Wakefern and ShopRite Settle Slapdash Data Disposal Claim

ShopRite and its parent company Wakefern have agreed to pay New Jersey $235,000 over a lapse in data disposal security.

The companies agreed to the substantial settlement to resolve claims that they failed to protect the personal information of more than 9,700 New Jersey residents who shopped at ShopRite supermarkets in Millville, New Jersey, and Kingston, New York. 

According to the allegations, the companies violated Health Insurance Portability and Accountability Act (HIPAA) regulations and the New Jersey Consumer Fraud Act (CFA) by failing to properly dispose of electronic devices used to collect the signatures and purchase information of pharmacy customers. 

After the devices were replaced with newer technology by Wakefern in 2016, it is alleged that the old machines were simply tossed into dumpsters. Under HIPAA, any protected health information that may have been stored on the devices should have been removed prior to their disposal. 

Data that may have been exposed in the security breach included names, phone numbers, birthdates, driver’s license numbers, prescription numbers, medication names, dates and times of pick-up or delivery, and customer zip codes.

"Pharmacies have a legal obligation to protect the privacy and security of the patient information they collect, and to properly dispose of that information when the time comes,” said Attorney General Gurbir Grewal. 

“Those who compromise consumers’ private health information face serious consequences.”

As part of the settlement, Wakefern must implement specific data-protection measures aimed at safeguarding ..

Support the originator by clicking the read the rest link below.