Data Privacy Day is January 28, 2010.  Data Privacy Day 2010 is a division of The Privacy Projects, a nonprofit think tank and research organization dedicated to facilitating the role of consumer privacy and data protection in regulatory controls, technological innovation and consumer protection with key stakeholders; to the development and promotion of privacy standards;  and to the promotion of collaboration, cooperation and shared responsibility in the areas of individual data protection and commercial management of personal information.

According to its website, Data Privacy Day is an annual international celebration to raise awareness and generate discussion about information privacy.  In 2009, both the U.S. Senate and House of Representatives recognized January 28th as National Data Privacy Day.

Over the past few years, privacy professionals, corporations, government officials and representatives, academics, and students in the United States, Canada, and 27 European countries have participated in a wide variety of privacy-focused events and educational initiatives in honor of Data Privacy Day.  They have conducted discussions, examined materials and explored technologies in an effort to bring information privacy into our daily thoughts, conversations and actions.

Data Privacy Day has also provided an opportunity to promote teen education and awareness about privacy challenges when using mobile devices, social networking sites and other online services.

For more information about Data Privacy Day or The Privacy Projects, click here.

The Massachusetts Supreme Judicial Court issued an order on January 7, 2010 regarding the protection of specific personal information collected and maintained by the Massachusetts judicial branch in accordance with M.G.L. c. 93H.

The Order requires protection of specified personal information, as defined by M.G.L. c. 93H, of all individuals, including non-residents.  Each appellate court, the Trial Court and any court affiliate
that owns, stores or maintains such personal information is required to develop and implement an information security program to protect personal information from a data breach.

According to the Order, the program is to ensure that courts and court affiliates collect the minimum quantity of personal information reasonably needed to accomplish the legitimate purpose for which the information is collected; securely store and protect the information against unauthorized access, destruction, use, modification, disclosure or loss; provide access to and disseminate the information only to those who reasonably require the information to perform their duties; and destroy the information as soon as it is no longer needed or required to be maintained.

The SJC’s Order sets out the details of what such information security program shall include.  The Order also provides for departmental reviews of the collection and maintenance of personal information; review of the manner in which personal information is electronically stored; and requires that all contracts entered into by the judicial branch contain provisions regarding data breach notification and require compliance with court information security programs.

Compliance with the Order is required by September 1, 2010.  To see the SJC’s complete Order on the Protection of Personal Information, click here.

A mortgage broker who discarded consumers’ personal financial records in a publicly- accessible dumpster paid a $35,000 civil penalty to settle Federal Trade Commission charges.

According to an FTC complaint filed in December 2008, the defendant improperly disposed of about 40 boxes of sensitive consumer records collected by companies he had owned, including tax returns, mortgage applications, bank statements, photocopies of credit cards and drivers’ licenses, and at least 230 credit reports. In addition, two mortgage brokerage companies he previously owned failed to provide reasonable and appropriate security for sensitive consumer information, despite promising they would do so.

In addition to the $35,000 penalty, the settlement order also provides that the defendant is barred from misrepresenting measures taken to protect sensitive consumer information and failing to take reasonable measures to protect credit report information during its disposal. The order also requires the defendant to employ a comprehensive information security program for sensitive consumer information, and to hire an independent, third-party security professional to review the program every year for 10 years to ensure that it meets or exceeds the order’s requirements.

To read the compete FTC Press Release on the settlement, click here.

Connecticut Attorney General (AG) Richard Blumenthal announced that he is suing Health Net of Connecticut for a data breach resulting in the exposure of patient medical records and financial records of 446,000 Connecticut enrollees, which were allegedly stored on an unecrypted portable computer disk drive that disappeared from the company’s office in Shelton, Conn on or about May 14, 2009.

This case will mark the first action by a state general involving violations of HIPAA since the Health Information Technology for Economic and Clinical Health (HITECH) Act, which authorizes state attorneys general to enforce HIPAA.

For more information about this data breach, click here for the complete story on HealthImaging.com.

At a meeting with New York Times staff, the chairman of the F.T.C., Jon Leibowitz, and David Vladeck, chief of the commission’s Bureau of Consumer Protection, discussed online privacy and the news business, among other topics. Both individuals have indicated that they expect the FTC to take a more active role in safeguarding consumer privacy. This may also be in light of the pending federal legislation the Data Accountability and Trust Act.

Among topics covered at the meeting were that few people actually read website privacy policies and questions regarding use of consumer data with respect to its use by data brokers, data aggregators, social networks, cloud computing and mobile marketing. (These subjects will be part of a Jan. 28 F.T.C. roundtable on privacy, held in Berkeley, Calif.)

For more information, read the New York Times blog about their meeting with the F.T.C. here. http://mediadecoder.blogs.nytimes.com/2010/01/11/ftc-has-internet-gone-beyond-privacy-policies/