Tag:Privacy & Security
Compliance Spotlight: Adam Solander, Epstein Becker Green
ADAM C. SOLANDER is a Member of Epstein Becker Green’s Health Care and Life Sciences practice, in the firm’s D.C. office. Mr. Solander advises clients on data breach/cybersecurity issues across industry lines, including compliance with HITECH, HIPAA, PCI, JCAHO, CMS, ISO, NIST, and various other federal, state, and business requirements.
The following is an interview with him discussing the unique cybersecurity challenges facing the healthcare sector, and how the industry can move past HIPAA compliance to a more robust definition of privacy and security.
The Latest CCPA Draft, Explained
The California Attorney General’s office released an updated draft to the California Consumer Privacy Act (CCPA) on February 10th. This updated draft follows the four public hearings that were held in December of 2019 and over 1,700 pages of submitted comments. Comments are being heard as of the posting of this article, and if no new changes are made, a final rulemaking record will be submitted.
Facing Facial Recognition Technology
In March 2019, Senator Brian Schatz and Senator Roy Blunt introduced a bill to Congress designed to provide oversight for facial recognition technology, known as the Commercial Facial Recognition Privacy Act. If passed, this law could change the way Americans deal with privacy.
The Empire State’s New Data Privacy Law
Data privacy and more specifically, user privacy, has become the focus for many in the past year. Some may say that the European Union began this “trend” with the implementation of the General Data Protection Regulation (GDPR) with California soon following in their footsteps with the California Consumer Privacy Act (CCPA). However, seemingly more silently in New York, The Stop Hacks and Improve Electronic Data Security, or SHIELD Act has also been created in the interest of the protection of personal information. The SHIELD Act was enacted on July 25, 2019 as an amendment to the General Business Law and the State Technology Law to include breach notification requirements and stronger rules in place to enforce against businesses handling personal information. The SHIELD Act recently went into effect on March 21, 2020.
Congress Introduces the Smartwatch Data Act
On November 18th, 2019, Congress introduced the Stop Marketing and Revealing the Wearables and Trackers Consumer Health Data Act, known as the Smartwatch Data Act. The Smartwatch Data Act was introduced by Democratic Senator Jacky Rosen and Republican Senator Bill Cassidy, due to Google’s desire to acquire fitness tracker manufacturer Fitbit in 2020. Since notice of this acquisition, privacy advocates have raised concerns about how Google will use personal health data collected through Fitbit devices. Therefore, this legislation aims to ensure that health data collected through fitness trackers, smartwatches, and health apps, cannot be sold without consumer consent.
CCPA Updates—Draft Guidance
The California Consumer Privacy Act (CCPA) has been the first step away from the sectoral approach that United States’ privacy laws have followed for many years. While it is set to take effect on January 1, 2020—only recently was the first draft guidance published. Set forth by California’s Attorney General, Xavier Becerra, it states how the CCPA will be enforced. As is standard in notice and rulemaking standard in administrative law, a public consultation period is now in effect and will remain open for comments and hearings until December 6, 2019.
Are Tech Companies Doing Enough to Combat Social Media’s Harmful Effects?
Today, we have entire generations of people who do not know life without the internet. Social medial plays a central role in the lives of these individuals. Originally created to serve a purely social function, social media platforms have changed. Many consumers even use sites like Twitter, Snapchat, and Instagram as their primary source of news. In addition, social media is an integral marketing tool for many businesses. No matter its function, no one can deny the presence of social media in our everyday lives. The impact of social media is so profound that it is worth considering its negative effects. In particular, social media companies must be cognizant to their platform’s impact on adolescents. Many Americans, mainly parents, feel social media companies are not doing enough. But are they required to do more? Should the government become involved, similar to their involvement in the Facebook privacy controversy?
HIPAA And The Growth Of Technology
Earlier in 2019, a lawsuit was filed against University of Chicago Medicine, University of Chicago Medical Center, and Google. The suit claims that patient information was shared with google as part of a study aimed to advance the use of Artificial Intelligence, however, patient authorization was not obtained and the data used was not properly de-identified. In 2017, University of Chicago (UChicago) Medicine started sending patient data to Google as part of a project to look to see if historical health record data could be used to predict future medical events.
Recent Movements in Biometric Data Privacy
In 2008, the Illinois legislature introduced and passed the Biometric Information Privacy Act (BIPA), which became the first law of its kind in the US. BIPA was passed to protect individuals against the unlawful collection and storing of biometric information. While many states have enacted similar laws, BIPA remains the most stringent among its contemporaries.
Is TikTok as Big of a Deal as Trump Claims?
TikTok continues to rise in popularity, though their history of complaints and lawsuits paints a different picture. On February 27, 2019 the Federal Trade Commission (FTC) settled with TikTok for $5.7 million in response to a child privacy complaint. This settlement was the largest civil penalty obtained for a child privacy complaint, prompting TikTok to take corrective action by hiring compliance focused employees. Consumer groups now argue that TikTok has failed to make such changes and continues to “flout the law”. In response to national security concerns, President Trump signed an executive order on August 6, 2020 effectively banning the application in the U.S.