Monthly Archives: May 2010

Today, the Federal Trade Commission issued a press release and an Enforcement Policy extending the deadline for enforcement of the FTC’s Red Flags Rule through December 31, 2010. The agency cited requests from members of Congress for a postponement of the deadline while legislators tinker with federal law to exclude certain businesses from application of the Rule.

This Tuesday, June 1, 2010, marks the official deadline for compliance with the Federal Trade Commission’s Red Flags Rule. The deadline for enforcement of the Red Flags Rule has been delayed repeatedly since its original deadline in November 2008, but the FTC has remained silent on further delays since it announced the current deadline in October of last year.
The FTC’s Red Flags Rule is a set of regulations that require financial institutions and creditors to adopt written identity theft prevention programs. The FTC sparked considerable controversy when it announced that the Rule applies broadly to a range of businesses unused to being subjected to financial industry regulation (i.e., any individual or company that bills its customers after it provides goods or services). As a result, a number of industry groups have filed lawsuits to challenge the FTC’s application of the Red Flags Rules to lawyers, accountants and, most recently, medical professionals.

Earlier this month, Congressmen Rick Boucher and Cliff Stearns released a discussion draft of comprehensive federal privacy legislation (.pdf).

Among the many provisions of the draft bill is the requirement that any entity that collects information on individuals such as name, address, email address and telephone number, maintain “appropriate administrative, technical, and physical safeguards” to secure the personal information.  The draft bill would also require the FTC to implement new privacy rules and police the new safeguards.… More

Earlier today, the American Medical Association, American Osteopathic Association and the Medical Society of the District of Columbia filed a complaint that seeks to block the application of the Federal Trade Commission’s Red Flags Rule to their members.

According to its press release, the AMA filed this suit because it unfairly treats physician practices like “banks, credit card companies and mortgage lenders,” according to AMA President-elect Cecil B.… More

Many digital copiers are now able to store the scanned documents on flash memory or hard drives.  This could pose a privacy/security risk, if the drives are improperly accessed, or if they are lost or resold without being scrubbed first.

Even the simple act of making a photocopy now poses privacy risks.  In response to a letter from Massachusetts Congressman Edward Markey, the FTC has responded and agreed to investigate the privacy risks posed by digital copiers that store information on internal hard drives.… More

Yesterday, Facebook took down their Chat services to patch a flaw in Facebook’s new privacy settings that allowed users to listen in on private chat conversations.  This apparently came hours after  TechCrunch EU blogger Steve O’Hear  taught the world how to exploit the flaw in his TechCrunch post and video.  O’Hear was “tipped off that there is a major security flaw in the social networking site that,… More

Last week, the Ponemon Institute and PGP Corporation released the results of their Global 2009 Annual Study on Cost of a Data Breach (.pdf) [available directly from EncryptionReports].  The highlights of the survey were announced in PGP’s press release.  Ponemon surveyed companies in the U.S., UK, Germany, Australia and France and found that in 2009,… More

The Department of Health and Human Services announced it will release proposed HIPAA/HITECH Act regulations later this month, according to the HHS’s recently-published regulatory agenda, available at 75 Fed. Reg. 217821.  The announcement itself was pretty cryptic:

120. MODIFICATIONS TO THE HIPAA PRIVACY, SECURITY, AND ENFORCEMENT RULES
UNDER THE HEALTH INFORMATION TECHNOLOGY FOR ECONOMIC AND CLINICAL HEALTH ACT

Legal Authority: PL 111-5,… More