FTC Settles With Blood Bank for Failure To Protect Data
DATA LOSS—U.S.January 29, 2013
The Federal Trade Commission (FTC) has agreed to settle with a blood bank firm, alleging that CBR Systems made false and deceptive claims to its customers regarding “reasonable and appropriate” steps to protect their data. A company laptop, hard drive and unencrypted backup tapes containing Social Security numbers, credit card numbers and other sensitive personal data of nearly 300,000 individuals were stolen from an employee’s car in 2010, The Hill reports. CBR Systems has agreed to create an information security program and will undergo biannual audits for the next 20 years. FTC Commissioner Maureen Ohlhausen said the agency plans to focus on companies’ data security measures this year as well as its study of the data broker industry and continued attention to advances in facial recognition technology, the report states. Editor’s Note: Ohlhausen and Foley & Lardner Partner Andrew Serwin, CIPP/US, CIPP/E, CIPP/G, will share their expertise during the breakout session Conversations in Privacy: A Talk with Commissioner Ohlhausen at the IAPP Global Privacy Summit in Washington, DC.