The FTCannounced yesterday a settlement with Epic Marketplace, an online advertising network, which prohibits Epic from further collection of data obtained by “browser sniffing” the surfing history of Internet users and requires Epic to destroy all previously collected data. The FTC did NOT ban “browser sniffing.”
Continue Reading FTC “History Sniffing” Settlement Meaningless or the Start of Something Bigger

Last week, the federal government fined Cignet Health (Maryland) $43 million for violating the privacy rights of 41 patients by denying them access to their medical records.  The fine levied by the Department of Health and Human Services is the first under HIPAA’s privacy rule.  The Department of Health and Human Services’ Office of Civil Rights determined

XY.com was a magazine that catered to gay teens, a category of users that sought privacy for personal, familial and safety reasons. The founder of the magazine, Peter Ian Cummings, shuttered the magazine in 2007, the web site in 2009, and the information collected has (presumably) sat dormant since then.

In February of this year, Cummings filed for personal bankruptcy protection. Although Mr. Cummings had little in the way of assets, he did list the editorial content and users’ personal information as a personal asset. Now, creditors of Mr. Cummings want the users’ personal information sold and the proceeds distributed to creditors. Can that happen if XY.com’s privacy policy says nothing about bankruptcy but does say “[w]e never give your info to anybody”?
Continue Reading Potential Bankruptcy Sale of Personal Information From Gay Teen Magazine Has Privacy Implications – FTC Objects

Marina Stengart, a former employee of northern New Jersey-based Loving Care Agency, sued Loving Care for wrongful termination of employment based on discrimination. Loving Care hired an outside firm to analyze Stengart’s computer for information helpful to defense of the lawsuit. The third party investigators accessed Stengart’s Yahoo! email account (presumably because of a saved password), where they found information helpful to defense of the lawsuit. Can Loving Care’s attorneys use the information found on that personal email account? What if the communications are between Stengart and her attorney?
Continue Reading NJ Supreme Court Protects Employee Personal Emails Accessed on Work Computer

CBS 3 in Philadelphia reported last night about local resident Al Butler, whose identity was stolen for use on international dating sites. As reported, criminals would create an account on international dating sites, post images of Mr. Butler taken from social media sites frequented by Mr. Butler, and pass themselves off as Mr. Butler. The “scam” would come when Fake Al Butler would ask for money from women he met on the dating site.
Continue Reading Privacy Invasion: Personal Images Posted Online Stolen for Identity Theft

During the short history Google Buzz, the opportunities for further privacy concerns of employers multiply. Let’s start with a premise that you may not have accepted: employees use Gmail. At work, Gmail is certainly one of the most popular email services for sharing email that employees do not want going through their employer’s email servers. Clients also use Gmail, sometimes because they email you from vacation, sometimes because it is the only thing they can get to work on their mobile device. In any event, Gmail is out there and it affects almost any business.
Continue Reading Latest Privacy Nightmare: Google Buzz in the Workplace