by Daniel J. Solove Recently, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) publicized its resolution agreement in its HIPAA enforcement action against St. Elizabeth’s Medical Center (SEMC). SEMC agreed to pay $218,000. The case began with a complaint filed with OCR back in 2012 that employees […]
Category: Data Breach Notification
Posts about Data Breach Notification by Professor Daniel J. Solove for his blog at TeachPrivacy, a privacy awareness and security training company.
The OPM Data Breach: Harm Without End?
By Daniel J. Solove The recent breach of the Office of Personnel Management (OPM) network involved personal data on millions of federal employees, including data related to background checks. OPM is now offering 18 months of free credit monitoring and identity theft insurance to victims. But as experts note in a recent Washington Post article, […]
Law Firm Cyber Security and Privacy Risks
By Daniel J. Solove Law firms are facing grave privacy and security risks. Although a number of firms are taking steps to address these risks, the industry as a whole needs to grasp the severity of the risk. For firms, privacy and security risks can be significantly higher than for other organizations. Incidents can be […]
Why the C-Suite Should Have Coffee with the Privacy and Security Officers Every Week
by Daniel J. Solove As I discussed in a previous post, the two key things that organizations can do to prevent data incidents can be summed up in a simple rhyme: The C-Suite must care The workforce must be aware In this post, I want to focus on the “C-Suite” – a term used […]
The 2 Essential Ways to Prevent Data Breaches
by Daniel J. Solove We’re in the midst of a crisis in data protection. Billions of passwords stolen. . . Mammoth data breaches. . . Increasing threats. . . Malicious hackers . . .
6 Lessons from the Costliest HIPAA Settlement to Date
by Daniel J. Solove The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently announced the costliest HIPAA settlement to date — a $4.8 million settlement with New York and Presbyterian Hospital (NYP) and Columbia University (CU). The case involved the disclosure of protected health information on the Internet. Here […]
How Should Data Security Breach Notification Work?
In 2005, a series of data security breaches affected tens of millions of records of personal information. I blogged about them here, here, here, here, and here. One of the major issues with data security breaches involves what kind of notification companies should provide. The spate of data security breach announcements began in February 2005, when ChoicePoint announced its breach […]
Data Security Laws, the States, and Federalism
Remember well over a year ago, when last February ChoicePoint announced it had a major data security breach? Since then hundreds of breaches have been announced — over 200 instances involving data on 88 million people. Several bills were proposed in Congress; many Senators and Representatives quickly emphasized the importance of privacy and data security. […]
The Government’s Data Security Breach and “Data Neutralization”
The AP reports an enormous breach of data security by the government: Thieves took sensitive personal information on 26.5 million U.S. veterans, including Social Security numbers and birth dates, after a Veterans Affairs employee improperly brought the material home, the government said Monday. The information involved mainly those veterans who served and have been discharged since 1975, […]
ChoicePoint: More Than 145,000 Victims?
ChoicePoint just won’t be outdone. They were, after all, the company that started all the extensive attention on data security breaches. Back in February 2005, ChoicePoint announced that it had improperly sold personal data on about 145,000 people to identity thieves. Pursuant to a California data security breach notice law, ChoicePoint notified the affected individuals […]