Some readers might appreciate an update as to what
happened when Bronx-Lebanon Hospital Center and iHealth Solutions
sent legal
threat letters to this site after I notified them and reported that they
were leaking
protected health information. As I
previously noted,
I was – and remain – very grateful to Covington
& Burling for their representation of me and this site in the matter. Their entrance into the matter produced an
immediate shift in the law firms’ tones from strident demands to requests.
But the story doesn’t end there, and this might be
categorized under your “payback’s a bitch” category. Read on….
It seems that the hospital and vendor had also sent threat
letters to Kromtech Security Research Center, who had discovered
the leak. For reasons that are not
totally clear to me, Kromtech
quickly agreed to the lawyers’ request that they destroy all the data they had
downloaded in their research.
Any relief the vendor and hospital may have felt over
Kromtech’s cooperation was likely short-lived, however. Kromtech informed me that they were subsequently asked to tell the entities which
patients’ data they had downloaded so the entities would know whom
to notify. But of course, Kromtech could
not provide that information because they had deleted all the data in response
to the entities’ first demand/request. D’oh?
Now the entities could just notify everyone who had
PHI/PII on the server, of course, but it seemed like they were trying to narrow
the universe to only those whose data wound up in Kromtech’s hands – or this
site’s – or NBC News’ hands. And now
Kromtech could not tell them which patients had data in the 500 mb of data they
had downloaded and then destroyed.
But Kromtech had sent a subset of that data to
DataBreaches.net, who had not destroyed the data it possessed. If DataBreaches.net wanted to be helpful, it
could go through all the data and let the entities know which patients had data
in there, right?
Would this be a good time to remind everyone that the
entities had threatened me and this site?
And would it be important to point out that they never
directly apologized to me for their heavy-handed threats?
I might have been able to spare the vendor and hospital
some notifications if I was willing to donate my time to going through files to
compile information for them, but I’m not willing.
I’m not willing, in part, because I do not want to be
going through PHI if it’s not for my reporting purposes. And I’m not willing because why should I have
to spend my valuable time compiling information for entities that tried to
bully me and who now need my help to help them clean up their mess??
So what are the lessons that I wish entities and their
lawyers would learn from all this?
1. Don’t
rush to send legal threat letters. What
your mother taught you about catching more flies with honey than vinegar
appears true here, too; and
2. If
you wouldn’t send a legal threat to the New York Times over their
reporting, don’t send one to me. This
site may be small, under-funded, under-staffed, and under-appreciated, but with
the support of great law firms like Covington & Burling, this site will
always fight back against attempts to erode press freedom or chill speech.
(Related). A
reasonable guide for the thoughtful organization.
Legal impact of Data Protection and Management in the Digital
Age
With increasing access to mobile devices and the internet,
the amount of data created annually worldwide is predicted to soar to 180
zettabytes (180 trillion gigabytes) in 2025, with approximately 80
billion devices connected to the Internet.
1. Have a clear understanding of how personal data
is used and managed in your organisation. Some questions that business leaders need to
ask include what personal data has been collected, who has access to this data,
whether the purposes of processing of such personal data are lawful, where and
how it is kept and secured, and how long such personal data is kept on file.
2. Conduct regular audits and penetration testing.
The authorities do recognise the fact
that cyber criminals often use sophisticated measures in their attacks. However, as seen with the many data breaches
around the world, it is most often the case that the organisation itself has
failed to have sufficient security measures in place. It is also a known fact that many
organisations are not doing enough to protect customer data or their important
data. At the bare minimum, organisations
need to meet the regulatory standards for data protection and compliance.
3. Be willing to seek external advice. By working closely with professionals such as
specialised lawyers with the relevant expertise, organisations will be able to
have a better understanding of other factors that could affect their business
decisions, such as a digital transformation initiative to move data to the
cloud.
A New Jersey saying, “Sometimes it’s easier to hide bits
and pieces than a whole body.”
Second Amendment right to meet people at the door with a
machete by your side?
Yes, says the New Jersey (!) Supreme Court in yesterday’s
unanimous State
v. Montalvo opinion
The future? Schools
drop cursive, newspapers drop print?
The Washington Post to start experimenting with audio
articles using Amazon Polly
The Washington Post today announced it has started
experimenting with audio articles using Amazon
Polly, a service that converts article text into lifelike speech. For the next month, mobile users will be able
to listen to an audio version of four articles daily across business,
lifestyle, technology and entertainment news categories.
Who knew that beans and rice were worth a price war?
German Grocery Chain Aldi to Invest $3.4 Billion to Expand
U.S. Stores
German
grocery chain Aldi said on Sunday it would invest $3.4 billion to expand
its U.S. store base to 2,500 by 2022, raising the stakes for rivals caught in a
price war.
…
German
rival Lidl will open the first of its 100 U.S. stores on June 15. In May, Lidl said it would price products up
to 50% lower than rivals.
Wal-Mart
Stores, the largest U.S. grocer, is testing lower prices in 11 U.S. states and pushing vendors to undercut rivals by 15%. Wal-Mart, the world's biggest retailer, is
expected to spend about $6 billion to regain its title as the low-price leader,
analysts said.
… The furious pace
of expansion by Aldi and Lidl is likely to further disrupt the U.S. grocery
market, which has seen 18 bankruptcies since 2014. The two chains are also upending established
UK grocers like Tesco and Wal-Mart's UK arm, ASDA.
No comments:
Post a Comment