Posts Tagged ‘FTC actions’

Medical records thefts

Posted: May 6, 2013 by IntentionalPrivacy in Identity theft, Vulnerabilities
Tags: , ,

What is “medical record theft” and why would someone want to steal your medical information? Simple.

The hospital or clinic a person goes to most likely keeps their records on a computerized system called an “electronic medical record” or EMR. What is a thief looking for? Your medical record contains information like your insurance company information, other identity information, financial information, and drug information. The thieves use this information to steal medical services, obtain prescriptions, and maybe even identity and financial information to use in identity theft.

And what if the hospital or clinic shares information with another business partner, such as a consulting doctor?

Recent health care breaches:

  • 780,000 medical records stolen from the Utah Department of Health on April 9, 2012. The article stated that the cyber-hackers were operating out of Eastern Europe.

What can you do if your records are stolen? Here’s what the FTC recommends: http://ftc.consumerdev.org/bcp/edu/microsites/whocares/medicalidt.shtm

The FTC is holding hearings on Medical ID theft.

References: SC magazine http://www.scmagazine.com/id-thieves-find-gold-in-medical-data/article/236302/

FTC Investigates Data Brokers … What’s a Data Broker?

Posted: January 16, 2013 by IntentionalPrivacy in Privacy, Security or Privacy Initiatives
Tags: ,

A data broker is someone who collects information on people. Exactly where does a data broker get that information and what do they with the information once they have it? The easy answer is they get this information from a variety of sources— both public and nonpublic—and resell it to other companies.

The FTC is requiring nine data brokerage companies to explain how they get this information and what they do with it. The nine companies that the FTC is requiring answers from are:

  1.  Acxiom,
  2.  Corelogic,
  3.  Datalogix,
  4.  eBureau,
  5.  ID Analytics,
  6.  Intelius,
  7.  Peekyou,
  8.  Rapleaf, and
  9.  Recorded Future

In the US, information that is collected and used for credit, employment, insurance, or housing is protected by the Fair Credit Reporting Act (also known as FCRA). Medical information is protected by  the Health Information Portability and accountability Act (HIPAA). There are no laws that govern the privacy of other types of data that can be gleaned from public records and purchased from other companies. The FTC states that the collected information is used to benefit consumers in many ways, such as fraud protection, and that this collected information also enables companies to better market their products and services.

But what about privacy?

The FTC wants data brokers to give consumers more transparency, in other words:

  1. What information do data brokers collect?
  2. Where do data brokers collect it from?
  3. Who has access to the information collected? Where is the information stored and how is it protected?
  4. How can consumers see what information has been collected on themselves?
  5. If the information the data broker has collected is incorrect, how does a consumer fix it?
  6. Can consumers opt out of having their personal information sold by a data broker?
  7. What tools exist to help consumers?

You can find more information about this topic at the FTC website: http://ftc.gov/opa/2012/12/databrokers.shtm

In March, 2012, the FTC published a guide for businesses and policymakers entitled “Protecting Consumer Privacy in an Era of Rapid Change.” To access this guide, click this link: http://ftc.gov/os/2012/03/120326privacyreport.pdf