Tag Archives: Social Security Number

Minnesota AG Sues Debt Collection Agency for Health Privacy Violations

On January 19, 2012, Minnesota Attorney General Lori Swanson announced a lawsuit against Accretive Health, Inc., alleging that the debt collection company failed to adequately safeguard patients’ protected health information and violated HIPAA, the Minnesota Health Records Act, Minnesota’s debt collection statutes and Minnesota’s consumer protection laws.… Continue Reading

California Bulks Up Security Breach Notification Requirements

On August 31, 2011, California Governor Jerry Brown signed into law amendments to the state's security breach notification law; similar bills had been vetoed twice in the past by former Governor Schwarzenegger. As of January 1, 2012, entities will be required to notify the California Attorney General when a breach affects more than 500 California residents, and there will be specific content requirements for the notification provided to individuals. … Continue Reading

Massachusetts Information Security Regulations Take Effect on March 1, 2010

After several delays and revisions, the Massachusetts information security regulations, entitled “Standards for the Protection of Personal Information of Residents of the Commonwealth,” will take effect on March 1, 2010.  The regulations apply to entities that own or license personal information about Massachusetts residents.  “Personal information” is defined as a combination of a resident’s first … Continue Reading

Connecticut Attorney General Investigation Sheds Light on Meaning of “Unreasonable Delay” in Data Breach Context

On November 9, 2009, Connecticut’s Attorney General, Richard Blumenthal, announced an investigation of whether Blue Cross and Blue Shield (“BCBS”) violated Connecticut’s data breach notification law by waiting until two months after a data breach had occurred to notify affected Connecticut residents.  The data breach, which Attorney General Blumenthal called “one of the most sizable … Continue Reading

Data Breach: Identity Theft Risk Insufficient to Support Claims

The mere increased risk of identity theft following a data breach is sufficient to give the data subjects standing to bring a lawsuit in federal court but, absent actual identity theft or other actual harm, claims against the data owner and its service provider for negligence and breach of contract cannot survive, a federal judge … Continue Reading

New Jersey Publishes Pre-Proposal of Rules Protecting Personal Information

The New Jersey Division of Consumer Affairs has published a pre-proposal of rules relating to the protection of personal information (“PPR”) and is accepting comments on the PPR until February 13, 2009, after which it will formally propose rules. The PPR comes nearly a year after the state withdrew earlier proposed rules (the “Original Proposal”) … Continue Reading