In February this year, federal agencies and the Financial Industry Regulatory Authority (FINRA) announced significant privacy enforcement actions that have resulted in millions of dollars in fines.  Could a potential privacy enforcement storm be brewing?

In the past, this website has consistently listed privacy violation findings as a risk management issue that could become a financial threat capable of “closing the doors” of a business.

Our staff continues to stress privacy concerns, information security and the potential threats from cybersecurity dynamics as critical components every organization should address and possibly include in their business impact analysis, business continuity plans, exercises and testing of those plans and ongoing improvement to those plans.

The following list of recent rulings could be only the beginning of governmental actions where civil monetary rewards were sanctioned against organizations:

  1. The U.S. Department of Health and Human Services (HHS) imposed a $4.3M fine on a health plan for violations of the HIPAA Privacy Rule.  Read more …
  2. The Federal Trade Commission (FTC) settled with several resellers of consumer reports allegations that the resellers failed to adequately safeguard consumer information. Read more…
  3. FINRA imposed a $600K fine on two securities firms for failure to safeguard access to customer records.  Read more…

If applicable, where does your organization stand on their compliance capabilities to these privacy and information security regulatory requirements?

Click here to view an informative Department of Human Health and Services website that offers several examples to show how covered entities can effectively comply with the requirements of the Privacy and Security Rules.  Pass this website address along to those risk management, information security and disaster preparedness team members in your organization.

Pin It on Pinterest