The Office for Civil Rights (OCR) recently settled a tenth case under its right-to-access initiative with California-based Riverside Psychiatric Medical Group (RPMG), for $25,000.

Although a relatively small settlement in the amount paid, it shows that the OCR is taking patients’ requests for access to their medical records seriously, and that no complaint is too

We previously reported that Cottage Health, a health care entity operating several hospitals in California, settled with the State of California for $3 million in regard to a security incident that occurred in 2013. On February 7, 2019, the Office for Civil Rights (OCR) issued a press release that it settled HIPAA violations in December

We previously wrote about the Yahoo data breaches, subsequent class action pending in California, and the company’s estimate of potential settlement costs. Based on the Plaintiffs’ recent Motion for Preliminary Approval of Class Action Settlement, filed on October 22, 2018, the parties have tentatively agreed to settle the case for $50,000,000 in settlement funds, $35,000,000 in attorneys’ fees, and $2,500,000 in expenses. Additionally, class members will be able to avail themselves of various credit monitoring services, and the class representatives who filed the action will be entitled to between $7,500 and $2,500 each, exclusive of the settlement funds, depending on the nature of their involvement. The settlement would apply to both the pending federal class action—before District Judge Lucy H. Koh—and similar state court litigation. 
Continue Reading Parties Seek to Settle Yahoo Data Breach Class Action for $50M

In late August, the Attorney General of the State of New York announced a $200,000 settlement with a New York-based non-profit organization that provides services to developmentally disabled individuals and their families after concluding that the organization exposed sensitive personal information of its clients on the Internet for almost three years.

The settlement is the

On February 13, 2018, the HHS Office for Civil Rights (OCR) announced a $100,000 settlement with a court-appointed receiver representing Filefax, Inc. (Filefax) arising from the 2015 discovery of medical records that contained protected health information (PHI) of over two thousand individuals in a dumpster. Filefax, a now-defunct medical records moving and storage company located

The Federal Trade Commission (FTC) has approved its proposed settlement with Lenovo, Inc. over the installation of pre-installed advertising software called VisualDiscovery onto Lenovo laptops. According to the FTC, the pre-installed software “interfered with how a user’s browser interacted with websites and created serious security vulnerabilities.”

The settlement requires Lenovo to not misrepresent the features

Home Depot announced on March 7, 2016, that it is agreeing to settle claims against it for the massive data breach that occurred in 2014, affecting up to 56 million debit and credit card holders for at least $19.5 million, and up to $28 million, including attorneys’ fees and costs.

The settlement includes the

In its largest settlement ever obtained through an enforcement action, the Federal Trade Commission (FTC) announced yesterday that it had settled with identity theft protection firm LifeLock for $100 million. The no-fault settlement relates to a 2010 FTC enforcement action against LifeLock in which the FTC alleged that LifeLock misrepresented the effectiveness of its products

Visa, Inc. announced on August 18th that it has reached a settlement with Target for $67 million to reimburse Visa for costs associated with the Target data breach in late 2013, including issuing millions of new cards to affected consumers.

Target was unable to reach a similar proposed settlement with MasterCard (view related posts Proposed