fbpx

ShopRite, Wakefern to pay $235K, improve data security in privacy lapse settlement (updated)

Gabrielle Saulsbery//November 2, 2020//

Home>Site>Latest Headlines>

ShopRite, Wakefern to pay $235K, improve data security in privacy lapse settlement (updated)

ShopRite, Wakefern to pay $235K, improve data security in privacy lapse settlement (updated)

Gabrielle Saulsbery//November 2, 2020//

Listen to this article

Wakefern Food Corp. and two of its associated ShopRite supermarkets have agreed to pay $235,000 and improve data security practices to resolve allegations that it jeopardized customers’ personal information, Attorney General Gurbir Grewal and the New Jersey Division of Consumer Affairs said Monday.

The settlement resolves allegations that Wakefern, based in Keasbey; Union Lake Supermarket LLC, which owns the ShopRite store in Millville; and ShopRite Supermarkets Inc., which owns the ShopRite store in Kingston, N.Y., violated the federal Health Insurance Portability and Accountability Act and the New Jersey Consumer Fraud Act by improperly disposing of electronic devices used to collect the signatures and purchase information of pharmacy customers.

Wakefern replaced the devices with newer technology in 2016, and the older devices were discarded in dumpsters without first destroying any protected health information that may have been stored on them as required under HIPAA.

This may have exposed names, phone numbers, birth dates, driver’s license numbers, prescription numbers, medication names, dates and times of pick-up or delivery, and customer ZIP codes.

Attorney General Gurbir Grewal during a daily COVID-19 press briefing in Trenton on May 5, 2020. - JOSEPH LAMBERTI, COURIER POST
Attorney General Gurbir Grewal during a daily COVID-19 press briefing in Trenton on May 5, 2020. – JOSEPH LAMBERTI, COURIER POST

“Pharmacies have a legal obligation to protect the privacy and security of the patient information they collect, and to properly dispose of that information when the time comes,” said Grewal in a prepared statement. “Those who compromise consumers’ private health information face serious consequences.”

Wakefern has agreed to establish data protection measures to develop and maintain a security program to safeguard protected health information and electronic protected health information collected at in-store pharmacies.

Under the measures, Wakefern is to appoint a chief privacy officer. Wakefern also must execute a business associate agreement with SRS, Union Lake and each of its pharmacy-operating members within 30 days to ensure that they will appropriately safeguard protected health information.

Additionally, all ShopRites with in-store pharmacies must designate a HIPAA privacy officer and HIPAA security officer, all of whom must be properly trained with an online training offered by Wakefern.

Under the settlement Union Lake and SRS have agreed to provide the Division with written assurances within 30 days that they have designated such officers and within 120 days provide assurances that the officers had completed training.

“New Jersey consumers have a right to know that when they purchase a prescription medication at the neighborhood supermarket, their most private information will be fully protected under the law and not carelessly left to fall into the wrong hands,” said Paul Rodríguez, acting director of the Division of Consumer Affairs, in a prepared statement. “This settlement ensures that ShopRite supermarket pharmacies will be trained and monitored for HIPAA compliance to avoid future conduct that place consumers at risk for privacy invasion and identity theft.”

According to the Division, Wakefern, SRS and Union Lake engaged in multiple violations of the New Jersey Consumer Fraud Act by failing to properly collect and/or dispose of the electronic devices and failing to properly provide pharmacies with appropriate training on properly handling the electronic personal health information contained on them.

The monetary settlement consists of $209,856.50 in civil penalties and $25,143.50 for reimbursement of attorneys’ fees and investigative costs.

In response to a question for comment, Wakefern Senior Vice President and General Counsel Allison Berger told NJBIZ that “Wakefern and its cooperative members have well-developed security measures in place to secure sensitive customer data. As the settlement recognized, Wakefern provides its members a way to properly dispose of electronic devices that include customer information. For these two particular devices, out of an abundance of caution and in accordance with law, the appropriate government agencies were notified.”

Berger said that there have been no reports that any consumer information was accessed from the devices since the incident was first reported in 2017, and also noted that the information contained on the device did not include social security numbers or credit card information.

Editor’s Note: This story was updated at 8:15 a.m. EST on Nov. 3, 2020, to include comment from Wakefern Food Corp.

Related Content

Crumbl Cookies is known for its weekly rotating menu of dessert-inspired specialty flavors of warm and chilled soft-baked cookies.

Crumbl Cookies prepares to launch in Somerset County

The fast-growing chain's latest Garden State location, set to open May 17, will offer the brand's signature we[...]

May 10, 2024
Green Giant provides recipes using its products.

B&G, home to Green Giant, may sell off more frozen, canned veggies brands

According to CEO and President Kenneth Keller, the Parsippany company is ramping up efforts to reshape its por[...]

May 10, 2024
LeFrak Commercial and Newport Associates Development Co. announced the signing of eight new retail leases in Newport, including Solaz, a new Mediterranean restaurant with a bar and three golf simulator suites, which signed the largest retail lease, a 10,640-square-foot space at the Pacific residential building, set to open in 2025.

LeFrak signs 8 new retail leases at Newport (updated)

The agreements – covering restaurants, recreation and more – total 27,000 square feet and span multiple bu[...]

May 10, 2024
DOVE Chocolate is launching the Mom Experience Translator: an AI tool designed to help women looking to re-enter the workforce after taking a period of time from the workforce to raise children.

Dove launches free AI tool to help moms re-enter workforce

The “Mom Experience Translator” allows users to input an open job description, select from a list of pre-p[...]

May 10, 2024

Kushner celebrates start to massive Monmouth Square project (updated)

The $500 million redevelopment project will turn the Monmouth Mall inside out to create an open air town cente[...]

May 10, 2024
Concept of inequal pay and gender gap

New Rutgers report examines the ‘motherhood penalty’ in NJ

Garden State moms earn an average of $53,376 annually, while dads make the most, topping the list at $100,829.

May 10, 2024

Latest Headlines

NJBIZ Conversations

Siciliano Landscape Co. President Karen Siciliano speaks with NJBIZ Editor Jeff Kanige on April 15, 2024.

NJBIZ Conversations: Siciliano Landscape Co. President Karen Sici[...]

The leader talks about how she found a buyer for the company and the process that led to a sale.

Events

Health care professionals

Let’s hear it for the 2024 NJBIZ Health Care Heroes

2/5/2024
Construction

NJBIZ reveals 2024 Leaders in Real Estate, Construction and Design honorees

26/4/2024
Lawyers

Introducing the 2024 NJBIZ Leaders in Law honorees

22/3/2024
Ed Guttenplan is the co-founder of East Brunswick-based accounting firm WilkinGuttenplan.

NJBIZ unveils 2024 Leaders in Finance Lifetime Achievement honoree

12/3/2024
Financial professionals

NJBIZ unveils 2024 Leaders in Finance honorees (updated)

26/2/2024