Privacy and Information Security Law Blog

Tag Archives: Social Security Number

Massachusetts Hospital Settles Data Breach Lawsuit

Posted on June 7, 2012 by Hunton & Williams LLP

On May 24, 2012, Massachusetts Attorney General Martha Coakley announced that South Shore Hospital agreed to a consent judgment and $750,000 payment to settle a lawsuit stemming from a data breach that occurred in February 2010. At that time, South Shore Hospital shipped several boxes of unencrypted back-up tapes to a service provider in Texas to erase them. The tapes contained the personal and protected health information of approximately 800,000 individuals, including names, Social Security numbers, financial account numbers and medical diagnoses. Several of the boxes went missing and have yet to be recovered, though there is no evidence that the information on the missing tapes has been misused.

Tags: Consent Order, Consumer Protection, Enforcement, Health Privacy, HIPAA, Massachusetts, Penalty, Protected Health Information, Security Breach, Social Security Number, State Attorneys General, U.S. State Law

HHS Settles First Breach Notification Rule Case for $1.5 Million

Posted on March 14, 2012 by Hunton & Williams LLP

On March 13, 2012, the Department of Health and Human Services (“HHS”) announced that it had settled the first case related to the HITECH Act Breach Notification Rule. BlueCross Blue Shield of Tennessee (“BCBS Tennessee”) agreed to pay $1.5 million to settle potential HIPAA violations related to the October 2009 theft of 57 unencrypted hard drives containing protected health information (“PHI”) from a network data closet at a leased facility leased in Chattanooga, Tennessee.

Tags: Consumer Protection, Department of Health and Human Services, Enforcement, Health Privacy, HIPAA, HITECH Act, Penalty, Privacy Rule, Protected Health Information, Social Security Number, Tennessee

Connecticut AG Announces Agreement with MetLife over 2009 Breach Incident

Posted on January 27, 2012 by Hunton & Williams LLP

On January 24, 2011, Connecticut Attorney General George Jepsen and Consumer Protection Commissioner William Rubenstein announced that they had reached an Assurance of Voluntary Compliance (“AVC”) with Metropolitan Life Insurance Co. (“MetLife”) in connection with an incident involving the disclosure of customer personal information on the Internet. In November 2009, a MetLife employee posted the personally identifiable information of current and former MetLife customers, including their Social Security numbers, on the Internet. Following the discovery of the posting, MetLife acted to mitigate possible harm by providing credit monitoring and identity theft insurance to the affected customers.

Tags: Connecticut, Consumer Protection, Credit Monitoring, Enforcement, Identity Theft, Personally Identifiable Information, Security Breach, Social Security Number, State Attorneys General, U.S. State Law

Minnesota AG Sues Debt Collection Agency for Health Privacy Violations

Posted on January 24, 2012 by Hunton & Williams LLP

On January 19, 2012, Minnesota Attorney General Lori Swanson announced a lawsuit against Accretive Health, Inc., (“Accretive”) for violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and its implementing regulations, the Minnesota Health Records Act, Minnesota’s debt collection statutes and Minnesota’s consumer protection laws. The suit, which was filed in Federal District Court in Minnesota, alleges that Accretive failed to adequately safeguard patients’ protected health information (“PHI”). This failure contributed to a July 2011 information security breach when an Accretive employee left an unencrypted laptop containing information of approximately 23,500 patients in a rental car. The laptop was stolen and has not yet been recovered.

Tags: Consumer Protection, Health Privacy, HIPAA, HITECH Act, Minnesota, Privacy Rule, Protected Health Information, Security Breach, Social Security Number, State Attorneys General, U.S. State Law

Third Circuit Holds Data Breach Plaintiffs Lack Standing

Posted on January 20, 2012 by Hunton & Williams LLP

On December 12, 2011, the United States Court of Appeals for the Third Circuit affirmed a decision that employees of Ceridian Corporation’s (“Ceridian’s”) customers did not have standing to sue Ceridian after the payroll processing firm suffered a data breach.

In December 2009, a hacker may have gained access to personal and financial information of Ceridian’s customers, including names, addresses, Social Security numbers, dates of birth and bank account information. Although it is not known if the hacker read, copied or understood the data, Ceridian sent notification letters to affected individuals informing them of the breach and offering to provide one year of complimentary credit monitoring and identity theft protection.

Tags: Consent Order, Consumer Protection, Credit Monitoring, Cybersecurity, Federal Trade Commission, Hacker, Identity Theft, Litigation, Security Breach, Social Security Number, U.S. Federal Law

FTC Settles with Alleged Stealth Behavioral Advertising Targeter

Posted on January 9, 2012 by Hunton & Williams LLP

On January 5, 2012, the Federal Trade Commission announced a proposed settlement with Upromise, Inc., a membership reward service that gives cash rebates for college savings accounts to members who purchase products and services from its partner merchants. The FTC alleged that the “Personalized Offers” feature on the Upromise TurboSaver Toolbar (1) collected far more information about users’ browsing behavior than was disclosed at the time of installation, and (2) contrary to representations in the company’s privacy notice, transmitted that information, which included data such as Social Security numbers and financial account numbers, in clear text.

Tags: Advertisement, Behavioral Advertising, Consent Order, Consumer Protection, Enforcement, Federal Trade Commission, Information Security, Online Privacy, Personally Identifiable Information, Social Security Number, U.S. Federal Law

California Bulks Up Security Breach Notification Requirements

Posted on September 2, 2011 by Hunton & Williams LLP

On August 31, 2011, California Governor Jerry Brown signed into law amendments to that state’s security breach notification statute. The revisions establish new content requirements for breach notification letters to California residents, and mandate notification to the state Attorney General when a breach affects more than 500 Californians. Senate Bill 24 was the third effort by State Senator Joe Simitian to build on the landmark California breach notification law he authored in 2002. The two previous bills he proposed were passed by the California legislature, but vetoed by former Governor Arnold Schwarzenegger.

Tags: California, Consumer Protection, Enforcement, HIPAA, HITECH Act, Legislation, Security Breach, Social Security Number, State Attorneys General, U.S. State Law

Massachusetts Attorney General Announces $7,500 Data Breach Settlement with Belmont Savings Bank

Posted on August 2, 2011 by Hunton & Williams LLP

On July 29, 2011, Massachusetts Attorney General Martha Coakley announced a $7,500 settlement with Belmont Savings Bank following a May 2011 data breach involving the names, Social Security numbers and account numbers of more than 13,000 Massachusetts residents. The bank has stated that it has no evidence of unauthorized access to or use of consumers’ personal information in connection with this breach.

Tags: Consumer Protection, Enforcement, Information Security, Massachusetts, Penalty, Security Breach, Social Security Number, State Attorneys General, U.S. State Law

Representative Mary Bono Mack Releases Discussion Draft of the SAFE Data Act

Posted on June 17, 2011 by Hunton & Williams LLP

On June 13, 2011, Representative Mary Bono Mack (R-CA) released a discussion draft of the Secure and Fortify Data Act (the “SAFE Data Act”), which is designed to “protect consumers by requiring reasonable security policies and procedures to protect data containing personal information, and to provide for nationwide notice in the event of a security breach.” Representative Bono Mack is Chairman of the House Subcommittee on Commerce, Manufacturing and Trade. In a press release, Representative Bono Mack remarked that “E-commerce is a vital and growing part of our economy. We should take steps to embrace and protect it – and that starts with robust cyber security.” She added that “consumers have a right to know when their personal information has been compromised, and companies and other organizations have an overriding responsibility to promptly alert them.”

Tags: Consumer Protection, Credit Monitoring, Credit Report, Cybersecurity, Enforcement, Federal Trade Commission, Gramm Leach Bliley Act, HIPAA, Identity Theft, Information Security, Legislation, Online Privacy, Payment Card, Privacy Policy, Security Breach, Social Security Number, State Attorneys General, U.S. Federal Law

Tag Archives: Social Security Number

Search

Subscribe

Topics

Recent Updates

Blogroll

Stay Connected