January 2, 2014 — WPF Executive Director Pam Dixon was a guest on CBS KNX 1070 in Los Angeles this morning talking about the Snapchat data breach, the Target data breach, and what to do to prevent privacy snafus.
Data breach — The state of California issues a first-ever statewide data breach report. In 2012, 2.5 million Californians had their data breached. Of those breached, the study found that The report found that “1.4 million Californians would have been protected if companies had encrypted data when moving or sending the data out of the company’s network.”
Consumers can learn about Medical Identity Theft, what how to avoid it, and what actions to take if you are a victim.
In a rare enforcement action of HIPAA, HHS fined an Arizona health care provider $100,000 for a variety of HIPAA violations, especially regarding electronic exchanges of protected health information. The HHS document outlining the reasons for the fine should act as a wake-up call to health care providers using public email, calendaring, and other tools for communication of ePHI. HHS specifically noted that the fined health care provider did not conduct an adequate risk assessment prior to using the email and Internet tools. The full HHS document is a must-read for health care providers. WPF has been warning about the need for full e-risk assessments since 2005 and strongly advocates for medical-identity-theft-specific risk assessments.
Data breach — The World Privacy Forum filed comments with the Federal Trade Commission regarding its consent decree against Ceridian regarding a substantial data breach. WPF has requested that the Commission present more facts in the case to the public, and has also requested more clarity about the FTC complaint process, noting that it is not a transparent process for the public.