Google for years has said that it takes privacy very seriously, but the company’s recent $22.5 million settlement with the Federal Trade Commission for breaking privacy promises and its commitment last year to endure 20 years of FTC privacy audits following “deceptive privacy practices” is pushing the company to take privacy with new, improved seriousness
The New Jersey legislature, for instance, this week passed a bill (A-1238) that says copy machines and scanners should have their hard drives erased or otherwise modified to make sure records stored digitally on them are no longer viewable after the owner gets rid of the machines.
It maintains information about people who share the same phone number or address, “non-obvious” relationships between individuals, loans for dental work, magazine subscriptions, rental history, real estate assets, investment wealth, retail purchasing, the type of federal tax return someone files, marital status, employment, utility payments, cable TV accounts, criminal records, debt-to-income ratios, changes of address, motor vehicle files, post office boxes, inferences about someone’s capacity to pay bills, predictions about someone’s propensity to pay, links to past and potential fraud crimes–and more
The FTC alleged that after the personalized offers feature was enabled, extensive information was collected from the user and transmitted to Upromise, including the names of all websites visited, all links clicked by the user and information that users entered into certain web pages, such as usernames, passwords, search terms, credit card information, expiration dates, security codes and social security numbers. The FTC alleged that there was no way a user would be able to detect the extent of the data being collected by the Upromise software without special software and technical expertise
Entertainment companies seeking to trace people who are illegally file sharing may be interested in new research that could identify filesharers through their Skype accounts.
The General Hospital Corporation and Massachusetts General Physicians Organization Inc. (Mass General) has agreed to pay the U.S. government $1,000,000 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule, the U.S. Department of Health and Human Services (HHS) announced today.
If anyone doubted that there is a cost to ignoring privacy regulations, $5.3 million in penalties doled out last week for violations of the Health Insurance Portability and Accountability Act (HIPAA) should put such doubt to rest. Not only is the government pursuing enforcement, but it is going to come down particularly hard on organizations that don’t take it seriously.
On Tuesday, the HHS Office for Civil Rights announced that it has issued its first-ever civil penalty for HIPAA privacy rule violations, the Washington Post reports.OCR fined Cignet Health — a health center based in Maryland — $4.3 million for failing to provide copies of medical records to 41 patients who requested them from September 2008 to October 2009
The cost of achieving regulatory security compliance is on average $3.5 million each year, according to a survey of 160 individuals leading the IT, privacy and audit efforts at 46 multinational organizations
Facebook has been the subject of intense scrutiny over privacy concerns…again. Or, is it still? Facebook is not alone, however, as Twitter and Android have also been recent targets of privacy ire. Each of these privacy incidents has something else in common as well–they are a result of relationships with third-parties that users have approved.