Retailer TJX and data brokers Reed Elsevier/Seisint have both agreed to consent orders with the FTC for their individual data breach cases. While no fines were levied in either case, both companies are required to build and audit comprehensive data security programs.
In a letter to Massachusetts regulators, Hannaford identified malware installed on servers at each of their stores as the culprit in their massive data breach (CNET reports). The malware intercepted credit card information at the point of sale (a first in security breach annals, where most have resulted from hacks into databases) and sent it to fraudsters overseas.
Just in time to hash over at the privacy or consumer protection conference of your choice, the CDT has issued a document outlining what it suggests a compendium of proposed approaches for determining what should be classified as "sensitive data" for the FTC’s proposed self-regulatory guidelines for behavioral targeting.
The document gathers together relevant definitions and their contexts from an array of privacy-related laws, guidelines and policy proposals, including HIPAA, COPPA and the EU directive. The CDT’s own proposal to the FTC town hall meeting last year comes first, with it’s controversial definition of PII (including both IP address and profiling data unconnected to any additional identifiers).
Since the supermarket chain’s public announcement last week that its network was breached compromising the security of 4.2M payment cards, Hannaford Bros. Co. has been sued in four different consumer class action law suits. The suits allege negligence, breach of implied contract to safeguard customer payment card information, and violation of state unfair trade practices laws. The suits also allege that Hannaford failed to notify customers of the breach in a timely fashion.
According to the World Privacy Forum, medical identity theft is on the rise, and the problem will only get worse before it gets better. This article from msnbc illustrates the issue and how it can impact individuals in a worse way than financial identity theft.