Monthly Archives: February 2011

China: Draft of Personal Information Protection Guidelines Issued for Comment

Posted on February 28, 2011 by Hunton & Williams LLP

A draft document, entitled Information Security Technology – Guidelines for Personal Information Protection, has been issued in China for comment.  While comments are being solicited at this time, if issued in its proposed form, this document has the potential to add significantly to the rules governing the handling of personal information in China.  Read More…

Tags: ,

HHS Announces $1,000,000 Resolution Agreement with Mass General for HIPAA Violations

Posted on February 28, 2011 by Hunton & Williams LLP

On February 24, 2011, the Department of Health and Human Services Office of Civil Rights (“OCR”) announced a $1,000,000 Resolution Agreement with the General Hospital Corporation and Massachusetts General Physicians Organization Inc. (“Mass General”) that stemmed from the loss of protected health information (“PHI”) of 192 patients.  A Mass General employee had left hard-copy records containing PHI on the subway in March 2009.  The records originated from Mass General’s Infectious Disease Associates outpatient practice and included sensitive records discussing patients’ treatments for HIV/AIDS.  After receiving a complaint from an affected patient, OCR conducted an investigation that demonstrated that Mass General had “failed to implement reasonable, appropriate safeguards to protect the privacy of PHI when removed from Mass General’s premises and impermissibly disclosed PHI potentially violating provisions of the HIPAA Privacy Rule.”

Continue reading…

Tags: , , , ,

India Issues Draft Privacy Rules

Posted on February 25, 2011 by Hunton & Williams LLP

The Government of India’s Ministry of Communications & Information Technology has published three draft rules that would implement the Information Technology Act, 2000. These include: Reasonable Security Practices and Procedures and Sensitive Personal Information; Due Diligence Observed by Intermediaries Guidelines and Guidelines for Cyber Cafe. The first two of these rules could affect international companies that provide digital services or process data in India. The comment period on the rules ends February 28, 2011.

Continue reading…

Tags: ,

European Network and Information Security Agency Publishes Report on Cookies

Posted on February 23, 2011 by Hunton & Williams LLP

On February 18, 2011, the European Network and Information Security Agency (“ENISA”), an advisory body created to enhance information security in the EU, announced the issuance of its report on cookies, entitled “Bittersweet cookies.  Some security and privacy considerations.” Continue reading…

Tags: , , , , , ,

HHS Fines Cignet Health $4.3 Million for Violation of HIPAA Privacy Rule

Posted on February 22, 2011 by Hunton & Williams LLP

On February 22, 2011, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) imposed its first civil money penalty for an entity’s violation of HIPAA’s Privacy Rule.  In its Notice of Final Determination, OCR concluded that Cignet Health withheld patient records despite requests for their disclosure.  Of the $4.3 million penalty, $1.3 million was levied for denying patients access to their own medical records, while an additional $3 million was imposed due to Cignet’s failure to cooperate with OCR’s investigation as required by the Privacy Rule.  Increased penalty amounts were authorized by Section 13410(d) of the Health Information Technology for Economic and Clinical Health Act (the “HITECH” Act).

Continue reading…

Tags: , , , ,

Update: Privacy and the Protection of Personal Information in China

Posted on February 16, 2011 by Hunton & Williams LLP

In our August 2009 blog post on data protection issues in China, we noted that there was no uniform Chinese law that specifically addresses the protection of personal data, and that it seemed likely that Chinese personal information protection law would continue to develop as a patchwork of piecemeal regulations. This remains true today, and developments since our previous article was published have in fact reinforced this assumption. In the past year and a half, new laws affecting personal information protection in China have arisen in various forms, including a consumer protection law and regulations, a tort law, a medical records regulation, a social insurance law, a credit reference regulation and even an anti-money laundering banking regulation. Our recent article provides updates on Chinese data protection law.

A Summary of Developments in Personal Information Protection in China was originally published on the DataGuidance website.

Tags: , , ,

Senate Judiciary Committee Creates Privacy Subcommittee

Posted on February 15, 2011 by Hunton & Williams LLP

On February 14, 2011, Senator Patrick Leahy (D-VT), Chairman of the Senate Judiciary Committee, announced the creation of a subcommittee on Privacy, Technology and the Law.  The subcommittee will be chaired by Senator Al Franken (D-MN), and its jurisdiction will include oversight of laws and policies that govern the commercial collection, use and dissemination of personal information.  Senator Franken said, “The boom of new technologies…has also put an unprecedented amount of personal information into the hands of large companies that are unknown and unaccountable to the American public.”  Senator Tom Coburn (R-OK) will be the ranking minority member of the subcommittee.  The subcommittee will increase focus on privacy issues, but may encounter jurisdictional conflicts with both the financial services and commerce committees when writing legislation.

Tags: , , , ,

California Supreme Court Finds that ZIP Codes Are Personal Identification Information Under Song-Beverly Act

Posted on February 14, 2011 by Hunton & Williams LLP

On February 10, 2011, the California Supreme Court ruled in Pineda v. Williams-Sonoma Stores, Inc. that ZIP codes are “personal identification information” under the state’s Song-Beverly Credit Card Act of 1971 (the “Credit Card Act”).  This finding effectively prohibits California businesses from requesting and recording cardholders’ ZIP codes during credit card transactions.

Continue reading…

Tags: , ,

Israeli National Labor Court Severely Restricts Employee Monitoring

Posted on February 14, 2011 by Hunton & Williams LLP

Reporting from Israel, legal consultant Dr. Omer Tene writes:

In a sweeping, 91-page decision issued last week, the Israeli National Labor Court severely restricted employers’ ability to monitor employee emails.  In its opinion, the Court made strong statements concerning the suspect nature of employee consent and mandated the implementation of principles of legitimacy, transparency, proportionality, purpose limitation, access, accuracy, confidentiality and security.  The Court stated that, given the constitutional status of the right to privacy, exemptions to the Privacy Protection Act, 1981, must be interpreted narrowly.

Continue reading…

Tags: , , , ,

Speier Introduces Privacy Legislation Package

Posted on February 11, 2011 by Hunton & Williams LLP

On February 11, 2011, Representative Jackie Speier (D-Calif.) introduced two pieces of legislation that, in her words, “send a clear message—privacy over profit.” The Do Not Track Me Online Act of 2011 (HR 654), would direct the Federal Trade Commission to promulgate regulations that establish standards for a “Do Not Track” mechanism. The regulations also would require covered entities to disclose their information practices to consumers, and to respect consumers’ choices regarding the collection and use of their information. The bill includes a provision that would allow the FTC to exempt from its regulations certain “commonly accepted commercial practices” such as using consumer information to provide and improve products and services, to comply with law, or to carry out basic business functions like accounting, quality assurance or internal auditing.

Continue reading…

Tags: , , , , ,