Privacy Enforcement Tracker

1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.

1,285

Total Actions

Jurisdictions

$35.3B+

Total Fines Tracked

Access this data programmatically:MCP Server API Docs

NJApril 4, 2018Settlement

Virtua Medical Group, P.A.(Virtua Medical Group)

Virtua Medical Group agreed to pay $417,816 and implement a corrective action plan to settle allegations that it failed to properly secure electronic protected health information (ePHI). A vendor's server misconfiguration publicly exposed the medical records of over 1,650 patients via Google searches. The New Jersey Division of Consumer Affairs found VMG violated HIPAA's Security and Privacy Rules by not adequately vetting the vendor's security and failing to conduct proper risk analysis.

HighHealth DataSecurity FailureBreach Notification Delay

$418K

CANovember 22, 2017Settlement

Cottage Health System

Cottage Health System experienced two data breaches exposing medical information of over 50,000 patients due to inadequate security measures. The settlement requires a $2 million penalty and upgrades to security practices, including designating a Chief Privacy Officer.

HighHealth DataSecurity Failure

$2.0M

NJSeptember 5, 2017SettlementMultistate

Lenovo Inc.(Lenovo)

New Jersey joined 31 other states and the FTC in a $3.5 million settlement with Lenovo for pre-installing VisualDiscovery ad software on laptops that created a 'man-in-the-middle' security vulnerability, intercepting users' encrypted data without adequate disclosure or opt-out mechanisms. The settlement requires Lenovo to improve transparency, obtain affirmative consent, provide effective opt-out tools, and implement a long-term security compliance program with independent audits.

HighSecurity FailureUnauthorized Data SharingNotice Failure

$3.5M

CASeptember 5, 2017SettlementMultistate

Lenovo

Lenovo preinstalled 'Visual Discovery' software on its computers that intercepted browsing data and broke encrypted connections without user consent, compromising security and privacy. The multi-state settlement imposes a $3.5 million penalty and requires Lenovo to implement disclosure, consent, opt-out, and security compliance measures.

HighNotice FailureConsent FailureOpt-Out Failure

$3.5M

NJAugust 9, 2017SettlementMultistate

Nationwide Insurance(Nationwide)

Nationwide Insurance settled a multi-state investigation into a 2012 data breach that exposed personal information of 1.27 million consumers due to failure to apply a security patch. The settlement requires enhanced security practices, hiring a Technology Officer, and a $5.5 million payment to the states.

HighSecurity FailureData Breach

$5.5M