Category:Privacy & Security
The Regulatory Framework of Our Data Privacy Legislation is Changing Amidst the Rise of Artificial Intelligence
With the rapid evolution of artificial intelligence (AI) comes unprecedented opportunities and legitimate challenges, especially in the realm of data privacy. The rising capabilities of AI systems to process, analyze, and use massive amounts of personal data has generated amplified regulatory scrutiny across the globe. Governments and regulatory bodies are wrestling with how to balance innovation and economic growth propelled by AI against the need to protect individuals’ privacy, ensure transparency, and safeguard data from misuse.
Bringing FERPA Up to Grade
The Family Educational Rights and Privacy Act (FERPA) was enacted in 1974 to protect the privacy of student education records. While FERPA provides essential privacy safeguards, it also includes provisions that allow certain student information to be shared with third parties, particularly under the guise of “directory information.” With the increasing concerns surrounding personal data in the digital age, many argue that FERPA’s exceptions undermine its original intent. In an era where other U.S. privacy laws are tightening restrictions on the sharing of personal information, FERPA’s provisions are lagging, leaving students vulnerable to privacy breaches that would be impermissible in other contexts.
Navigating the Genetic Frontier: 23andMe and the Challenges of Data Security
A recent situation involving millions of 23andMe users has raised significant concerns about data privacy and regulatory oversight. After sending a small tube of saliva to uncover ancestral roots, many individuals discovered that their genetic data had been compromised. 23andMe has transformed genetic testing by offering accessible health and ancestry information to consumers from the comfort of their homes. Since its inception, the company has faced regulatory challenges and became the first direct-to-consumer genetic genealogy test to receive FDA approval. While the company has largely avoided legal trouble over the years, recent data breaches have sparked legal action and underscored gaps in consumer protection.
Breaching the Last Bastion of the Human Psyche: Neural Data as Biometrics
Earlier this year, the New York Times reported on the proposed Colorado Privacy Act and the impact it would have on neurotechnology which uses “neural data” and already has noteworthy support within programming communities. What the Colorado Privacy Act aims to address are not the labs and medical studies conducted within clinics, but how it may be used within a consumer context. The Colorado Privacy Act does more than Illinois’ pioneer Biometric Information Protection Act (BIPA).
From Chatbots to Diagnosis: The Power and Pitfalls of AI in Healthcare
The capabilities of generative artificial intelligence (AI) could completely transform our healthcare system as we know it. For better or for worse, the technology advancements in healthcare are rapidly growing. Given the accelerated rollout, experts have yet to predict all the risks associated with such high-functioning computations in the healthcare system. Even though the Food and Drug Administration (FDA) regulates software being used as medical devices (SaMD), there is an overall lack of urgency, agency oversight, and sufficient regulations to tame AI technology in the healthcare system.
Reproductive Health Data Privacy – A Right To Life
Following the Supreme Court decision to overturning Roe v. Wade on June 24, 2022, the Dobbs v. Jackson Women’s Health Organization ruling that gutted the long-established right to an abortion has been a constant focus, both inside and outside of the legal and healthcare communities. Notably, the ruling has remained a central focus within both the government, federal and state, and surrounding the tech sector. And these Dobbs-related conversations have a theme – the topic of health data privacy. But more specifically, discussions about data privacy surrounding reproductive healthcare.
Kidnapped Data: Healthcare Ransomware Attacks
Ransomware attacks are one of the largest threats to the healthcare industry and a tough cybersecurity problem to address. From 2016-2021, there were almost 400 ransomware attacks on healthcare organizations in the US. It is estimated that such attacks exposed the personal healthcare data of over 40 million patients. Since these attacks cannot typically be resolved without paying the ransom, it is important to invest in preventative measures to protect healthcare data from potential breach.
The Need for Federal Regulation of Tracking Pixels to Protect Patient Data
In June 2022, a nonprofit news site called The Markup released a report stating that hospitals using Meta Pixel may be releasing patient data to Meta Platforms, Inc. (previously Facebook, Inc.). Since this report was released, many of the hospitals identified in the report removed pixel technology from their websites. In addition, some hospitals have released public breach notices and reported potential data privacy breaches to the US Department of Health and Human Services (HHS) Office of Civil Rights (OCR). Most recently, on October 20, 2022, Advocate Aurora Health, a large health system located in the Midwest, released a notice publicly announcing its potential pixel breach, which may affect as many as three million patients.
A Collaborative Effort in Defeating Healthcare Cyber Attacks
In an effort to improve cybersecurity in the healthcare sector, a bipartisan bill was introduced in Congress on September 13, 2022, by Republican Brian Fitzpatrick of Pennsylvania and Democrat Jason Crow of Colorado. The Healthcare Cybersecurity Act relies on a partnership between the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) to work together in improving cybersecurity in the healthcare sector. The Act has been introduced as a result of record high increases in health data breaches across the country over the last several years. The goal is to provide resources for training and heighten efforts taken across the nation to mitigate cybersecurity risk. The Act would not only improve patient care but save healthcare cost by taking a proactive approach.
Consumers are Suing Dozens of Companies for Sharing Tracking Data
A privacy class action that first exploded in September of this year highlights consumers suing a handful of companies for violating the federal Video Privacy Protection Act. The multitude of class actions hold the Meta Platforms Inc’s Pixel tracking tool accountable for the tracking of consumer data from online platforms. News outlets, sports organizations, and streaming services are all facing lawsuits related the alleged complaints.