Privacy Archives - Page 14 of 32

California Attorney General’s Office Gathers Public Opinions Regarding the Implementation of the California Consumer Privacy Act

The California Department of Justice has opened up public forums this month as part of the Attorney General’s rulemaking process to promulgate regulations under the California Consumer Privacy Act of 2018 (CCPA). We previously discussed the Attorney General’s Office’s public statement regarding the CCPA here.

As required by the CCPA, the Attorney General must adopt certain regulations on or before July 1, 2020. In holding these public forums, the Attorney General’s Office hopes to provide an initial opportunity for the public to participate in establishing procedures to facilitate consumers’ rights under the CCPA and to provide guidance for business compliance. Specifically, the following aspects are of high priority: businesses’ obligation to disclose data collection and sharing practices to consumers; consumer rights to request deletion of data; consumer rights to opt out of having their personal information sold to third parties; and restrictions on the sale of personal information of consumers under the age of 16 without explicit consent. The Attorney General’s Office scheduled six public forums across different counties in California and invites in-person attendance or written submissions of public comments through February 2019.

Continue reading “California Attorney General’s Office Gathers Public Opinions Regarding the Implementation of the California Consumer Privacy Act”

HHS Task Group Releases Cybersecurity Guidelines for the Health Care Industry

Health care is one of the most complex and socially impactful areas of digitalization. Ensuring cybersecurity of health care operations, therefore, is of paramount importance – because potential vulnerabilities may lead not only to financial or technical exposures, but to lapses in life-or-death situations for patients.

To assist practitioners with education and guidelines, and in pursuance of Cybersecurity Act of 2015 (Public Law 114-113), Section 405(d), the Department of Health and Human Services created a “405(d) Task Group” in May 2017, involving, more than 150 health care and cybersecurity experts. The result of their collaborative work became a voluntary guideline entitled “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients,” which was released at the end of 2018.

Continue reading “HHS Task Group Releases Cybersecurity Guidelines for the Health Care Industry”

House Committee Staff Report Finds Equifax Data Breach Entirely Preventable, Provides Recommendations for Consumer Reporting Agencies

After a 14-month investigation into the 2017 Equifax data breach, which was one the largest in U.S. history, the House Oversight and Government Reform Committee released a report in December.

Continue reading “House Committee Staff Report Finds Equifax Data Breach Entirely Preventable, Provides Recommendations for Consumer Reporting Agencies”

EU-US Privacy Shield Second Review: Improvements Shown, but More to be Done

The EU Commission published its second annual review of the functioning of the EU-US Privacy Shield, which focused on the commercial issues, human resources and data automated individual decision-making and developments in the U.S. legal framework. This report follows the same general structure as the report on the first annual EU-US Privacy Shield review that we reported on last year.

Continue reading “EU-US Privacy Shield Second Review: Improvements Shown, but More to be Done”

California AG to Hold Public Forums on CCPA

The California Attorney General invites interested persons to provide comments on the California Consumer Privacy Act (CCPA) rulemaking at a series of six public forums around the state in January and February 2019. The first forum is slated for January 8 in San Francisco.

Continue reading “California AG to Hold Public Forums on CCPA”

$500,000 Settlement for Failure to Comply with Basic HIPAA Compliance Requirements

Advanced Care Hospitalists PL (ACH) and the Office for Civil Rights of the U.S. Department of Health and Human Services (HHS-OCR) entered into a $500,000 no-fault settlement and two year corrective action plan (CAP) to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA).

Continue reading “$500,000 Settlement for Failure to Comply with Basic HIPAA Compliance Requirements”

DISCERNING DATA

A Faegre Drinker Blog Covering the Latest in Privacy, Cybersecurity and Data Strategy

Category: Privacy