New California privacy enforcement office — California Attorney General Kamala Harris has created a new privacy protection and enforcement unit. The unit will be housed in the Department of Justice and will focus on protecting consumer and individual privacy through civil prosecution of state and federal privacy laws, a news release said. “The Privacy Unit’s mission to enforce and protect privacy is broad. It will enforce laws regulating the collection, retention, disclosure, and destruction of private or sensitive information by individuals, organizations, and the government. This includes laws relating to cyber privacy, health privacy, financial privacy, identity theft, government records and data breaches. By combining the various privacy functions of the Department of Justice into a single enforcement and education unit with privacy expertise, California will be better equipped to enforce state privacy laws and protect citizens’ privacy rights. ” Joanne McNabb, who ran the now de-funded California Office of Privacy Protection, will serve as director of privacy education and policy for the unit.
In a rare enforcement action of HIPAA, HHS fined an Arizona health care provider $100,000 for a variety of HIPAA violations, especially regarding electronic exchanges of protected health information. The HHS document outlining the reasons for the fine should act as a wake-up call to health care providers using public email, calendaring, and other tools for communication of ePHI. HHS specifically noted that the fined health care provider did not conduct an adequate risk assessment prior to using the email and Internet tools. The full HHS document is a must-read for health care providers. WPF has been warning about the need for full e-risk assessments since 2005 and strongly advocates for medical-identity-theft-specific risk assessments.
01/23/2012 GPS tracking | United States v. Jones — The US Supreme Court unanimously ruled that police must get a warrant before using GPS devices to track criminal suspects. This case was narrow and dealt specifically with a GPS device physically attached to a suspect’s vehicle. The concurring opinion of Justice Sotomayor points out that the subtler issues of digital era tracking were not dealt with in this case, for example, cell phone tracking, web site tracking, etc. She wrote: “More fundamentally, it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties. E.g., Smith, 442 U. S., at 742; United States v. Miller, 425 U. S. 435, 443 (1976).” She continued: “This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks.”
Stop SOPA & PIPA —- The World Privacy Forum is deeply concerned about the profound, far-reaching privacy consequences of two bills, SOPA and PIPA. The bills have many negative aspects. In terms of the privacy impacts, one of the serious consequences is that the right to create and use anonymization software tools would be essentailly
LifeLock — The Federal Trade Commission began sending checks to almost a million consumers who were subscribers to the LifeLock ID theft protection service. LifeLock agreed to pay fines of $11 million to the FTC and $1 million to a group of state attorneys generals to settle charges that had been made against the company. Consumers with questions about this distribution may call 888-288-0783 or see the FTC’s web page on this, http://www.ftc.gov/refunds.