In June of this year, the U.S. House Committee on Energy and Commerce’s Subcommittee on Consumer protection and Commerce met regarding the American Data Privacy and Protection Act (ADPPA). At this meeting the committee members highlighted that this bill, seeking to establish federal data privacy, is intended to be a compromise on the topic of federal privacy legislation as committee members from both sides agree that a federal privacy act is necessary.
In October 2021, ProPublica published an article about a rare and virulent strain of salmonella infantis outbreak that occurred in May 2018, afflicting at least a dozen people across the country. Many who reported being sick reported that they ate chicken, and federal food safety inspectors found the infantis strain in packaged chicken breasts, sausages, and wings during routine inspections at poultry plants.
On February 9, a group of senators led by Tammy Baldwin of Wisconsin and Bill Cassidy of Louisiana introduced a new bill, the Health Data Use and Privacy Commission Act (the “Act”), in attempt to revitalize current legislation regarding the protection and use of health data. The bill also has the support of a number of representatives from within the healthcare industry, including Epic, IBM, and Teladoc Health, as well as a number of professional associations like the American College of Cardiology, the Association for Behavioral Health and Wellness, and the Association of Clinical Research Organizations.
When you think of the most valuable commodity in the world today, you might automatically think of money, however, personal data has now become one of the most valuable forms of currency today. The vast amounts of personal data available have made it increasingly valuable to companies who know how to use it to their advantage. The means of receiving this data are sometimes questionable, and up until recently, often unregulated, leading to companies using unethical methods to get their hands on this valuable data. The US is starting to follow the rest of the world and develop extensive data privacy laws that cover more than just medical information to ensure that consumers are protected, but there’s still lots of disagreements surrounding how and what should be protected in the US.
A new Nevada law will take effect October 1, 2021 aimed at ensuring that all consumers are protected from unfair and deceptive business acts and practices, regardless of their proficiency with the English language.
As our society evolves over to a more digital world, it is important to take a step back and review what we are putting online. Recently, data breaches have become a common occurrence in our day-to-day lives. In 2016, personal information from about 25 million Uber customers and drivers in the United States. The notorious website for individuals seeking extra marital affairs, Ashley Madison, has itself fallen victim to a data breach. The hacker dumped 9.7 gigabytes of data into/onto the dark web. The data released in the Ashley Madison breach included names, passwords, addresses, and telephone numbers of users who created an account on the site. When data breaches like these happen, the Federal Trade Commission (FTC) steps in to protect the United States consumers by investigating the source of data breaches and prosecuting hackers.
As a part of the large and cumbersome Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (“Dodd-Frank”), Section 1071 was enacted to amend the Equal Credit Opportunity Act (15 U.S.C. 1691 et. seq.) to impose data collecting requirements on financial institutions. Pursuant to Section 1071 (the “Rule”), financial institutions are required to compile, maintain, and submit to the Consumer Financial Protection Bureau (“CFPB”) certain information concerning credit applications by women-owned, minority-owned, and small businesses. The Rule was not slated to go into effect until the CFPB issues necessary implementing regulations. Unfortunately, nearly 8.5 years later, there is still no guidance. Consumers and financial institutions alike are at a sort of standstill, unclear on the contours of its reporting requirements. In November of 2019, the CFPB published a letter to financial institutions promising to develop rules “expeditiously;” the CFPB later hosted an information-gathering symposium on the Rule, yet there is still no clear guidance.