Supermarkets operating in-store pharmacies failed to properly dispose of electronic devices used to collect the signatures and purchase information of customers (the devices were discarded in dumpsters without the ePHI first being destroyed); the parent company must provide each supermarket operating a pharmacy with an option to properly dispose of technology hardware, ensure each entity appoints privacy and security officers, and reasonably assist with breach notification requirements (including provision of a template).
#enforcement #ccpa #dataprivacy #GDPR #privacy #retailprivacy