Legal Newsline

Saturday, August 17, 2019

New York nonprofit alleged to have exposed clients' personal information online to pay $200,000

State AG

By Marian Johns | Sep 7, 2018

ALBANY, N.Y. (Legal Newsline) – The New York attorney general has reached a settlement with a Buffalo nonprofit, The Arc of Erie County, to resolve allegations the charity exposed the personal information of clients online for several years.

According to New York State Attorney General Barbara Underwood's office, client information, including Social Security numbers, gender, age, race, insurance and primary diagnosis codes were available online at the Arc's website from July 2015 through February 2018. 

The information could be found through a search engine that gave a results page with links to spreadsheets with clients' personal information, the Attorney General's Office said. 

In March 2018, The Arc notified clients in New York regarding their personal information and gave clients a free one-year subscription to LifeLock as well as posted information on its website and in the Buffalo News, according to the attorney general's office. 

The Federal Health Insurance Portability Accountability Act requires The Arc to take physical and technical safeguards to protect its clients' health and personal information, the attorney general's office said. 

According to the settlement agreement, The Arc will pay a $200,000 penalty and will be required to implement a Corrective Action Plan including a risk analysis of all electronic equipment security risks and vulnerabilities.

Want to get notified whenever we write about New York Attorney General ?

Sign-up Next time we write about New York Attorney General, we'll email you a link to the story. You may edit your settings or unsubscribe at any time.

Organizations in this Story

New York Attorney General

More News