Privacy Bulletin, October 22, 2007
Since the beginning of this year, the Texas Attorney General has taken several enforcement actions alleging
that national companies, such as CVS and Radio Shack, have failed to safeguard consumer data properly. The Attorney General is using recently enacted laws that prohibit the improper disposal of personally identifiable data and require all businesses to adopt “reasonable procedures to protect and safeguard” sensitive information from unauthorized disclosure. The most recent target is Life Time Fitness, Inc., a Minnesota-based fitness spa, which, the Attorney General alleges, improperly disposed of business records containing personal identifying information, such as names, dates of birth, driver’s license numbers, credit card numbers, and SSNs, thereby violating the Texas statutes.
Please see full publication below for more information.