Federal Trade Commission (FTC)

World Privacy Forum asks FTC to reconsider proposed consent agreement with CVS

CVS Caremark | FTC proposed consent agreement — The World Privacy Forum filed comments with the Federal Trade Commission in response to its proposed consent agreement with the CVS Caremark pharmacy chain. The proposed agreement is in resonse to a CVS data breach. The agreement does not impose a monetary penalty on CVS, and does not provide remedies for consumers affected by the data breach.

Public Comments: March 2009 – Comments on the Proposed Consent Agreement with CVS / Caremark

The World Privacy Forum filed comments with the Federal Trade Commission in response to its proposed consent agreement with the CVS Caremark pharmacy chain. The proposed agreement is in resonse to a CVS data breach. The agreement does not impose a monetary penalty on CVS, and does not provide remedies for consumers affected by the data breach. The World Privacy Forum urged the FTC to reconsider the agreement.

CVS Caremark pharmacy chain agrees to pay $2.25 million to settle charges of HIPAA violations; also settles with the FTC

Medical privacy | HIPAA | FTC — According to a legal complaint, CVS pharmacies — the largest pharmacy chain in the United States — did not take appropriate steps to protect its customers’ and employees’ sensitive information when it improperly disposed of documents, labels, prescription bottles, and other items with clearly identifiable and highly sensitive personal information such as SSNs, prescription information, driver’s license numbers, and other information still on those materials. CVS agreed to pay $2.25 million to settle its violations of HIPAA as part of a Resolution Agreement with the Department of Health and Human Services. CVS has also signed a consent agreement with the FTC; the public can comment on this agreement until March 20, 2009. The World Privacy Forum will be filing comments with the FTC on the consent agreement with CVS, which we will post here.

World Privacy Forum Files FTC Complaint About AOL Data Releases

Internet privacy — The World Privacy Forum filed a complaint today with the Federal Trade Commission regarding AOL’s multiple releases of portions of its users’ search query histories. The complaint discusses AOL search query releases from 2004 and 2006. The complaint alleges that the data release was intentional, and due to significant identifiability issues of the data subjects, that the releases are harming some AOL customers, and that AOL customers did not know their search histories would be made available to the public. The World Privacy Forum urges consumers to take precautions when using search engines.