On April 11, 2012, Katharine Parker, a partner in Proskauer’s Labor & Employment Law Department, discussed privacy concerns that arise when an employer demands access to its employees’ social media accounts.
Proskauer Rose
FTC Releases Recommendations for Business and Policymakers
The FTC released its final report titled “Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Business and Policymakers” which sets forth principles that companies are recommended to follow with respect to their privacy practices.
…
New York Court Finds Clinic Not Liable for Employee’s Disclosure of PHI
A federal district court dismissed an action against an employer alleging vicarious liability for an employee’s dissemination of a patient’s protected health information (PHI) related to treatment for a sexually transmitted disease (STD). Specifically, the court found that the employer, a private New York medical clinic, was not vicariously liable for the actions of the employee because the employee was acting in a personal capacity which was beyond the scope of her employment.
…
State Attorney General Action Under HITECH
On January 19, 2012, Minnesota Attorney General Lori Swanson exercised her authority under the HITECH Act by filing a lawsuit against a business associate for the failure to protect protected health information (PHI) and for the failure to disclose the extent to which PHI was utilized. The case alleges that Accretive Health, Inc., a debt collection agency, lost a laptop containing unencrypted PHI of approximately 23,500 Minnesota patients. This represents one of the first cases brought by a state attorney general under HIPAA.
Mobile Marketing Association Releases Final Version of Mobile Application Privacy Policy Framework
The Mobile Marketing Association recently unveiled the final version of the Mobile Application Privacy Policy Framework to assist application developers in drafting their mobile application privacy policies.
…
Illinois Attorney General Issues Information Security and Security Breach Notification Guidance
The Illinois Personal Information Protection Act (PIPA) requires that any “data collector”, which includes businesses, universities, governmental agencies or any other entity that deals with personal information, notify Illinois residents in the event of a data security breach. Recently, the Office of Illinois Attorney General Lisa Madigan issued guidance that provides…
Massachusetts Federal Judge Says ZIP Code is Definitely Maybe “Personal Identification Information” . . . Implores Parties to Seek State Court Certification.
In an extension of the spate of litigation surrounding California’s Song-Beverly Credit Card Act and other laws like it, the U.S. District Court for the District of Massachusetts in Tyler v. Michaels Stores, Inc., Civ. No. 11-10920-WGY (D. Mass. Jan. 6, 2012), followed the California Supreme Court’s lead in ruling that ZIP codes are “personal identification information” within the meaning of Mass. Gen. Laws, ch. 93, § 105(a). The court nonetheless dismissed the plaintiff’s putative class action because she failed to allege any legally cognizable harm as a result of Michaels’ collection of her ZIP code in connection with a credit card transaction. Retailers who were unhappy with the California Supreme Court’s opinion in Pineda probably will not be any more pleased with the court’s ZIP code reasoning here. But the result? You bet!
…
HIPAA Privacy and Security Audit Pilot Program Takes Flight
On November 8, 2011, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced details of its HIPAA Privacy and Security Audit Program. The OCR pilot program calls for approximately 150 audits of covered entities, which audits are intended to address privacy and security compliance, and assist OCR in assessing and identifying best practices as well as risks and vulnerabilities for health care entities. Although the pilot program is expected to immediately impact a small number of covered entities, it appears that OCR is increasing its efforts to enforce HIPAA and the HITECH Act.
…