Over on I’ve Been Mugged, George Jenkins describes what he learned when he and his wife really pursued the question of how Medical Informatics Engineering had wound up with his wife’s personal information caught up in their breach.
It’s a long – but important – read, as it highlights routine business practices that may come back to bite consumers who have no interest in – or knowledge that – their employer may have shared their identity information with prospective health insurers.
You can read his article here.
Should your employer be able to share your identity information with prospective health insurers without your knowledge or consent? Should the prospective insurers be able to retain that information forever – again without your knowledge or consent?
If you answer “no” to either of the above questions, then what law prohibits this from occurring? Should this be considered an “unfair” business practice under the FTC Act?
There’s lots to think about from George’s article. I encourage you all to read it.
This post first appeared on DataBreaches.net.