The FTC has entered into a settlement with LightYear Dealer Technologies, doing business as DealerBuilt, a technology company that develops and sells dealer management system (DMS) software and data processing services to automotive dealerships nationwide. The settlement resolves allegations that DealerBuilt engaged in a number of unreasonable data security practices. The DealerBuilt’s DMS software tracks, manages, and stores information related to all aspects of a dealership’s business, including sales, finance, inventory, accounting, payroll, and parts and service and collects and maintains personal and competitively sensitive information about consumers and employees.
Author: Discerning Data Editorial Board
Nevada’s Privacy Law Granting Opt-Out Rights Is First Out of the Gate
On May 29, 2019, Nevada Governor Steve Sisolak signed into law SB 220, which amends Nevada’s security and privacy law to require an operator of a website or online service for commercial purposes to permit consumers to opt-out of the sale of any covered personally identifiable information that the operator has collected or will collect about the consumer. The law becomes effective October 1, 2019, several months before the California Consumer Privacy Act’s (CCPA) effective date of January 1, 2020, and is therefore set to become the first of its kind to be implemented in the U.S.
Continue reading “Nevada’s Privacy Law Granting Opt-Out Rights Is First Out of the Gate”
Oregon Amends Data Breach Notification Law to Apply to Vendors
On May 24, 2019, Oregon Governor Kate Brown signed into law Senate Bill 684, which requires vendors, service providers and other entities that maintain or possess consumers’ personal information to notify consumers of a security breach.
Continue reading “Oregon Amends Data Breach Notification Law to Apply to Vendors”
Business Associate Failed to Safeguard 3.5 Million Patients’ Medical Records
Medical Informatics Engineering, Inc. and its wholly-owned subsidiaries (MIE) and the Office for Civil Rights at the U.S. Department of Health and Human Services (HHS-OCR) entered into a $100,000 settlement and two-year corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA).
Continue reading “Business Associate Failed to Safeguard 3.5 Million Patients’ Medical Records”
As Cyberattacks Rise, U.S. Business Readiness Falls
Two recent reports reflect that cyberattacks and resulting data breaches continue to threaten U.S. companies and public entities. The Hiscox Cyber Readiness Report (April 23, 2019), compiled from a survey of more than 1,000 U.S. cybersecurity professionals at private companies and public-sector entities with 50 to 1,000+ employees, found that 53% of firms reported at least one cyberattack – up from 38% in 2018. Interestingly, only 11% of U.S. firms qualified as experts based on their cybersecurity preparedness and responses – down from 26% in last year’s survey; 16% of firms ranked as intermediate, and the remaining 73% ranked as novice. These statistics reflect a continuing need for public- and private-sector emphasis on cybersecurity preparedness and incident response.
Continue reading “As Cyberattacks Rise, U.S. Business Readiness Falls”
$3 Million Settlement for Exposure of and Latent Response to Exposure of 300,000 Patients’ Protected Health Information
Touchstone Medical Imaging (Touchstone) and the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) entered into a no-fault settlement and two-year corrective action plan (CAP) to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA).