Privacy and Information Security Law Blog

Tag Archives: State Attorneys General

California AG’s Mobile App Case Against Delta Dismissed

Posted on May 10, 2013 by Hunton & Williams LLP

A state court has dismissed the California Attorney General’s claims that Delta Air Lines Inc. (“Delta”) violated the California Online Privacy Protection Act by failing to have an appropriately posted privacy policy for its mobile application, Bloomberg reports. The California AG sued Delta in December as part of an enforcement campaign that began with the issuance of warning letters to approximately 100 operators of mobile apps, including Delta. According to the Bloomberg report, a basis for the dismissal was the federal Airline Deregulation Act, under which a state “may not enact or enforce a law, regulation, or other provision having the force and effect of law related to a price, route, or service of an air carrier that may provide air transportation under this subpart.” 49 U.S.C. § 41713.

Tags: California, Enforcement, Mobile App, Online Privacy, Personally Identifiable Information, Privacy Policy, State Attorneys General, U.S. Federal Law, U.S. State Law

Medical Practices Agree to $140,000 Settlement with Massachusetts Attorney General

Posted on January 10, 2013 by Hunton & Williams LLP

On January 7, 2013, Massachusetts Attorney General Martha Coakley announced that several Massachusetts medical practices have agreed to a consent judgment and $140,000 payment to settle charges they improperly disposed of medical information. The defendants, which include several pathology practices and a firm that provided medical billing services to those practices, were accused of dumping hard copy medical records at the Georgetown Transfer Station, a waste management facility open to the public. The records allegedly contained the names, Social Security numbers and medical diagnoses of approximately 67,000 individuals. The illegal dumping allegations were publicized in a Boston Globe article after a photographer for the newspaper discovered medical records at the facility while he was disposing of his own trash.

Tags: Consent Order, Consumer Protection, Enforcement, Health Privacy, HIPAA, Massachusetts, Penalty, Privacy Rule, Protected Health Information, Social Security Number, State Attorneys General, U.S. State Law

California AG Sues Delta for Failure to Post a Privacy Policy on Its Mobile App

Posted on December 7, 2012 by Hunton & Williams LLP

On December 6, 2012, California Attorney General Kamala D. Harris announced a lawsuit against Delta Air Lines, Inc. (“Delta”) for violations of the California Online Privacy Protection Act (“CalOPPA”). The suit, which the Attorney General filed in the San Francisco Superior Court, alleges that Delta failed to conspicuously post a privacy policy within Delta’s “Fly Delta” mobile application to inform users of what personally identifiable information is collected and how it is being used by the company. CalOPPA requires “an operator of a commercial Web site or online service that collects personally identifiable information through the Internet about individual consumers residing in California who use or visit its commercial Web site or online service,” such as a mobile application, to post a privacy policy that contains the elements set out in CalOPPA. According to Attorney General Harris’ complaint, Delta has operated the “Fly Delta” application for smartphones and other electronic devices since at least 2010. The complaint alleges that “[d]espite collecting substantial personally identifiable information (“PII”) such as user’s full name, telephone number, email address, frequent flyer account number and PIN code, photographs, and geo-location, the Fly Delta application does not have a privacy policy. It does not have a privacy policy in the application itself, in the platform stores from which the application may be downloaded, or on Delta’s website.”

Tags: California, Enforcement, Online Privacy, Penalty, Personally Identifiable Information, Privacy Policy, State Attorneys General, U.S. State Law

Time Running Out for Mobile App Operators Targeted by California Attorney General

Posted on November 26, 2012 by Hunton & Williams LLP

In late October 2012, California Attorney General Kamala D. Harris began sending letters to approximately 100 mobile app operators, informing them that they are not in compliance with the California Online Privacy Protection Act (“CalOPPA”). Pursuant to CalOPPA, “an operator of a commercial Web site or online service that collects personally identifiable information through the Internet about individual consumers residing in California who use or visit its commercial Web site or online service” must post a privacy policy that contains specified elements. A mobile app arguably could be an “online service” under CalOPPA, which provides that an online service operator that collects “personally identifiable information” and “fails to post its policy within 30 days after being notified of noncompliance” is in violation of CalOPPA. The law affects a wide range of mobile app operators because of its very broad definition of “personally identifiable information,” which includes any “individually identifiable information about an individual consumer collected online by the operator from that individual and maintained by the operator in an accessible form,” such as a name, an email address or any other identifier “that permits the physical or online contacting of a specific individual.”

Tags: California, Mobile App, Mobile Device, Online Privacy, Personally Identifiable Information, Privacy Policy, State Attorneys General, U.S. State Law

FTC Settles Spying Case

Posted on September 27, 2012 by Hunton & Williams LLP

On September 25, 2012, the Federal Trade Commission announced that it had settled a case involving allegations of spying by software company DesignerWare, LLC (“DesignerWare”) and several rent-to-own companies that rent computers to consumers, such as Aaron’s, Inc., ColorTyme, Inc., and Premier Rental Purchase. The FTC collaborated with Illinois Attorney General Lisa Madigan in its investigation.

Tags: Consent Order, Consumer Protection, Enforcement, Federal Trade Commission, Geolocation, Jon Leibowitz, Online Privacy, Social Security Number, State Attorneys General

Markey Introduces Mobile Device Privacy Act

Posted on September 13, 2012 by Hunton & Williams LLP

On September 12, 2012, Congressman Edward Markey (D-MA) released a bill that would require companies to tell customers about monitoring software installed on their mobile devices and obtain customers’ express consent before engaging in monitoring. These requirements would apply to mobile phone makers, network providers and application developers.

Tags: Consumer Protection, Edward Markey, Enforcement, Federal Communications Commission, Federal Trade Commission, Information Security, Legislation, Mobile App, Mobile Device, Online Privacy, Service Provider, State Attorneys General

Minnesota Attorney General Announces $2.5 Million Settlement with Accretive Health

Posted on August 24, 2012 by Hunton & Williams LLP

On July 31, 2012, Minnesota Attorney General Lori Swanson announced a $2.5 million settlement with Accretive Health, Inc. (“Accretive”) for violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and its implementing regulations, and various Minnesota debt collection and consumer protection laws. As we previously reported in January 2012, Accretive, which acted as a business associate to two Minnesota hospital systems, experienced a breach in July 2011 that involved the protected health information of more than 23,000 patients.

Tags: Consumer Protection, Department of Health and Human Services, Enforcement, Health Privacy, HIPAA, HITECH Act, Minnesota, Protected Health Information, Security Breach, State Attorneys General

Connecticut Amends State Breach Law Amid Introduction of Federal Breach Notification Legislation

Posted on June 27, 2012 by Hunton & Williams LLP

In recent weeks, both state and federal regulators have considered security breach notification legislation. On June 15, 2012, Connecticut Governor Dannel Malloy signed a budget bill that, among other things, amends the state’s security breach notification law. The changes, which will take effect on October 1, 2012, most notably require businesses to notify the state Attorney General no later than the time when notice of a security breach is provided to state residents. Although the law does not specify when notice must be provided to affected individuals, the law states that such notice must be made “without unreasonable delay,” subject to law enforcement delays and the completion of an investigation by the business to determine the nature and scope of the incident, to identify affected individuals, or to restore the reasonable integrity of the data system. As we previously reported, Vermont also recently amended its breach notification statute to require businesses to notify the state Attorney General within 14 days of discovering a security breach or concurrently when notifying consumers, whichever is sooner.

Tags: Connecticut, Enforcement, Federal Trade Commission, Gramm Leach Bliley Act, Legislation, Pat Toomey, Penalty, Security Breach, State Attorneys General, U.S. Federal Law, U.S. State Law

Massachusetts Hospital Settles Data Breach Lawsuit

Posted on June 7, 2012 by Hunton & Williams LLP

On May 24, 2012, Massachusetts Attorney General Martha Coakley announced that South Shore Hospital agreed to a consent judgment and $750,000 payment to settle a lawsuit stemming from a data breach that occurred in February 2010. At that time, South Shore Hospital shipped several boxes of unencrypted back-up tapes to a service provider in Texas to erase them. The tapes contained the personal and protected health information of approximately 800,000 individuals, including names, Social Security numbers, financial account numbers and medical diagnoses. Several of the boxes went missing and have yet to be recovered, though there is no evidence that the information on the missing tapes has been misused.

Tags: Consent Order, Consumer Protection, Enforcement, Health Privacy, HIPAA, Massachusetts, Penalty, Protected Health Information, Security Breach, Social Security Number, State Attorneys General, U.S. State Law

OCR Director Leon Rodriguez Says Tolerance for HIPAA Non-Compliance Is Low

Posted on June 7, 2012 by Hunton & Williams LLP

On June 7, 2012, at the annual Safeguarding Health Information: Building Assurance through HIPAA Security Conference hosted in Washington, D.C. by the Department of Health and Human Services Office for Civil Rights (“OCR”) and the National Institute of Standards and Technology (“NIST”), OCR Director Leon Rodriguez said that, given HIPAA’s 15-year history and the substantial technical assistance OCR and NIST have provided covered entities, tolerance for HIPAA non-compliance is “much, much lower” than it has been in the past.

Tags: Compliance, Department of Health and Human Services, Enforcement, Events, Health Privacy, HIPAA, HITECH Act, Minnesota, National Institute of Standards and Technology, Privacy Rule, Protected Health Information, Security Rule, State Attorneys General

Privacy and Information Security Law Blog - Global privacy and information security law updates and analysis

Tag Archives: State Attorneys General

California AG’s Mobile App Case Against Delta Dismissed

California AG Sues Delta for Failure to Post a Privacy Policy on Its Mobile App

Time Running Out for Mobile App Operators Targeted by California Attorney General

Markey Introduces Mobile Device Privacy Act

Minnesota Attorney General Announces $2.5 Million Settlement with Accretive Health

Connecticut Amends State Breach Law Amid Introduction of Federal Breach Notification Legislation

OCR Director Leon Rodriguez Says Tolerance for HIPAA Non-Compliance Is Low

Published By Hunton & Williams

Search

Subscribe

Topics

Recent Updates

Blogroll

Stay Connected

Privacy News