HIPAA Privacy and Security Audit Pilot Program Takes Flight

Posted on November 30, 2011 by Robyn Sterling

On November 8, 2011, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced details of its HIPAA Privacy and Security Audit Program pursuant to the American Recovery and Reinvestment Act of 2009, Section 13411 of the HITECH Act. The OCR pilot program calls for approximately 150 audits of covered entities, to commence in November 2011 and expected to conclude by December 2012. The audits are intended to address privacy and security compliance, and assist OCR in assessing and identifying best practices as well as risks and vulnerabilities for health care entities.

Continue Reading...
Tags: , , , ,

News "Flash" - FTC Settlement Over Use of Flash Cookies Highlights FTC Focus on Consumer Notice and Choice

Posted on November 22, 2011 by Robert D. Forbes

The Federal Trade Commission has announced a settlement agreement with ScanScout, Inc., an online advertising network alleged to have made misleading statements in its privacy policy which omitted to disclose ScanScout’s use of Flash cookies. The settlement terms require ScanScout to implement various conspicuous (i.e., not hidden in the privacy policy) notices regarding behavioral tracking and opt-out mechanisms that are reflective of recent FTC guidance and developing industry standards. Companies engaging in behavioral tracking (using Flash cookies or otherwise) may look to the terms of this settlement agreement for color on what the FTC wants to see in terms of consumer notices and choices.

Continue Reading...
Tags:

Anderson v. Hannaford: Plaintiff Customers May Recover Mitigation Costs Of Data Breach

Posted on November 14, 2011 by Amy Crafts

Plaintiff customers in litigation stemming from Hannaford Brothers, Co.'s 2007 data breach were handed a partial victory by the First Circuit on October 20th. The Court held that plaintiffs' claims for negligence and implied contract should survive Hannaford's motion to dismiss because plaintiffs' reasonably foreseeable mitigation costs constitute a cognizable claim for damages under Maine law. While this case, Anderson v. Hannaford Brothers, Co., may be read narrowly to apply only to circumstances involving actual theft and misuse of customers' data, plaintiffs' lawyers, who for years have made unsuccessful claims for damages following data security breaches, will likely attempt to broaden this holding to apply at least to other mitigation costs incurred by plaintiffs.

Continue Reading...
Tags: , , , , ,

Site Targeting "Tweenagers" Misses the Mark: FTC Announces Settlement of Alleged COPPA Violations

Posted on November 11, 2011 by Brendon Tavelli

The Federal Trade Commission recently announced its settlement with the operator of www.skidekids.com concerning allegations that the operator violated the Children’s Online Privacy Protection Act Rule (“COPPA Rule”) by collecting personal information about children without obtaining parental consent. Skid-e-kids, a social networking site directed at children ages 7-14, allows children to do many of the things (e.g., share pictures and video) that adults do on Facebook and other popular social networking sites. In fact, according to the FTC, Skid-e-kids advertises itself as the “Facebook and Myspace for kids.”

Continue Reading...
Tags: , , , , ,