Tag:data breach
Bringing FERPA Up to Grade
The Family Educational Rights and Privacy Act (FERPA) was enacted in 1974 to protect the privacy of student education records. While FERPA provides essential privacy safeguards, it also includes provisions that allow certain student information to be shared with third parties, particularly under the guise of “directory information.” With the increasing concerns surrounding personal data in the digital age, many argue that FERPA’s exceptions undermine its original intent. In an era where other U.S. privacy laws are tightening restrictions on the sharing of personal information, FERPA’s provisions are lagging, leaving students vulnerable to privacy breaches that would be impermissible in other contexts.
AI-ming for Better Healthcare: Legal Issues in Healthcare AI Usage
Artificial intelligence (AI) is a simulation of human intelligence that is subsequently processed by machines. It has revolutionized the healthcare space by improving patient outcomes in a variety of ways. It has also begun to leave a positive impact in health systems and hospitals as healthcare worker burnout remains on the rise. However, there are significant legal challenges that accompany its groundbreaking nature. Hospitals and health systems have a duty to mitigate these legal challenges and understand that AI should be used as a supplement, not a replacement, to human intelligence.
Kidnapped Data: Healthcare Ransomware Attacks
Ransomware attacks are one of the largest threats to the healthcare industry and a tough cybersecurity problem to address. From 2016-2021, there were almost 400 ransomware attacks on healthcare organizations in the US. It is estimated that such attacks exposed the personal healthcare data of over 40 million patients. Since these attacks cannot typically be resolved without paying the ransom, it is important to invest in preventative measures to protect healthcare data from potential breach.
Senate Brings Bipartisan Attempt to Update Health Privacy Regulations
On February 9, a group of senators led by Tammy Baldwin of Wisconsin and Bill Cassidy of Louisiana introduced a new bill, the Health Data Use and Privacy Commission Act (the “Act”), in attempt to revitalize current legislation regarding the protection and use of health data. The bill also has the support of a number of representatives from within the healthcare industry, including Epic, IBM, and Teladoc Health, as well as a number of professional associations like the American College of Cardiology, the Association for Behavioral Health and Wellness, and the Association of Clinical Research Organizations.
FCPA Establishes Corporate Regulation of Text Messaging Apps
On March 12, 2019, the Department of Justice (“DOJ”) announced revisions of the Corporate Enforcement Policy in the Foreign Corrupt Practices Act. The changes now require company oversight of ephemeral messaging apps used by any employee, stock holder, or agent who discusses business records via the messaging platform. Publicly traded companies must now establish internal compliance policies to review use of ephemeral messaging services, provide ongoing oversight of the messaging services, and may want to completely prohibit the use of such messaging apps for business purposes.
Dodging Pitfalls on the Path to Success: Data Management Risks and How to Mitigate them
Every day, thousands of gigabytes of data flow around the world. Transfers between consumers and producers make up a large portion of that data. There has been talk recently of the commercialization of said data, such as Facebook and Google selling their users’ data to third parties. These third parties are more than willing to pay large sums for this information, as it provides actionable data on consumer trends, such as their likes and dislikes. This data can be used by companies to shift their marketing strategies to capture a greater market share. For the e-commerce retailer, whether large or small, this data can be valuable as a resource and a commodity. As such, knowing what you can and can not do with the data is important. Here, we will be discussing Data Management risks when it comes to the collection of consumer data.
Data Breaches: How Do We Keep Our Data Safe?
In the last month, multiple large-scale data breaches were reported by various entities, with 3 breaches reported in the past week alone. Unfortunately, even the most well-known entities do not stand a chance against increasing technological abilities of bad actors. Since the Equifax breach in early September, Whole Foods, Sonic, Deloitte and the Securities Exchange Commission, among others, had similar large-scale breaches affecting consumers across the country.
Personal Information Protection Act (“PIPA”): Redefining Cyber-Security & Consumer Protection
Illinois’ Personal Information Protection Act (“PIPA”) became effective on January 1, 2017. Illinois is just one of many states that recently strengthened their data breach notification systems and created data security laws to enhance protection of personal information. Like other state provisions, Illinois created stronger safeguards for personal information transmitted electronically. This act requires that all personal information provided electronically must be encrypted or redacted. The amendments to PIPA (1) broadened the statute’s definition of personal information; (2) clarified the safe harbor for encryption; (3) addressed required notification to residents after a breach; and (4) established limited exemptions.
Data Breach Notification Laws: Complex and Lacking Uniformity
Amanda Bogle Executive Editor Loyola University Chicago School of Law, JD 2017 When a data breach occurs in an organization, determining whether there is a duty to notify can get complicated quickly. In investigating a breach, the specific facts of the incident become extremely important, as not every breach will require notification. The residency …
Read more