Businesses working with U.S. customer or employee data are very familiar with the roles the Federal Trade Commission (FTC), U.S. Department of Health and Human Services, and other federal agencies play in privacy regulation and enforcement.
But, increasingly, if your company ends up facing a health – or other data – incident, you may find yourself dealing with state attorneys general as well. Recent comments by privacy and consumer protection officials indicate that states are looking to shift their attention from retail breaches (involving compromised credit card information) to breaches involving personal information of “higher-risk,” including health care data.
As enforcement activity in the health care privacy/security sector continues to reflect significant participation by both the OCR and FTC, state AGs may start to bridge the gap between the two federal agencies.
To learn more about State AGs’ increasing interest in this area, and how it could affect your company, read our post “State AGs Upping the Ante on Health (and Other) Information Data Incidents – Expect Increased Enforcement Actions” on Reed Smith’s Technology Law Dispatch blog.