FTC Enforcement

Federal Trade Commission regulatory and enforcement actions related to the privacy and security of sensitive consumer information, including but not limited to consumer health information, that is accessed, collected, transmitted or maintained via internet websites, cloud servers, peer-to-peer (P2P) networks, etc.

Legislation would require Kentucky businesses to notify consumers of data breach

Dan Soldato Electronic Health Records, Federal Law Resources, FTC Enforcement, Health Information Technology, HITECH Law ,

by Dan Soldato

Lock and KeyData breaches, particularly of consumer information and other private information, are becoming an increasing public concern and a headline in the daily news.  We regularly hear about incidents in which electronically stored customer information is lost by or stolen from businesses, including health care companies, retailers, and telecommunications companies.  These risks are exponentially increasing with the increased use of mobile devices in businesses (e.g., laptops, tablets, flash drives, smartphones, etc.) and the increased use of mobile apps by consumers.  Electronic data, if not adequately secured, can lead to both physical and electronic thefts (e.g., hacking, malware, etc.).  In light of the increase in data breach reports, this week, the Consumer Financial Protection Bureau issued an advisory bulletin to provide guidance to consumers on protecting their personal information following the recent high-profile breaches involving debit cards and other payment data (e.g., Target, Michaels, Neiman Marcus).  Notice to consumers about a breach of their data is seen as another way to further protect against a loss.

Data Breach Laws. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and Section 5 of the Federal Trade Commission Act are two federal laws under which federal agencies aim to protect the confidentiality of sensitive personal information such as health information, social security numbers and other personally identifiable information.  In addition, many states have enacted laws that have a similar aim.  One such law that many states have enacted is a breach notification law that requires business entities to notify affected individuals when their personally identifiable information has been breached or compromised.

Kentucky is one of a handful of states that has yet to enact a breach notification law.  However, on January 21, 2014, Representative Steve Riggs introduced HB232, which, if passed, would implement new standards and requirements to notify affected individuals in the event of a breach of their personally identifiable information.  The Bill is now under consideration by the House Labor and Industry Committee.  Continue reading

The FTC: Watchdog for Privacy and Security of Sensitive Personal Data

Ann Feldkamp Triebsch FTC Enforcement, Health Information Technology, HITECH Law, Privacy & Security , , , , , ,

Data transmissionThose who dwell in the world of health care privacy and security know well that the Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) is the federal agency that issues the regulations, provides guidance and ultimately enforces the complex requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) as amended by the Health Information Technology for Economic & Clinical Health Act of 2009(HITECH).  But we also know, as citizens of the 21st Century, that privacy and security concerns extend far beyond insurance claims and health records in our doctors’ offices.  With every new smartphone we indulge in, every online purchase we make, every retail loyalty program for which we register, we share valuable chunks and tidbits of data about ourselves that now can be used to tell others far more about us than we ever would have dreamed possible, or probably desire.  The internet and astounding connectivity of so many technological devices, both consumer and commercial, allow extremely private and sensitive information to be accessed by parties we do not know and cannot imagine, for both our benefit and detriment.  Continue reading