Tag Archives: Social Security Number

FTC Settles Spying Case

On September 25, 2012, the Federal Trade Commission announced that it had settled a case involving allegations of spying by software company DesignerWare, LLC, and several rent-to-own companies that rented computers to consumers.… Continue Reading

FTC Announces Settlements Relating to P2P Data Breaches

On June 7, 2012, the Federal Trade Commission announced settlement agreements with two businesses for allegedly compromising the security of consumer personal information by allowing peer-to-peer file-sharing software to be installed on company computers. One of the companies also was charged with violations of the GLB Safeguards Rule and Privacy Rule.… Continue Reading

Minnesota AG Sues Debt Collection Agency for Health Privacy Violations

On January 19, 2012, Minnesota Attorney General Lori Swanson announced a lawsuit against Accretive Health, Inc., alleging that the debt collection company failed to adequately safeguard patients’ protected health information and violated HIPAA, the Minnesota Health Records Act, Minnesota’s debt collection statutes and Minnesota’s consumer protection laws.… Continue Reading

California Bulks Up Security Breach Notification Requirements

On August 31, 2011, California Governor Jerry Brown signed into law amendments to the state's security breach notification law; similar bills had been vetoed twice in the past by former Governor Schwarzenegger. As of January 1, 2012, entities will be required to notify the California Attorney General when a breach affects more than 500 California residents, and there will be specific content requirements for the notification provided to individuals. … Continue Reading

Massachusetts Information Security Regulations Take Effect on March 1, 2010

After several delays and revisions, the Massachusetts information security regulations, entitled “Standards for the Protection of Personal Information of Residents of the Commonwealth,” will take effect on March 1, 2010.  The regulations apply to entities that own or license personal information about Massachusetts residents.  “Personal information” is defined as a combination of a resident’s first … Continue Reading

Connecticut Attorney General Investigation Sheds Light on Meaning of “Unreasonable Delay” in Data Breach Context

On November 9, 2009, Connecticut’s Attorney General, Richard Blumenthal, announced an investigation of whether Blue Cross and Blue Shield (“BCBS”) violated Connecticut’s data breach notification law by waiting until two months after a data breach had occurred to notify affected Connecticut residents.  The data breach, which Attorney General Blumenthal called “one of the most sizable … Continue Reading

Data Breach: Identity Theft Risk Insufficient to Support Claims

The mere increased risk of identity theft following a data breach is sufficient to give the data subjects standing to bring a lawsuit in federal court but, absent actual identity theft or other actual harm, claims against the data owner and its service provider for negligence and breach of contract cannot survive, a federal judge … Continue Reading

New Jersey Publishes Pre-Proposal of Rules Protecting Personal Information

The New Jersey Division of Consumer Affairs has published a pre-proposal of rules relating to the protection of personal information (“PPR”) and is accepting comments on the PPR until February 13, 2009, after which it will formally propose rules. The PPR comes nearly a year after the state withdrew earlier proposed rules (the “Original Proposal”) … Continue Reading