Data scandal is huge blow for Facebook – and efforts to study its impact on society; Guardian, March 18, 2018

Olivia Solon, Guardian; Data scandal is huge blow for Facebook – and efforts to study its impact on society

"The revelation that 50 million people had their Facebook profiles harvested so Cambridge Analytica could target them with political ads is a huge blow to the social network that raises questions about its approach to data protection and disclosure.

As Facebook executives wrangle on Twitter over the semantics of whether this constitutes a “breach”, the result for users is the same: personal data extracted from the platform and used for a purpose to which they did not consent.

Facebook has a complicated track record on privacy. Its business model is built on gathering data. It knows your real name, who your friends are, your likes and interests, where you have been, what websites you have visited, what you look like and how you speak."

Target to Pay $18.5M to States Over Data Breach; Inside Counsel, May 24, 2017

P.J. D'Annunuzio, Inside Counsel; 

Target to Pay $18.5M to States Over Data Breach

"Deterrence was a major theme brought up by many of the attorneys general who released statements about the agreement.

The $18.5 million settlement with the states, coupled with the $10 million consumer class action settlement approved last week, may seem like a drop in the bucket for a retail juggernaut like Target, but according to Lambiras, the deterrent effect lies in the residual legal and public relations costs companies incur following a data breach.

In a statement Tuesday, Connecticut Attorney General George Jepsen said the settlement should serve as a wake-up call to companies to tighten their data security. He also gave kudos to Target for working with authorities after the breach."

Big Settlement in Privacy Case Involving 2 Patients, HIV Data; Gov Info Security, May 24, 2017

Marianne Kolbasuk McGee, Gov Info Security; Big Settlement in Privacy Case Involving 2 Patients, HIV Data

"Sensitive Health Information

The high settlement amount paid by St. Luke's in a case involving privacy incidents impacting only two individuals reflects the sensitive nature of information that was breached.

"There is no doubt that OCR felt compelled to act due to the sensitivity of the PHI disclosed, that the organization should have been aware of the enhanced safeguards surrounding this type of PHI and there had been repeated occurrences of similar unauthorized disclosures," says privacy attorney David Holtzman of security firm CynergisTek.

"The message here is fix your problems when they happen," notes privacy attorney Kirk Nahra of the law firm Wiley Rein. "This was obviously a particularly sensitive piece of information, and it is possible that this also implicates a request for confidential communication or request for restriction in the HIPAA individual rights. So, while the [settlement] number may seem a bit high, this is both a repeated problem, and one that was not fixed, as well as a particularly harmful step.""