Tag Archives: Social Security Number

FTC Issues Updated FAQs Addressing COPPA Compliance Requirements

Posted on April 26, 2013 by Hunton & Williams LLP

On April 25, 2013, the Federal Trade Commission released an updated version of its frequently asked questions regarding the Children’s Online Privacy Protection Act of 1998 (“COPPA”). The revised FAQs, entitled Complying with COPPA: Frequently Asked Questions (A Guide for Business and Parents and Small Entity Compliance Guide), provide general information on COPPA’s requirements and also include new guidance on the recent amendments to the Children’s Online Privacy Protection Rule (“COPPA Rule”).

Continue reading…

Tags: COPPA, Federal Trade Commission, Geolocation, Internet, Mobile App, Online Privacy, Personally Identifiable Information, Privacy Policy, Social Security Number

Insurance Coverage for Security Breach Lawsuits

Posted on April 11, 2013 by Hunton & Williams LLP

As the number of security breach incidents and privacy violations continues to increase, so too has the volume of lawsuits—particularly class action lawsuits—seeking damages for actual and future harms resulting from unauthorized disclosures of personal information. Affected companies have looked to their traditional insurance coverage to defray costs associated with responding to these incidents and lawsuits, but standardized commercial general liability policies may not provide adequate coverage.

Continue reading…

Tags: American Bar Association, Class Action, Insurance Providers, Litigation, Security Breach, Social Security Number, Song-Beverly Act, ZIP Code

FTC Settles Alleged Breach of Consumers’ Personal Information

Posted on January 28, 2013 by Hunton & Williams LLP

On January 28, 2013, the Federal Trade Commission announced a proposed settlement agreement with CBR Systems, Inc. (“CBR”), an operator of a cord blood bank, which collects personal information about consumers and physicians through its websites and in connection with the provision of its services, including names, addresses, dates of birth, Social Security numbers, credit card numbers and health information.

Continue reading…

Tags: Consumer Protection, Enforcement, Federal Trade Commission, Health Privacy, Security Breach, Social Security Number

Medical Practices Agree to $140,000 Settlement with Massachusetts Attorney General

Posted on January 10, 2013 by Hunton & Williams LLP

On January 7, 2013, Massachusetts Attorney General Martha Coakley announced that several Massachusetts medical practices have agreed to a consent judgment and $140,000 payment to settle charges they improperly disposed of medical information. The defendants, which include several pathology practices and a firm that provided medical billing services to those practices, were accused of dumping hard copy medical records at the Georgetown Transfer Station, a waste management facility open to the public. The records allegedly contained the names, Social Security numbers and medical diagnoses of approximately 67,000 individuals. The illegal dumping allegations were publicized in a Boston Globe article after a photographer for the newspaper discovered medical records at the facility while he was disposing of his own trash.

Continue reading…

Tags: Consent Order, Consumer Protection, Enforcement, Health Privacy, HIPAA, Massachusetts, Penalty, Privacy Rule, Protected Health Information, Social Security Number, State Attorneys General, U.S. State Law

HHS Publishes Guidance on How to De-Identify Protected Health Information

Posted on November 27, 2012 by Hunton & Williams LLP

On November 26, 2012, the Department of Health and Human Services’ Office for Civil Rights (“OCR”) published guidance on the two methods for de-identifying protected health information (“PHI”) in accordance with the HIPAA Privacy Rule. The guidance, which was required by the Health Information Technology for Clinical and Economic Health (“HITECH”) Act, has been developed over several years by OCR in collaboration with healthcare entities and other industry experts and builds upon the discussions from a workshop on de-identification that took place in March 2010.

Continue reading…

Tags: Department of Health and Human Services, Health Privacy, HIPAA, HITECH Act, Privacy Rule, Protected Health Information, Safe Harbor, Social Security Number

FTC Settles Charges of Improper Disposal of Personal Information

Posted on November 8, 2012 by Hunton & Williams LLP

On November 7, 2012, the Federal Trade Commission announced that it had settled charges against payday lending and check cashing companies alleged to have improperly disposed of consumers’ personal information. In its complaint, the FTC maintained that PLS Financial Services, Inc., and The Payday Loan Store of Illinois violated the FTC’s Disposal Rule as well as the Gramm-Leach-Bliley Act’s Privacy Rule and Safeguards Rule by disposing of documents that contained consumers’ Social Security numbers, bank account numbers and credit reports in unsecured dumpsters near the companies’ payday lending and check cashing retail stores. The FTC also alleged that the companies violated the FTC Act by misrepresenting that they would reasonably protect consumer information.

Continue reading…

Tags: Consent Order, Consumer Protection, Enforcement, Federal Trade Commission, Financial Privacy, Gramm Leach Bliley Act, Illinois, Penalty, Social Security Number, U.S. Federal Law

FTC Finalizes Settlements Relating to P2P Privacy Violations

Posted on November 8, 2012 by Hunton & Williams LLP

On October 26, 2012, the Federal Trade Commission finalized its settlement agreements with two businesses that allegedly exposed thousands of customers’ sensitive personal information by allowing peer-to-peer (“P2P”) file-sharing software to be installed on the companies’ computer systems. The approved settlements prohibit Georgia auto dealer Franklin’s Budget Car Sales, Inc. (“Franklin”) and Utah-based debt collector EPN, Inc. (“EPN”) from misrepresenting their privacy and information security practices and requires both businesses to establish and maintain a comprehensive information security program subject to biennial, independent, third-party audits for 20 years. The settlement with Franklin also bars the company from violating the Gramm-Leach-Bliley Act (“GLBA”) Safeguards Rule and Privacy Rule.

Continue reading…

Tags: Consumer Protection, Enforcement, Federal Trade Commission, Financial Privacy, Georgia, Gramm Leach Bliley Act, Information Security, Online Privacy, Security Breach, Social Security Number, U.S. Federal Law, Utah

FTC Announces Settlement Related to a Web Analytics Company Deceptive Practices

Posted on October 23, 2012 by Hunton & Williams LLP

On October 22, 2012, the Federal Trade Commission announced a proposed settlement agreement with Compete, Inc. (“Compete”), an online market research company that collects clickstream data from consumers to generate and sell analytical reports about consumer behavior on the Internet.

Continue reading…

Tags: Anonymization, Behavioral Advertising, Consent Order, Consumer Protection, Enforcement, Federal Trade Commission, Marketing, Online Privacy, Social Security Number

FTC Settles Spying Case

Posted on September 27, 2012 by Hunton & Williams LLP

On September 25, 2012, the Federal Trade Commission announced that it had settled a case involving allegations of spying by software company DesignerWare, LLC (“DesignerWare”) and several rent-to-own companies that rent computers to consumers, such as Aaron’s, Inc., ColorTyme, Inc., and Premier Rental Purchase. The FTC collaborated with Illinois Attorney General Lisa Madigan in its investigation.

Continue reading…

Tags: Consent Order, Consumer Protection, Enforcement, Federal Trade Commission, Geolocation, Jon Leibowitz, Online Privacy, Social Security Number, State Attorneys General

FTC Announces Settlements Relating to P2P Data Breaches

Posted on June 14, 2012 by Hunton & Williams LLP

On June 7, 2012, the Federal Trade Commission announced settlement agreements with two businesses that allegedly exposed customers’ sensitive personal information by allowing peer-to-peer (“P2P”) file-sharing software to be installed on their company computers and networks.

In its complaint against Franklin’s Budget Car Sales (“Franklin”), a Georgia automobile dealership that also provides financing services to its customers, the FTC alleged that Franklin failed to implement reasonable security measures to protect the consumer personal information that Franklin routinely collects in connection with its business. The FTC claimed that personal information of approximately 95,000 customers, including names, Social Security numbers, addresses, dates of birth, and drivers’ license numbers were made available and disclosed by a P2P application installed on a computer that was connected to Franklin’s computer network. In addition to alleging violations of Section 5 of the FTC Act, the FTC also claimed that Franklin violated the Gramm-Leach Bliley Act (“GLB”). This is the first FTC case against an auto dealer involving GLB violations. The FTC stated in its complaint that Franklin failed to implement reasonable security policies and procedures in violation of the GLB Safeguards Rule, and also failed to send consumers annual privacy notices and to provide the required opt-out mechanisms in violation of the GLB Privacy Rule.

Continue reading…

Tags: Consumer Protection, Enforcement, Federal Trade Commission, Georgia, Gramm Leach Bliley Act, International, Online Privacy, Social Security Number, U.S. Federal Law, Utah