Category: Privacy

First Annual Review of the Privacy Shield Framework

Share

The European Commission published its first annual report on the functioning of the EU-U.S. Privacy Shield, which protects the personal data transferred from the EU to companies in the U.S. for commercial purposes. The report was released on October 18, 2017.

The EU-U.S. Privacy Shield Framework provides a method for companies to transfer personal data to the U.S. from the EU in a way that is consistent with EU law.  The framework is based on a certification system by which U.S. companies commit to adhere to a set of Privacy Shield Principles.   To join the Privacy Shield Framework, a company must self-certify to the Department of Commerce that it complies with the   Principles. A company’s failure to comply with the Principles is enforceable under Section 5 of the FTC Act, which prohibits unfair or deceptive acts.   The key requirements for participating companies include:

  • Informing individuals about data processing
  • Providing free and accessible dispute resolution
  • Cooperating with the Department of Commerce
  • Maintaining data integrity and purpose limitations
  • Ensuring accountability for data transferred to third parties
  • Transparency related to enforcement actions
  • Ensuring commitments are kept as long as data is held

Continue reading “First Annual Review of the Privacy Shield Framework”

HHS Declares Public Health Emergency in California – HIPAA Waivers Apply

Share

In the aftermath of the California wildfires, the Department of Health and Human Services (HHS) has waived sanctions and penalties against covered entities that fail to comply with provisions of the HIPAA Privacy Rule.

The waiver is similar to HHS’ response to Hurricanes Harvey and Irma, which we discussed in a previous blog post. This waiver only applies (1) in the emergency area and for the emergency period identified in the public health emergency declaration, (2) to hospitals that have instituted a disaster protocol, and (3) for up to 72 hours from the time the hospital implements its disaster protocol. Continue reading “HHS Declares Public Health Emergency in California – HIPAA Waivers Apply”

Department of Education Posts CyberAdvisory on Extortion and Student Data Threats

Share

Acknowledging that schools have “long been targets for cyber thieves,” the Federal Student Aid Office (FSA) of the U.S. Department of Education (ED) posted an alert on October 16, warning school districts and other educational institutions of criminal extortion schemes threatening to release sensitive student data. Recent, similar cyberattacks in Montana and Iowa are being investigated by the FBI.

Continue reading “Department of Education Posts CyberAdvisory on Extortion and Student Data Threats”

OCR Reminder on How to Manage HIPAA Privacy Requirements during Emergency Relief Efforts

Share

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued a reminder to its listserv subscribers following the Las Vegas Strip shooting on October 1, 2017, that HIPAA covered entities are permitted to share patient protected health information (PHI) under the HIPAA Privacy Rule  to carry out specific purposes and under certain circumstances.

For most disclosures, however, a covered entity must make reasonable efforts to limit the information disclosed to that which is minimally necessary to accomplish the purpose.  Per OCR’s reminder, covered entities may rely on representations from a public health authority or other public official that the requested information is the minimum necessary for the purpose.

The following is a summary of OCR’s reminder and the uses and disclosures available under 45 C.F.R. §164.510.

Continue reading “OCR Reminder on How to Manage HIPAA Privacy Requirements during Emergency Relief Efforts”

Tech Companies Issue White Paper Recommending a National IOT Strategy

Share

Over the course of the last year, a number of U.S. technology companies and associations, including Intel, Samsung and the Information Technology Industry Council (ITIC) initiated a process dubbed “the National IOT Strategy Dialogue” the purpose of which was to develop strategic recommendations for U.S. government policymakers on the Internet of Things.

The group recently issued a white paper capturing the recommendations they advocate that the U.S. government undertake or implement.  These players suggest that for the U.S. to win the global race to test, develop and deploy beneficial IOT technologies, that the U.S. government needs a strategic roadmap.

Continue reading “Tech Companies Issue White Paper Recommending a National IOT Strategy”

FTC and Department of Education to Co-Host Workshop and Webcast on Privacy Issues in Education Technology

Share

The Federal Trade Commission (FTC) and the U.S. Department of Education (ED) will co-host a live workshop on December 1, 2017 highlighting two intersecting regulatory regimes: the FTC’s rules implementing the Children’s Online Privacy Protection Act (COPPA), which applies to K-12 schools and to children under the age of 13, and the simultaneous application of the Family Education Rights and Privacy Act (FERPA), which also applies to schools and is administered by ED.

Continue reading “FTC and Department of Education to Co-Host Workshop and Webcast on Privacy Issues in Education Technology”

©2025 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Attorney Advertising.
Privacy Policy