Data Breach

California issues first statewide breach report

Data breach — The state of California issues a first-ever statewide data breach report. In 2012, 2.5 million Californians had their data breached. Of those breached, the study found that The report found that “1.4 million Californians would have been protected if companies had encrypted data when moving or sending the data out of the company’s network.”

US Department of Health and Human Services fines Arizona provider $100,000 for HIPAA violations

In a rare enforcement action of HIPAA, HHS fined an Arizona health care provider $100,000 for a variety of HIPAA violations, especially regarding electronic exchanges of protected health information. The HHS document outlining the reasons for the fine should act as a wake-up call to health care providers using public email, calendaring, and other tools for communication of ePHI. HHS specifically noted that the fined health care provider did not conduct an adequate risk assessment prior to using the email and Internet tools. The full HHS document is a must-read for health care providers. WPF has been warning about the need for full e-risk assessments since 2005 and strongly advocates for medical-identity-theft-specific risk assessments.

WPF requests more information about Ceridian data breach and the FTC complaint process

Data breach — The World Privacy Forum filed comments with the Federal Trade Commission regarding its consent decree against Ceridian regarding a substantial data breach. WPF has requested that the Commission present more facts in the case to the public, and has also requested more clarity about the FTC complaint process, noting that it is not a transparent process for the public.