Skip to main content

Home/ WPPS C-Suite News/ Group items tagged Lawsuits

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
sandy ingram

First HIPAA Settlement - Whose next? - 0 views

blog.absolute.com/first-hipaa-settlement

breach Privacy Security settlement hipaa

shared by sandy ingram on 29 Jul 10 - Cached
  • sandy ingram on 29 Jul 10
     
    As we previously mentioned, Connecticut Attorney General Richard Blumenthal filed the first HIPAA-related lawsuit. That lawsuit has now been settled, also a first. The settlement agreement [PDF] between the State of Connecticut and the defendants (Health Net) is the result of the loss of a computer disk drive that had unencrypted health information for 1.5 million health plans. Health Net, under the terms of the settlement, has agreed to pay $250,000 to the state of Connecticut, offer 2 years of credit monitoring to those affected, obtain identity theft insurance and reimburse those affected for security freezes. They will also be required to greatly improve their security measures.
sandy ingram

Employee fined $1.1 million for erasing computer files - 0 views

www.chicagotribune.com/...-law-20101019,0,2539720.column

Security Privacy Fraud employees

shared by sandy ingram on 21 Oct 10 - No Cached
  • sandy ingram on 21 Oct 10
     
    "A former executive of hedge fund manager Citadel Investment Group LLC recently gave about $1.1 million to two Chicago charities, but the payments were not an act of good will. The money was actually a fine that a Cook County judge ordered Mikhail "Misha" Malyshev to pay for violating a previous court ruling to preserve documents in a lawsuit. In July 2009, Citadel had sued him for breaking a contractual promise not to compete with the hedge fund."
sandy ingram

Data Security Breaches Cost Real Money - 0 views

www.mondaq.com/...article.asp

it data security breach cost privacy Information Assurance Poneman

shared by sandy ingram on 08 Apr 10 - Cached
  • PGP Corporation, an enterprise data protection company, and the Poneman Institute, a privacy and information management research firm, as part of their fifth annual U.S. Cost of a Data Breach Study, tracked a wide array of cost elements
  • These elements included outlays for detection, escalation, notification, and response along with legal, investigative and administrative expenses, customer defections, opportunity loss, reputation management, and costs related to customer support like information hotlines and credit monitoring subscriptions
  • data breaches caused by malicious attacks and botnets were on the high end of severity and cost responses. These types of breaches doubled from 2008 to 2009.
  • ...5 more annotations...
  • data breaches involving data outsourced to third-parties, especially those offshore, remain very costly.
  • The study shows that companies are spending more on legal defense costs in the area of data security breaches
  • Furthermore, companies that have a Chief Information Security Officer (CISO) or equivalent high-level security/privacy leader in place who manages data security breach incidents experienced a 50% less per cost of compromised record than companies that do not have such leadership.
  • Somewhat surprisingly, the study indicates that companies that notify victims of data breaches too quickly may incur about 12% higher response costs. The study suggests that moving too quickly through the data breach process could cause inefficiencies that raise total costs
  • companies that engage outside expertise to assist them during a data breach incident tended to have a lower $170 cost per victim than companies that do not seek outside help at $231 per victim.
  • sandy ingram on 08 Apr 10
     
    study shows that companies are spending more on legal defense costs in the area of data security breaches. This has been attributed to fears of potential class actions, and other lawsuits resulting from consumer and employee data loss. In fact, companies that engage outside expertise to assist them during a data breach incident tended to have a lower $170 cost per victim than companies that do not seek outside help at $231 per victim.
sandy ingram

Courts Says Employer's Lawsuit Against Ex-Employee Over Retention and Use of Twitter Ac... - 0 views

blog.ericgoldman.org/...california_cour.htm

Best Practice employees social media account

shared by sandy ingram on 10 Nov 11 - No Cached
  • The takeaway is to have a written agreement that governs this issue!
  • PhoneDog said it suffered $340,000 in damages. The account had 17,000 followers, "which according to industry standards, are each valued at $2.50."
sandy ingram

FTC Delays Enforcement of Red Flags Rule Fifth Time at the request of Congress - 0 views

www.hipaa.com/...-ftc-red-flags-rule-fifth-time

compliance FTC Red Flags Rule

shared by sandy ingram on 17 Sep 10 - No Cached
  • “The Commission urges Congress to act quickly to pass legislation that will resolve any questions as to which entities are covered by the Rule and obviate the need for further enforcement delays.  If Congress passes legislation limiting the scope of the Red Flags Rule with an effective date earlier than December 31, 2010, the Commission will begin enforcement as of that effective date.”
  • The issue regarding the delays in FTC enforcement relates to “scope of entities covered by the Rule,” as indicated in the FTC news release.  Congress is taking action[2]:
  • “House lawmakers in October [2009] passed H.R. 3763[3], which would exclude from the Red Flags guidelines meaning of ‘creditor’ any healthcare, accounting, or legal practice with 20 or fewer employees, as well as any other business which the FTC determines knows all its customers or clients individually; only performs services in or around the residences of its customers; or hasn’t experienced incidents of ID theft, and identity theft is rare for businesses of that type.  An identical bill, S.3416 was introduced in the Senate on May 25 [2010].” A lawsuit was filed in federal court on May 21, 2010, to accomplish a similar objective of narrowing scope of entities covered by the Rule. 
  • sandy ingram on 17 Sep 10
     
    "At the request of several Members of Congress, the Federal Trade Commission is further delaying enforcement of the 'Red Flags' Rule through December 31, 2010, while Congress considers legislation that would affect the scope of entities covered by the Rule.  Today's announcement and the release of an Enforcement Policy Statement do not affect other federal agencies' enforcement of the original November 1, 2008 deadline for institutions subject to their oversight to be in compliance….
sandy ingram

Data breach laws, e-discovery increase compliance duties - - 0 views

www.fiercecio.com/...2010-04-17

data breach laws Compliance privacy security ediscovery identity theft

shared by sandy ingram on 20 Apr 10 - Cached
  • The Massachusetts law applies not only to businesses in the state but to any company that keeps personal data on the state's residents. George examines two parts of the law that are particularly notable because they require action to avoid breaches--not just notify victims after the fact.
  • Businesses are required to have a working information security program for protecting personally identifiable information, and they must submit a written information security program to the state. They also must encrypt data in motion and at rest, including information on portable devices such as USB drives, laptop computers and smartphones.
  • A second complicated--and evolving--area of compliance is e-discovery, which is the process of handing over electronically stored information requested during a lawsuit.
  • sandy ingram on 20 Apr 10
     
    States are getting tougher when it comes to trying to protect their residents' personal data from breaches, and a new law in Massachusetts raises the bar by setting a fine of $5000 per record lost. As Randy George at InformationWeek reports, a company could be fined $1 million for losing one laptop with personal data on just 200 residents of the Bay State
sandy ingram

Heartland CEO says data breach was 'devastating' - 0 views

www.computerworld.com/...article.do

shared by sandy ingram on 18 Jun 09 - No Cached
  • Heartland handed out a USB drive containing the malicious code that it had discovered on its networks as a sign of its willingness to share details of the attack with others in the industry
  • The efforts have been noticed. Though Heartland still faces a flurry of lawsuits, and potentially big fines from card companies, customer attrition has been minimal, and so too has the damage to the company's reputation within the industry.
  • sandy ingram on 18 Jun 09
     
    Heartland Payment Systems chief executive Robert Carr remembers what it felt like when he first heard about the massive data breach at his company earlier this year. "I wanted to throw up. It was devastating," says Carr, recalling how he felt upon realizing that one of his worst fears had come true. "People had asked me for years 'what keeps you awake at night' and I would keep telling them it was the fear of a data breach,"
1 - 8 of 8
Showing 20 items per page