Monthly Archives: January 2014

Sony Class Action Has A Few Lives Left; Most of Plaintiffs’ Claims Dismissed But Certain Consumer Claims Remain

On January 21, 2014, U.S. District Judge Anthony Battaglia issued a 97 page orderthat dismissed the majority of the claims in a putative class action against various Sony entities, claims relating to the 2011 hack into the computer network system that Sony used to provide online gaming and Internet connectivity through PSP handhelds and PS3 game consoles.

According to Judge Battaglia, “The fifty-one claims alleged in the FACC can be categorized into nine sub-groups: (1) negligence;… More

Target Data Breach Escalates, Class Actions Begin

As previously discussed here, Target suffered a massive data breach that compromised the credit and debit cards of many of its customers.  Now that the dust has started to settle, the extent of the breach is becoming clearer.  In December, Target announced that 40 million credit and debit card numbers were stolen in this hack.  Further investigation has uncovered that hackers also obtained the “names,… More

Privacy Concerns “Cloud” Storage of Student Data

Privacy concerns have threatened the plans of the New York State Department of Education to use third party contractor, inBloom, to store and integrate student data in a cloud-based system.  On January 10, the Department announced that it would delay release of additional student data to inBloom.  The delay, which the Department said is normal for a project of its size, comes after a class of parents filed suit in November and New York legislators proposed a bill requiring parental consent before sharing such data.… More

HHS OCR Cites Faulty Risk Analysis, Lack of Policies in Addition to Breach by Physician Practice

In what may be a sign of things to come, a recent HHS OCR resolution agreement with a dermatology practice cites not only the loss of some 2,200 records on a thumb drive, but the lack of an “accurate and thorough analysis of the potential risks and vulnerabilities to the confidentiality of ePHI” and “[t]he Covered Entity did not … have written policies and procedures and train members of its workforce”;… More