Category:Privacy & Security
Navigating Data Subject Rights Requests: Balancing Compliance with Mitigating Misuse
In the wake of heightened awareness around data privacy and protection, regulations like the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the United States have emerged as trailblazers. These laws bestow significant rights upon individuals, allowing them to control and protect their personal data. At the heart of these regulations lies the concept of Data Subject Rights Requests (DSRR), also known by a similar name of Data Subject Access Requests (DSAR). This article offers strategies to combat the weaponizing DSRRs while complying with the requirements for legitimate requests.
The IRS-ICE Data Sharing Deal: A New Era of Regulatory Compliance Challenges
The Internal Revenue Service (IRS) is reportedly nearing an agreement to share limited taxpayer data with Immigration and Customs Enforcement (ICE), marking a significant departure in tax enforcement and immigration policy. This potential deal would allow ICE and the Department of Homeland Security (DHS) to verify whether names and addresses match filed tax records, purportedly to facilitate immigration enforcement efforts. However, this agreement raises concerns about taxpayer privacy, legal and corporate compliance, and potential declines in tax participation, which could undermine both federal revenue tax collection and trust in the tax system.
Navigating the TikTok Ban Debate: Recent Regulatory Developments and the Path Forward
In recent years, TikTok has become a dominant force in the social media landscape, boasting over a billion users globally. However, its meteoric rise has been accompanied by mounting scrutiny, particularly in the United States. Concerns over national security, data privacy, and foreign influence have led to calls for restrictions, bans, and legislative action. As these debates unfold, it is essential to examine the legal, regulatory, and practical dimensions of the TikTok controversy and consider the path forward.
The Regulatory Framework of Our Data Privacy Legislation is Changing Amidst the Rise of Artificial Intelligence
With the rapid evolution of artificial intelligence (AI) comes unprecedented opportunities and legitimate challenges, especially in the realm of data privacy. The rising capabilities of AI systems to process, analyze, and use massive amounts of personal data has generated amplified regulatory scrutiny across the globe. Governments and regulatory bodies are wrestling with how to balance innovation and economic growth propelled by AI against the need to protect individuals’ privacy, ensure transparency, and safeguard data from misuse.
Bringing FERPA Up to Grade
The Family Educational Rights and Privacy Act (FERPA) was enacted in 1974 to protect the privacy of student education records. While FERPA provides essential privacy safeguards, it also includes provisions that allow certain student information to be shared with third parties, particularly under the guise of “directory information.” With the increasing concerns surrounding personal data in the digital age, many argue that FERPA’s exceptions undermine its original intent. In an era where other U.S. privacy laws are tightening restrictions on the sharing of personal information, FERPA’s provisions are lagging, leaving students vulnerable to privacy breaches that would be impermissible in other contexts.
Navigating the Genetic Frontier: 23andMe and the Challenges of Data Security
A recent situation involving millions of 23andMe users has raised significant concerns about data privacy and regulatory oversight. After sending a small tube of saliva to uncover ancestral roots, many individuals discovered that their genetic data had been compromised. 23andMe has transformed genetic testing by offering accessible health and ancestry information to consumers from the comfort of their homes. Since its inception, the company has faced regulatory challenges and became the first direct-to-consumer genetic genealogy test to receive FDA approval. While the company has largely avoided legal trouble over the years, recent data breaches have sparked legal action and underscored gaps in consumer protection.
Breaching the Last Bastion of the Human Psyche: Neural Data as Biometrics
Earlier this year, the New York Times reported on the proposed Colorado Privacy Act and the impact it would have on neurotechnology which uses “neural data” and already has noteworthy support within programming communities. What the Colorado Privacy Act aims to address are not the labs and medical studies conducted within clinics, but how it may be used within a consumer context. The Colorado Privacy Act does more than Illinois’ pioneer Biometric Information Protection Act (BIPA).
From Chatbots to Diagnosis: The Power and Pitfalls of AI in Healthcare
The capabilities of generative artificial intelligence (AI) could completely transform our healthcare system as we know it. For better or for worse, the technology advancements in healthcare are rapidly growing. Given the accelerated rollout, experts have yet to predict all the risks associated with such high-functioning computations in the healthcare system. Even though the Food and Drug Administration (FDA) regulates software being used as medical devices (SaMD), there is an overall lack of urgency, agency oversight, and sufficient regulations to tame AI technology in the healthcare system.
Reproductive Health Data Privacy – A Right To Life
Following the Supreme Court decision to overturning Roe v. Wade on June 24, 2022, the Dobbs v. Jackson Women’s Health Organization ruling that gutted the long-established right to an abortion has been a constant focus, both inside and outside of the legal and healthcare communities. Notably, the ruling has remained a central focus within both the government, federal and state, and surrounding the tech sector. And these Dobbs-related conversations have a theme – the topic of health data privacy. But more specifically, discussions about data privacy surrounding reproductive healthcare.
Kidnapped Data: Healthcare Ransomware Attacks
Ransomware attacks are one of the largest threats to the healthcare industry and a tough cybersecurity problem to address. From 2016-2021, there were almost 400 ransomware attacks on healthcare organizations in the US. It is estimated that such attacks exposed the personal healthcare data of over 40 million patients. Since these attacks cannot typically be resolved without paying the ransom, it is important to invest in preventative measures to protect healthcare data from potential breach.