Privacy Law Blog : Privacy Lawyers & Attorneys : Proskauer Rose Law Firm : CAN-SPAM, FCRA, FACTA

Cignet Health (Cignet), which operates four health centers in Maryland, is a little lighter in the wallet after the U.S. Department of Health and Human Services’ (HHS) Office of Civil Rights (OCR) found that Cignet violated the Privacy Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) - $4.3 million lighter, to be exact.

This penalty marks the first civil money penalty imposed by HHS for violations by a “covered entity” of the HIPAA Privacy Rule. In the past, HHS has primarily worked with covered entities to settle the violations and obtain agreement to changes in practices. The civil monetary penalty imposed upon Cignet is based on the violation categories and increased penalty amounts authorized by Section 13410(d) of the Health Information Technology for Economic and Clinical Health (HITECH) Act, which modified HIPAA.

• Email This
• Print
• Trackbacks
• Share Link

Yesterday, the California Supreme Court held that ZIP codes are “personal identification information” within the meaning of the state’s Song Beverly Credit Card Act. The court’s decision in Pineda v. Williams-Sonoma Stores, Inc., No. S178241 slip op. (Cal. Feb. 10, 2011), casts a dark cloud over the established retail practice of asking for ZIP codes when customers make purchases using a credit card in brick-and-mortar stores. In Pineda, the plaintiff sued Williams-Sonoma alleging that when she made a purchase at one of defendant’s stores, the cashier requested her ZIP code and recorded it as part of her credit card transaction. Subsequently, Williams-Sonoma used plaintiff’s ZIP code to perform a “reverse append” and thereby locate plaintiff’s home address.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Hot on the trail of the FTC’s recent report on privacy, the GSMA, the London-based industry association representing over 800 cellular network operators worldwide, released its “high-level” Mobile Privacy Principles (the “Principles”) on January 27, 2011. The Principles were released with the goal of creating a “robust and effective framework for the protection of privacy” to promote users’ confidence and trust in mobile applications. These Principles encourage a “privacy by design” approach to mobile privacy and encourage a consistent and harmonized approach to privacy across mobile services and applications. Such Principles are highly relevant after the surge in mobile computing made possible by mobile devices, such as the iPhone, Blackberry, and Droid.

The two boldest aspects of the Principles are found in the definitions—namely, in how “personal information” is defined and in the broad responsibility of privacy espoused by the Principles.

• Email This
• Print
• Comments
• Trackbacks
• Share Link