[ Wednesday, April 18, 2007 ]
Greg Abbott on a Roll:
The Texas AG has fired off another salvo
under the Texas ID Theft act against a commercial enterprise that dumped personal information without shredding it. Texas passed a law in the last legislative session (2005) following the California law that requires businesses that use or hold sensitive personal information (account numbers, social security numbers and the like) to protect the information, shred trash that contains the information, and report security breaches. Many other states have followed California's lead.
This is the 4th case brought by the AG, and as far as I know the second "major" one. The preceding one was against a Radio Shack that threw boxes of files in the dumpster.
There was no HIPAA issue in the Radio Shack matter, but there definitely is a HIPAA issue with the CVS matter, in addition to the state law issue.
Jeff [11:02 AM]
Blogger: HIPAA Blog - Edit your Template