Tag:

data privacy

The Case for Expanding Privacy Protections in a Post-Roe World

In Dobbs v. Jackson Women’s Health Organization (Dobbs), the US Supreme Court ruled that abortion is not a fundamental right protected by the Constitution. This decision resulted in additional abortion protections in California, Michigan, and Vermont, and prompted many patients, providers, regulators, and tech companies to rethink data privacy. However, because most abortions are still banned in at least 13 states, this patchwork of state abortion laws, combined with the lack of any sufficient national privacy law, puts patient privacy at risk.

The Downfall of Twitter: Layoffs Rocking Big Tech

Over the last several weeks we have seen mass layoffs across big tech, including Salesforce, Twitter, and Meta. This comes after big tech peaked during the COVID-19 pandemic when it was essential to the nation in keeping us virtually connected. During the lock down tech giants’ profits soared as consumers upgraded devices, maximized increased storage, and were forced to get creative in communicating in the workspace. However, inflation, rising interest rates, and digital spending are driving big tech companies to implement large-scale layoffs as the economy prepares to take a downturn. While Meta CEO, Mark Zuckerberg, described the announcement as one of his hardest decisions, Twitter CEO, Elon Musk, has taken a different approach, causing continuous chaos that has led to compliance risks.

Federal Trade Commission Accuses Chegg of “Careless” Data Security

On Monday, October 31, the U.S. Federal Trade Commission (FTC) called on education technology provider Chegg, Inc. (Chegg) to bolster its data security, citing lax security practices that regulators said exposed the personal data of more than 40 million Chegg users. The exposed personal information included names, email addresses, passwords, and for certain users, sensitive scholarship data such as dates of birth, parents’ income range, sexual orientation, and disabilities.

The Need for Federal Regulation of Tracking Pixels to Protect Patient Data

In June 2022, a nonprofit news site called The Markup released a report stating that hospitals using Meta Pixel may be releasing patient data to Meta Platforms, Inc. (previously Facebook, Inc.). Since this report was released, many of the hospitals identified in the report removed pixel technology from their websites. In addition, some hospitals have released public breach notices and reported potential data privacy breaches to the US Department of Health and Human Services (HHS) Office of Civil Rights (OCR). Most recently, on October 20, 2022, Advocate Aurora Health, a large health system located in the Midwest, released a notice publicly announcing its potential pixel breach, which may affect as many as three million patients.

SEC Proposes Rules to Combat Cyber-Attacks

On March 9, 2022, the U.S. Securities and Exchange Commission (SEC) proposed rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies. In an attempt to further protect against cybersecurity attacks and increase cyber transparency among issuers and investors President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). Before CIRCIA goes into effect, it requires the Cybersecurity and Infrastructure Security Agency (CISA) to complete mandatory rulemaking activities, to develop/publish a Notice of Proposed Rulemaking (NPRM), and a final rule. The SEC proposal and CIRCIA both have different implications, but both will increase cybersecurity regulations and procedures, even making employees more conscious of potential attacks.

Artificial Intelligence: The Next Regulatory Frontier

Until recently, Artificial Intelligence (AI) was the domain of science fiction connoisseurs and Silicon Valley tech savants. Now, AI is ubiquitous in our daily lives, with a seemingly endless number of possible applications. As with any new and emerging technology, there are many novel questions and concerns that need to be addressed. Whether it be related to copyright ownership, ethics, cybersecurity obstacles, or discrimination and bias, concerns surrounding AI usage are mounting. AI system regulation has been rapidly increasing worldwide, while the U.S. regulatory landscape has remained relatively sparse. But it won’t be for long.

The Long Road Toward Federal Data Privacy

In June of this year, the U.S. House Committee on Energy and Commerce’s Subcommittee on Consumer protection and Commerce met regarding the American Data Privacy and Protection Act (ADPPA). At this meeting the committee members highlighted that this bill, seeking to establish federal data privacy, is intended to be a compromise on the topic of federal privacy legislation as committee members from both sides agree that a federal privacy act is necessary.

Imperative Progress in Your Data Privacy and Protection

Amanda Scott Associate Editor Loyola University Chicago School of Law, JD 2024 In June 2022, a draft of a bipartisan bicameral bill known as the American Data Privacy and Protection Act was introduced. This bill was proposed as a replacement to current laws to further protect and strengthen federal data privacy and protection regulations. This …
Read more

Patient Privacy in the Post Roe Era

On June 24, 2022, the Supreme Court finally handed down its long-awaited opinion in Dobbs v. Jackson Women’s Health Organization. In this decision, the Court set aside nearly 50 years of precedent and unequivocally overruled Roe v. Wade, declaring that there is no Constitutional right to abortion. This decision will unsurprisingly change laws and significantly impact millions of people across the country. Although pro-choice activists have been bracing for this outcome and mobilizing to maintain access to abortions, they have to contend with a consideration that did not exist to the same magnitude the last time that abortion was illegal in the US: anti-abortion laws’ impact on data privacy.

PATCHing Health Technologies: Medical Device Security is the Target in Congress’ Aim

Conversations about the privacy and security of health information systems and patient data are ongoing, and frequently front-page news. But what about healthcare’s “internet of things”? More specifically, the web of wearable or implantable medical devices, and the applications that go along with them, which collect and transmit health information? The Food and Drug Administration (FDA) is charged with approving medical devices for patient use in a clinical setting, such as pacemakers. These devices require FDA approval and cannot be altered after receiving that approval. Additionally, an upgrade to an approved device could result in the need for an entirely new FDA approval, making device’s security essentially obsolete soon after its deployment. The inability to upgrade device security poses a unique cybersecurity risk. And this risk is one that Congress seems poised to take on.