Good data security is having “defensive depth” to information systems, says Alain Sheer, an attorney in the Federal Trade Commission’s division of privacy and identity protection. Sheer made the comments as a speaker at the Safeguarding Health Information Conference in Washington, citing examples of the need for multiple levels of defense.
CVS Pharmacies was assessed sanctions, for example, after it was found to be disposing paper records of identifiable medical and payment card information in public dumpsters. For falsely representing to the public that it would protect the information, CVS was charged with deception, as well as unfair practices, by the FTC.
The Department of Health and Human Services' Office for Civil Rights further imposed a $2 million fine and a three-year collective action plan on CVS.
Peer-to-peer file sharing programs, Sheer warned, also pose security risks.