Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: enforcement

Posted in Consumer Privacy

FTC Continues to Enforce Security Statements

The Federal Trade Commission (“FTC”) has settled with two mobile application developers, Fandango and Credit Karma, over charges that they misrepresented the security of their mobile applications. According to the FTC, the developers failed to provide reasonable and appropriate security when their mobile applications transmitted consumers’ sensitive information. The particular issues noted by the FTC in its complaints against the developers differ to some degree, but the complaints share a common thread: the developers disabled the Secure Sockets Layer (SSL) protocol, which authenticates and encrypts communications across networks. In our post, we provide a high-level description of how SSL works, summarize the FTC’s complaints against Fandango and Credit Karma, and identify some important takeaways from these settlements.

Posted in Cybersecurity & Data Breaches, Health Privacy/HIPAA

Settlement for Failure to Scrub Data from Photocopier: A $1.2 Million Lesson Learned

In a recently-announced settlement between the Department of Health and Human Services Office for Civil Rights and a New York health plan, the health plan agreed to pay $1.2 million for the breach of electronic patient records stored in the internal memory of digital photocopiers leased and improperly disposed by the plan.

Posted in Consumer Privacy

California AG Sends Enforcement Letter to Developers of Popular Mobile Apps

On Tuesday, October 30, the California Attorney General Kamala Harris announced that her office has begun “formally notifying” mobile device application (“app”) operators that they are out of compliance with the notice provisions of the California Online Privacy Protection Act of 2003 (“CalOPPA”). The letters are a reminder that app developers and their partners should review their app data privacy and security practices and ensure that any apps collecting PII comply with the CalOPPA requirements, as well as other applicable Federal and state laws.

Posted in Health Privacy/HIPAA

Alaska Medicaid Settles HIPAA Security Rule Violations for $1.7 Million

Following an extensive investigation by the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR), the Alaska Department of Health and Social Services (DHSS), Alaska’s state Medicaid agency, agreed to pay $1.7 million in fines and to comply with a corrective action plan (CAP) to address gaps in its compliance with the HIPAA Privacy and Security Rules.

Posted in International/EU Privacy

Google’s Peter Fleischer: “A lot more privacy enforcement actions in 2012. And the sanctions are going to go through the roof.”

Today’s Guest Blog is from Peter Fleischer, who writes: “Since 2012 has now begun, here’s a prediction about the future: there’s going to be a lot more privacy enforcement actions. By a lot of different government authorities, not just DPAs. And the sanctions/damages are going to go through the roof. Indeed, it’s not easy to keep track of which government officials are in charge of data protection enforcement actions. There are a lot of them.” Read more in this entry.

Posted in Consumer Privacy

FCC Proposes $2.96 Million Forfeiture for TCPA Violations

The Federal Communications Commission has proposed a $2.96 million forfeiture against Travel Club Marketing, Inc. for apparent violations of the Telephone Consumer Protection Act (TCPA) and related FCC rules regarding the delivery of prerecorded messages, as well as its Caller ID rules. This enforcement action serves as a reminder to companies placing autodialed calls or delivering prerecorded messages to ensure that such calls and messages comply with federal and state laws. Otherwise, they risk not only class action litigation, but also potential regulatory enforcement fines that are imposed on a per-call basis.

Posted in International/EU Privacy

Update on Mexico’s New Privacy Law: No Immediate Enforcement, But Companies Expected to Appoint Privacy Officer and Have Written Policies

Mexico’s new privacy law goes into effect in July. While enforcement will be delayed, companies are expected to have privacy officers and written policies in place. This blog entry reports on recent comments by the head of Mexico’s privacy commission at a program organized by Hogan Lovells.

Posted in Consumer Privacy

FTC Announces Proposed Google Buzz Settlement: First Time FTC Requires Comprehensive Privacy Program

The FTC today announced a proposed settlement with Google relating to charges that Google used deceptive practices and violated its own privacy policies when Google launched its social network “Google Buzz”. For the first time ever, the FTC is requiring a “Comprehensive Privacy Program” and affirmative consent to any new or additional uses of previously collected data.

Posted in News & Events

Hogan & Hartson Prepares Guidance on Business Compliance with FTC Identity Theft Red Flags Rule

Businesses may be facing their last chance to comply with the FTC identity theft Red Flags Rule as the compliance deadline was extended over the Summer to November 1, 2009. On July 29, 2009, the Federal Trade Commission (“FTC”) announced that it will delay enforcement of its identity theft “Red Flags Rule”until November 1, 2009. This is the third [...]