I anticipate that with the big $700 billion “rescue” plan the government is going to continue the increased compliance activities…
Archive for the ‘Non-compliance Sanctions Examples’ Category
FTC Applies GLBA & FTC Act Sanctions To Mortgage Lender
Monday, November 10th, 2008The Power of Logs: IRS Examiner Sentenced & Fined For Accessing PII Without Authorization
Monday, September 1st, 2008Now, here’s a great example of an organization actually following through on their procedures to review access logs, and then to apply sanctions and take necessary other actions in response to non-compliance with not only organizational policies, but also with applicable laws…
Insider Threat Examples & 7th HIPAA Criminal Conviction
Monday, August 25th, 2008Yesterday I read about the 7th criminal conviction and sentencing that has been given under HIPAA, “Woman gets 14 months in ID theft case.”
First HIPAA Sanction Applied! $100,000 + Required Actions
Friday, July 18th, 2008My jaw almost dropped early this morning when I saw the press release from the HHS yesterday, “HHS, Providence Health & Services Agree on Corrective Action Plan to Protect Health Information”
Is it about time the HHS actually enforced HIPAA? Yes!
Without applied sanctions for noncompliance, laws and regulations are meaningless and ineffective.
I’m going to look at the Resolution Agreement closely and comment on that soon…in the meantime here is the full press release:
Texas EZPawn Throws Away Its Security Promises and Customers’ Privacy and Gets A Handed A Significant Penalty
Wednesday, July 2nd, 2008Well, here is yet another company that had a nasty habit of just throwing papers containing their customers’ personally identifiable information (PII) into publicly accessible trash cans.
On June 24 a Texas judge handed down a civil penalty of $600,000 against Texas EZPawn for tossing their customer PII, including Social Security numbers, bank account information, driver’s license numbers, date of birth, and other identifying information, into their trash cans without first irreversibly and completely shredding the papers. You can see an example of the types of records found in the trash in the court documents.
3rd HIPAA Criminal Indictment; Another Insider Job
Sunday, March 2nd, 2008AccuSearch Fined ~$200,000 For Pretexting & Selling Phone Numbers
Tuesday, January 29th, 2008AccuSearch Fined ~$200,000 For Pretexting & Selling Phone Numbers
Tuesday, January 29th, 2008Insider Threat Example: Former Cox Employee Sent To Jail (And More) For Hacking System
Sunday, January 20th, 2008It is not only important, but absolutely necessary, to let personnel know what your information security and privacy policies are, along with your organization’s sanctions, and then consistently enforce your policies. If personnel know that policies are not enforced, and that there is no negative consequence for not properly safeguarding information and systems, it becomes easy for personnel to not follow policies when it is inconvenient or time-consuming to do so. It is also easier for personnel to do bad things as vendettas when they get upset.
