts Superior Court for negligence after being assaulted by another resident. The injured resident moved to obtain medical records maintained by the home regarding the resident who had allegedly committed the assault. The home contended that disclosure of the records would violate both HIPAA’s prohibition on disclosure of medical records without a patient’s authorization and Mass.… More

Bill to Narrow Red Flags Rules Moves Forward

It appears that certain groups, such as the American Bar Association (ABA), may be partially successful in their efforts to convince Congress to narrow the scope of the FTC Red Flags Rules, which are currently scheduled to go into effect on November 1.  According to the BNA Privacy & Security Law Report, the House Financial Services Committee has sent H.R. 3763, titled a bill “To amend the Fair Credit Reporting Act to provide for an exclusion from Red Flag Guidelines for certain businesses,”… More

Incident of the Week: Russian Company Proves That WiFi/Wireless Networks No Longer Secure

ElcomSoft Co. Ltd., a Moscow-based software company, has announced that its software can unlock wireless networks using a PC fitted with a high-end consumer graphics cards. This software would appear to allow anyone to intercept internet traffic over wireless networks encrypted using common encryption algorithms. The easy availability of this software may mean that companies using WiFi/wireless networks may need to take additional security steps to comply with information security rules in the U.S. and Europe.

Incident of the Week: Ever-Growing Breach Involving Passwords for Hotmail, Gmail, Yahoo, AOL, Earthlink and Comcast

What started out as an incident involving the leak of 10,000 user names and passwords for Windows Live Hotmail accounts continues to grow, both in terms of users and companies affected. According to reports from the beginning of the week, more than 10,000 user names and passwords from Hotmail were posted by an anonymous user on the site pastebin.com. The list was limited to accounts starting in A and B, leaving the fear that numerous more accounts had been affected. The original reports speculated that the breach was the result of a hack of Hotmail or a phishing attack. But more information is surfacing that indicates that the breach is much larger than first thought.

Subject of FBI Investigation Reveals Government Concerns About Access to Federal Courts’ Public PACER System

Reddit co-founder Aaron Swartz was apparently the subject of an FBI investigation for “participating in a project to take the publicly owned US court records from the PACER database (where they were very expensive to access) and put them on the web.” 

Mr. Swartz has made this information public by releasing the contents of his FBI file, obtained through a Freedom of Information Act request. His file reveals that the FBI was treating his access of PACER as a crime which cost the victim,… More

Incident(s) of the Week: Double Feature

Incident of the Week: in our first double feature, we report on the recent breach announced at the University of North Carolina and the plea agreement reached with one Massachusetts inmate who hacked the prison computer system while still behind bars.