During the first week of October, plenty has happened on the data privacy and security front.
As Obamacare made its online debut with the health care insurance exchange website, concerns for digital patient records were abound. The legality of class action lawsuits against companies that are breached and data is compromised came into question in California. A data breach settlement could be the largest ever in Rock County, and experts are concerned that social media platforms put young people at a higher risk of identity theft.
On Oct. 1, Obamacare online marketplaces went live and millions of people visited the sites to see what they would need to pay for health insurance on the public exchanges. There is a provision in Obamacare that requires medical providers to switch from paper charts to electronic records. While many medical facilities have already transitioned to electronic records due to previous incentives for them to do so – with the intention of lowering healthcare costs – some privacy advocates are worried the transition is too fast,
“The thing I worry about is not that we are doing it, but that we’re doing it without the right safeguards,” said Lee Tien, a senior staff attorney with the Electronic Frontier Foundation. “We have been giving (medical providers) incentives to move into the electronic-health-records era. But we haven’t been giving them enough guidance on how they’re supposed to do it.”
California’s Data Breach Legislation
In late September, Gov. Jerry Brown signed amendments to California’s Security Breach Notification Act that require companies to adopt a new data breach response protocol and alert consumers if a user name, email address and subsequent password combination was compromised to an online account, . The measure applies to all online accounts, whether they are financial in nature or not, and even is that information isn’t combined with a user’s actual name.
However, lawyers looking to take companies to court over such data breaches did not gain any help with the new amendments. Plaintiff’s must still establish injury, not merely allegations of possible future injury – as those were not sufficient in the recent Barnes & Noble Pin Pad litigation.
Rock County Settlement
Amid a string of data breaches within Minnesota, the Minnesota Counties Insurance Trust has issued a $2 million settlement over the misuse of driver’s license information, Worthington, Minn., radio station . The case stems from the one employee submitting thousands of queries – more than 4,000 – of the Driver and Vehicle Services database, a federally protected database that was found to have been routinely abused by law enforcement and other public employees.
Nationally, people younger than 30 accounted for about a in 2012, according to data from the Federal Trade commission’s Consumer Sentinel Network report cited by the Tuscon Sentinel.
“All the different places that young people communicate, they make themselves vulnerable to those that are professionals in finding out about people and using it,” said Kathleen Winn, director of the Community Outreach & Education Division in the Arizona Attorney General’s Office.
Particularly, social media websites that use apps or programs alerting individuals that a user has “checked in” to a restaurant or location in another city can tip off others who may have access to their home, enabling them to steal documents required to steal another’s identity. According to Eva Casey-Velasquez, president and CEO of the Identity Theft Resource Center, said young people don’t have the same perspective as others when it comes to sharing things online, especially when intimate information is shared that could help a third party crack security questions and gain access to online.
Matt Cullina is chief executive officer of IDentity Theft 911.