Tag Archives: Penalty

OCR Settles First Enforcement Action for Untimely Reporting of a Breach

On January 7, 2016, the U.S. Department of Health and Human Services’ Office for Civil Rights entered into a resolution agreement with Presence Health stemming from the entity’s failure to notify affected individuals, the media and OCR within 60 days of discovering a breach. This marks the first OCR settlement of 2017 and the first enforcement action relating to untimely breach reporting by a HIPAA covered entity.… Continue Reading

HHS Announces HIPAA Settlement with UMass

On November 22, 2016, the Department of Health and Human Services announced a $650,000 settlement with University of Massachusetts Amherst, resulting from alleged violations of the Health Insurance Portability and Accountability Act of 1996 Privacy and Security Rules. … Continue Reading

FINRA Fines Brokerage Firm $650,000 After Cyber Attack

On November 14, 2016, Lincoln Financial Securities Corp., a subsidiary of Lincoln Financial Group, entered into a settlement with the Financial Industry Regulatory Authority, requiring LFS to pay a 650,000 dollar fine and implement stronger cybersecurity protocols following a 2012 hack into its cloud-based server.… Continue Reading

Adobe Settles Multistate Data Breach Enforcement Action

On November 7, 2016, Adobe Systems Inc. entered into an assurance of voluntary compliance with 15 state Attorneys General to settle allegations that the company lacked proper measures to protect its systems from a 2013 cyber attack that resulted in the theft of the personal information of millions of customers. … Continue Reading

FTC Announces Settlement Over Illegal Telemarketing Calls

On November 1, 2016, the FTC announced that a group of entities known as the Consumer Education Group settled FTC charges that, between late 2013 and 2015, it made millions of telemarketing calls, including pre-recorded robocalls, to consumers on the national Do Not Call Registry, in violation of the Telemarketing Sales Rule.… Continue Reading

Entry into Force of the French Digital Republic Bill

On October 7, 2016, the French Digital Republic Bill (the “Bill”) was enacted after a final vote from the Senate. The Bill aligns the French legal data protection framework with the EU General Data Protection Regulation (“GDPR”) requirements before the GDPR becomes applicable in May 2018.… Continue Reading

UK ICO Seeks Personal Liability for Directors

On October 13, 2016, Elizabeth Denham, the UK Information Commissioner, suggested at a House of Commons Public Bill Committee meeting that directors of companies who violate data protection laws should be personally liable to pay fines.… Continue Reading

TalkTalk Appeal Against ICO Fine for Late Notification of Data Breach Dismissed by First-Tier Tribunal

On August 30, 2016, the First-tier Tribunal (Information Rights) (the “Tribunal”) dismissed an appeal from UK telecoms company TalkTalk Telecom Group PLC (“TalkTalk”) regarding a monetary penalty notice issued to it on February 17, 2016, by the UK Information Commissioner’s Office (“ICO”). The ICO had issued the monetary penalty notice to TalkTalk, for the amount … Continue Reading

OCR Settles Largest HIPAA Violation Against a Single Covered Entity

On August 4, 2016, the U.S. Department of Health and Human Services' Office for Civil Rights entered into a resolution agreement with Advocate Health Care Network over alleged HIPAA violations. The multimillion dollar settlement with Advocate is the largest settlement to date against a single covered entity.… Continue Reading

OCR Enters into First Enforcement Action Against Business Associate

On June 30, 2016, the U.S. Department of Health and Human Services’ Office for Civil Rights announced that it had settled potential HIPAA Security Rule violations with Catholic Health Care Services of the Archdiocese of Philadelphia. This is the first enforcement action OCR has taken against a business associate since the HIPAA Omnibus Rule was enacted in 2013.… Continue Reading

French Parliament Rejects Data Localization Amendment

On June 30, 2016, a joint committee composed of representatives from both chambers of the French Parliament reached a common position on the French ‘Digital Republic’ Bill that rejects the data localization amendment previously approved by the French Senate, but significantly amends other aspects of the French Data Protection Act. … Continue Reading

Ad Network to Pay Nearly 1 Million in Civil Penalties to Settle FTC Charges That It Geo-Tracked Consumers Without Permission

On June 22, 2016, the Federal Trade Commission announced that it reached a settlement with a mobile advertising company, InMobi, to resolve charges that the company deceptively tracked hundreds of millions of consumers’ locations without their knowledge or consent. Among other requirements, the settlement orders the company to pay 950,000 dollars in civil penalties. … Continue Reading

Pharmaceutical Company to Plead Guilty and Settle Drug Marketing Charges

Recently, Aegerion Pharmaceuticals announced that it will enter into several settlements and plead guilty to two misdemeanors in connection with alleged violations of HIPAA, drug marketing regulations and securities laws. The criminal charges stem from the company’s marketing of a cholesterol drug called Juxtapid. Aegerion allegedly failed to comply with risk evaluation and management strategies and … Continue Reading
LexBlog