ePrivacy

Subscribe to ePrivacy via RSS

In late January, the U.S. Department of Health and Human Services’ Healthcare & Public Health Sector Coordinating Council issued a new cybersecurity guidance document for healthcare businesses of all sizes. The guidance document, entitled “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients,” available at https://www.phe.gov/Preparedness/planning/405d/Pages/hic-practices.aspx, provides concrete and practical guidance for addressing what the Council has identified as the “most impactful threats . . . within the industry” and serves as a renewed call to action for implementation of appropriate cybersecurity practices. This document is critical reading for healthcare business managers faced with ever-increasing cybersecurity risks and the attending risks to patient safety and operational continuity, business reputation, financial stability, and regulatory compliance.
Continue Reading HHS Issues Practical New Cybersecurity Guidance for Healthcare Businesses of all Sizes

This past Wednesday, the Senate Commerce Committee held another hearing on consumer data privacy, this time giving voice to prominent privacy advocates. Previous testimony in September from leading technology businesses focused on concerns with the complexity of having to comply with a patchwork of different state privacy regulations, broad definitions of “personal information” in the California Consumer Privacy Act (CCPA), and a desire to see Federal legislation enacted that would preempt state laws and create a single, unified US privacy law.

While a national privacy law would simplify compliance, in Wednesday’s hearing Nuala O’Connor, the President and CEO of the Center for Democracy & Technology, cautioned the committee that the “price of preemption would be very, very high”, and Laura Moy, Executive Director and Adjunct Professor of Law at the  Georgetown Law Center on Privacy & Technology, laid out in her written testimony six strong recommendations that we should expect to see in any proposed national standard:
Continue Reading The Senate Commerce Committee held a second hearing on consumer data privacy, this time with privacy advocates

The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) announced recently that it has launched a collaborative project to develop a voluntary privacy framework to help organizations manage risk. According to NIST Director Walter G. Copan, “The development of a privacy framework through an open process of stakeholder engagement is intended to

According to a recent Genpact study:

  • Nearly two-thirds of consumers (63%) are worried that Artificial Intelligence is going to make decisions that will impact their lives without their knowledge
  • Less than one-third (30%) are at least “fairly comfortable” with the idea of companies using AI to access their personal data
  • Almost three-quarters (71%) say

See European Regulation on the Protection of Personal Data Guide Sub-Contractor Edition, September 2017.

  • Are you a contractor within the meaning of European Regulation on data protection?
  • Are you subject to EU regulation on data protection?
  • What is the main change introduced by the European regulation for contractors?
  • What are your obligations as of

The Article 29 Working Party updated the Guidelines on PIAs and evaluation of risk guidance on October 4, 2017:

Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679

CNIL created a PIA Infography to outline the main principles. Keep

The Article 29 Working Party published two Guidelines related to GDPR:

Guidelines on Personal data breach notification under Regulation 2016/679, wp250

Guidelines on automated individual decision-making and profiling for the purposes of Regulation 2016/679, wp251

The Guidelines are open for comments until November, 28, 2017. Comments should be sent to JUST-ARTICLE29WP-SEC@ec.europa.eu and presidenceg29@cnil.fr.

About the Global Privacy & Security Blog

Learn More

Contracts, laws and regulations require privacy compliance, and good business practices demand it. This blog is designed to inform our clients and readers about developing privacy issues and regulatory updates, and provide alerts on cyber security stories and data breaches that impact various data privacy and security requirements.