Did CVS’s conduct result in the disclosure of records about one hundred patients? We would like to think that there might be a greater consequence for a violation that affected a large number of patients, but we have no way of being able to make a judgment here due to the lack of facts. Did CVS’s conduct result in the disclosure of records about one million patients? We do not know from the Commission’s disclosures in this case. The analysis released by the Commission essentially repeats the same summary of the facts. When discarded in publicly-accessible dumpsters, such information can be obtained by individuals for purposes of identity theft or the theft of prescription medicines. The personal information found in the dumpsters included information about both CVS’s customers and its employees. For example, in July 2006 and continuing into 2007, television stations and other media outlets reported finding personal information in unsecured dumpsters used by CVS pharmacies in at least 15 cities throughout the United States. As a result of the failures set forth in Paragraph 7, CVS pharmacies discarded materials containing personal information in clear readable text (such as prescriptions, prescription bottles, pharmacy labels, computer printouts, prescription purchase refunds, credit card receipts, and employee records) in unsecured, publicly-accessible trash dumpsters on numerous occasions. The only facts in the consent order about CVS’s conduct that gave rise to the complaint are these:Ĩ. Neither the complaint nor the consent order contains sufficient facts to permit any member of the public to assess whether the Commission’s proposed consent order is reasonable. We are hopeful that the FTC will consider our comments and the potential for harm, and as a result make adjustments in the final consent order. Regarding the consent order, we have several basic objections to the consent order as it stands in its current form. We appreciate that the FTC has taken this action consumer privacy breaches in the area of sensitive medical records can bring much harm to impacted individuals. Our focus is on conducting in-depth research and analysis of privacy issues, including issues related to health care. The World Privacy Forum is a non-partisan, non-profit public interest research and consumer education organization. The notice appeared on March 25, 2009, 74 Federal Register 12870-12871. 072 3119, In the Matter of CVS Caremark Corporation. The World Privacy Forum offers comments on the proposed consent order in FTC File No. Washington DC 20580 Re: CVS Caremark, File No. The agreement does not impose a monetary penalty on CVS, and does not provide remedies for consumers affected by the data breach.The World Privacy Forum urged the FTC to reconsider the agreement. The proposed agreement is in resonse to a CVS data breach. The World Privacy Forum filed comments with the Federal Trade Commission in response to its proposed consent agreement with the CVS Caremark pharmacy chain.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |