Next week, IAPP hosts its annual Global Privacy Summit in Washington, D.C. Inside Privacy will be attending the event, which has attracted a number of significant stakeholders in years past and will provide a good opportunity to take the temperature of stakeholders on key privacy and data security issues. Those who are interested in health privacy may
2011
UK Extends CAP Code Restrictions to Online Businesses
By Dan Cooper
On March 1, the scope of the UK’s Code of Non-broadcast Advertising, Sales Promotion and Direct Marketing (“CAP Code”) was significantly expanded to apply to a variety of new technologies, including online social networks, online video advertisements, viral advertisements, in-game advertisements, and advertisements transmitted via web widgets, and online sales promotions and prize promotions. The…
EU Commission Proposes Mandatory Transfer of Passenger Name Records
By Dan Cooper
The European Commission has proposed a Passenger Name Record Directive that would require airlines to provide EU Member States with data on passengers arriving from, or departing to, countries outside the EU. Under the proposal, copies of such PNR data held on an airline’s reservation system would be transferred to a dedicated “Passenger Information Unit”…
Indiana Reporters’ Shield Law Does Not Protect Online Comments, Rules Judge
According to an article written by Jeff Swiatek in the Indianapolis Star, an Indiana judge has ruled that the state’s reporters’ shield law does not prevent two newspapers from being compelled in a lawsuit to disclose identifying information about online commenters in their Web forums. The ruling is the first considering the application of the…
Supreme Court Holds Corporations’ Secrets Not Protected By Freedom of Information Act Exemption for “Personal Privacy”
Under the Freedom of Information Act (FOIA), citizens have a right to obtain documents from federal agencies. However, agencies may withhold documents from request for several reasons, including to protect “personal privacy.” Does the exemption for “personal privacy” protect the privacy of corporations in addition to that of individuals? In its recent decision in Federal…
HHS Announces $1 Million HIPAA Settlement
Two days after imposing the first-ever civil money penalty for HIPAA violations, the Office for Civil Rights (OCR) within the Department of Health and Human Services (HHS) announced that Massachusetts General Hospital (Mass General) has agreed to pay $1 million to settle potential violations of the HIPAA Privacy Rule. OCR initiated an investigation of Mass…
EU’s Hustinx: Data Protection Law Sanctions Should Mirror Competition Law
At a recent presentation in Frankfurt, Peter Hustinx, head of the European Data Protection Supervisor Office in Brussels, launched an intriguing idea: sanctioning violations of data protection law in the same manner as violations of competition law.
The trade press regularly reports on multi-million euro fines for cartels or abuses of dominant positions by companies
The trade press regularly reports on multi-million euro fines for cartels or abuses of dominant positions by companies
…
HHS Imposes $4.3 Million Civil Money Penalty for HIPAA Privacy Violations
The Office for Civil Rights (OCR) within the Department of Health and Human Services (HHS) announced Tuesday that it has issued a Notice of Final Determination finding that Cignet Health of Prince George’s County, Maryland (Cignet) violated the HIPAA Privacy Rule. HHS imposed a $4.3 million civil money penalty on Cignet for the violations—the first…
Privacy Lawsuit Against Cable One Dismissed
Today the District Court for the Northern District of Alabama dismissed the class action lawsuit filed against our client, Cable One, Inc., for lack of subject matter jurisdiction because the named plaintiff lacked standing. The litigation arose out of a limited test of NebuAd Inc.’s “deep packet inspection” technology, which was used to create anonymous,…
Report: Over 6 Million Individuals Affected by PHI Breaches Since August 2009
A total of 225 breaches of protected health information (PHI) affecting 6,067,751 individuals have been recorded since the HIPAA breach notification rule was issued in August 2009 pursuant to the HITECH Act, according to a report by Redspin, a provider of HIPAA risk analysis and IT assessment services.
According to the report:
- Single breaches affecting
…