The FTC declined to identify the companies or organizations involved, but said they were both "private and public entities, including schools and local governments."
The companies and organizations ranged in size from "businesses with as few as eight employees to publicly held corporations employing tens of thousands," the FTC said in a statement.
It said sensitive data about customers and employees had been shared from the computer networks of the companies and organizations and made available on Internet peer-to-peer (P2P) file-sharing networks.
The information was accessible to "any users of those networks, who could use it to commit identity theft or fraud," the FTC said.
"Unfortunately, companies and institutions of all sizes are vulnerable to serious P2P-related breaches, placing consumers' sensitive information at risk," FTC chairman Jon Leibowitz said.
"For example, we found health-related information, financial records, and drivers' license and social security numbers -- the kind of information that could lead to identity theft," Leibowitz said.
Mark Frisse on 24 Aug 10his article explains why supplying data to researchers is set to become a profitable line of business for entities that hold large stores of health data in electronic form. Health information systems are a form of infrastructure, and Congress's cost-based fee for data preparation and transmission echoes pricing schemes traditionally used in other infrastructure industries such as railroads, electric power transmission, and telecommunications. Cost-based fees for infrastructure services, of constitutional necessity, must allow recovery of operating and capital costs including a return on invested capital-in other words, a profit margin. This fee structure is being launched in an emerging 21st-century research landscape where biomedical discovery will depend more than it has in the past on studies that harness existing stores of data-such as insurance claims and healthcare data-that were created for purposes other than the research itself. This article explores why, in this environment, the new fee structure has the potential to destabilize already-fragile public trust and invite state-law responses that could override key provisions of federal privacy regulations, with devastating consequences for researchers' future access to data. To avoid this outcome, the cost-based fee must be thoughtfully implemented and accompanied by reform of the HIPAA waiver provision now used to approve nonconsensual use of people's health data in research. This article identifies specific defects of the existing framework for approving nonconsensual uses of data with the aim of eliciting a wider debate about what the reforms ought to be.
