We must protect this Houzz: Home improvement website discloses breach
February 1, 2019
Profile information such as names, addresses, countries and descriptions, but only if the user already made this data publicly available.
Identifiers and fields intended for internal use that would "have no discernible meaning" to external parties.
Public and internal account information, including user IDs, past and present usernames, one-way encrypted passwords (salted uniquely per user), IP addresses, and Facebook IDs (if the user logs on to Houzz via Facebook).
The FTC Health Breach Notification Rule was enacted 10 years ago to protect the privacy and security of consumer health data not covered by HIPAA, but it was never enforced. A policy decision enacted on Sept. 15 will change that.