A recent settlement in a data breach case exemplifies how the government can go beyond a statutory scheme and use private industry standards to protect personal information and impose sanctions on violators.
The Massachusetts AG filed suit against the Briar Group, the owner of a number of bars in the Boston area (including two of my personal favorites, the Harp and Ned Devine’s) in the wake of a 2009 data breach involving credit card numbers and other personal data. … More
Wondering what your company might be able to do at the local level to help fight cybercrime? There are a growing number of public-private collaborations that are trying to get ahead of the bad guys.
One is the Advanced Cyber Security Center (to which Foley Hoag serves as legal counsel). The ACSC is a collaborative, cross-sector research facility working to address critical and sophisticated cyber security challenges.… More
The case of Dr. Alexandra Thran should cure any physician of the desire to discuss a patient on Facebook. Dr. Thran has been reprimanded by her state’s Medical Board and lost her emergency room privileges. Although the posting in question did not list the patient’s name, Dr. Thran provided enough details so that at least one other person could identify the patient. The result was irreparable damage to her career.
In an article in the most recent Annals of Internal Medicine discussing this case, the author referred to Facebook as the “new elevator.” … More
On May 5, a consumer class action was filed against Sony, relating to the data breaches in its Sony PlayStation and related services. The complaint alleges negligence, invasion of privacy and misappropriation of confidential financial information, as well as breach of express and implied contract. No specific damages were alleged. More
The scope of the Sony data breach is growing, but the public focus continues to be on Sony’s actions following the breach, rather than on steps to prevent or mitigate events like these in the first place. As we noted earlier, this focus emphasizes a de facto burden-shifting, in which consumers bear the risk of using on-line or other services, and also are left to face the consequences of any resulting identity theft.… More
The EU’s Justice Commissioner has chimed in on the Sony data breach, stating that Sony must "take the relevant technical and organizational measures to guarantee protection against data loss or an unjustified access." More
I give my perspective on issues of physician privacy in this video from The HealthCare Channel, including:
As we have noted in the past, there seems to be an ongoing cyber war between North and South Korea. The latest salvo in that skirmish was apparently fired last month, in a April 12 cyberattack on Nonghyup Bank, which is alleged to have been orchestrated by North Korea. More
Sony’s unenviable status as the victim of the record theft of 77,000,000 individuals’ personal information underscores a reality that the on-line business community would like its army of customers to forget: it’s not just that the so-called “hackers” can be very good at what they do, it’s that the appointed guardians of legally protected personal information are not necessarily awake at the switch. Two weeks after this “illegal and unauthorized” intrusion —… More
When we last looked at OCR’s reporting on HIPAA breaches impacting 500 or more individuals, back in September 2010, there had been 191 such breaches. In the intervening 7 months, that number has jumped to 265 such breaches listed on OCR’s website. It’s safe to expect these figures will continue to climb for the foreseeable future. More