Discerning Data Editorial Board, Author at Discerning Data

Connected Cars in 2018 – Ready for the Fast Lane?

One of the most frequent predictions for significant growth in 2018 is the development of the connected car ecosystem. During the second half of 2017, there were workshops, proposed legislation and other guidance from the Department of Transportation and the National Highway Traffic Safety Administration (NHTSA).

In June 2017, the FTC and the NHTSA hosted a workshop in Washington, D.C. to discuss the enormous amounts of data collected and used in the connected car ecosystem. The workshop included representatives from consumer groups, industry, government and academia, and explored the benefits and challenges in this fast-growing market. After reviewing the materials submitted in connection with the workshop, the FTC released its Key Takeaways earlier this month.

In addition, the U.S. House of Representatives passed H.R. 3388, the SELF DRIVE (Safely Ensuring Lives Future Development and Research in Vehicle Evolution) Act to encourage testing, development and deployment of highly automated vehicles. Finally, the U.S. Department of Transportation and the NHTSA released new federal guidance for automated vehicles titled Automated Driving Systems 2.0: A Vision for Safety.

Continue reading “Connected Cars in 2018 – Ready for the Fast Lane?”

United States Is First Country to Join APEC Privacy Recognition for Processors Program

The United States recently became the first country to participate in the new Asia-Pacific Economic Cooperation (“APEC”) Privacy Recognition for Processors (“PRP”) program. Finalized in 2016 and designed to certify privacy compliance for personal information processors within the Asia-Pacific region, the PRP program offers a trustmark certification to processors that demonstrate their capacity to assist data controllers in complying with relevant privacy obligations. According to APEC, the PRP program was created so that (1) data controllers are able to identify qualified data processors to implement data controllers’ data processing obligations, (2) data processors are able to demonstrate their ability to provide effective implementation of a controller’s privacy requirements, and (3) small and medium-sized institutions are able to gain exposure and visibility into a global data processing network. Continue reading “United States Is First Country to Join APEC Privacy Recognition for Processors Program”

Singapore Addresses Confidentiality of Electronic Patient Records in New Healthcare Services Bill

Singapore’s Ministry of Health (MOH) recently drafted a new Healthcare Services (HCS) Bill aimed to bridge the gap between the country’s changing healthcare needs and technological advances. According to the MOH, the healthcare landscape in Singapore is undergoing significant changes, including an ageing population, increased chronic disease prevalence, and advancements in medicine and health technologies. The HCS Bill will “better safeguard the safety and well-being of patients, while enabling new and innovative services that benefit patients to be developed, in the changing healthcare environment.”

Currently, healthcare providers in Singapore are licensed and regulated under the Private Hospitals and Medical Clinics Act (PHMCA), which was designed to protect patient safety through the licensing of physical healthcare premises. But, brick and mortar locations are quickly becoming a thing of the past as more and more healthcare services are delivered through mobile and online channels. MOH intends to respond to this shift by repealing the PHMCA and replacing it with this new HCS Bill.

Continue reading “Singapore Addresses Confidentiality of Electronic Patient Records in New Healthcare Services Bill”

Battling Botnets – Evolving U.S. Government Policies and Frameworks to Address Security and Resiliency Challenges

The Secretaries of the Department of Commerce and the Department of Homeland Security, through the National Telecommunications and Information Administration (NTIA), in early January 2018 issued a draft report to further public discussion about enhancing the resilience of the Internet and communications ecosystem against botnets and other automated distributed threats. This report continues work initiated under Presidential Executive Order 13800, “Strengthening the Cyber Security of Federal Networks and Critical Infrastructure.” The report seeks additional public comment on known and evolving risks within and to the ecosystem and aims to forge consensus on what approaches warrant consideration for the government either to adopt or to encourage. Commenters are asked to evaluate a range of proposed goals and actions to achieve a more resilient ecosystem as well as to address the roles various stakeholders play in achieving and maintaining resiliency of the ecosystem nationally and globally. Comments are due on the draft report by February 12, 2018 and the final report is due the president by May 11, 2018.

Six principal themes emerged from the government’s analysis of prior comments on identifying and mitigating botnet and other cyber threats, namely that:

Automated distributed attacks are a global problem;
While effective tools exist, they are not widely used
Products should be secured during all stages of their life cycle.;
Improved education and awareness are necessary;
Current market incentives are misaligned; and
Automated distributed attacks are an ecosystem-wide challenge.

Continue reading “Battling Botnets – Evolving U.S. Government Policies and Frameworks to Address Security and Resiliency Challenges”

Connecticut Supreme Court Establishes Private Right to Sue Over Medical Record Breaches

The Connecticut Supreme Court has joined several other states by holding that health care providers owe patients a common law duty to maintain the confidentiality of their medical records. In a unanimous reversal of the lower court’s ruling, the court determined that the unauthorized disclosure of confidential information obtained in the course of a physician-patient relationship gives rise to a cause of action in tort against the health care provider, unless the disclosure is otherwise allowed by law.

Emily Byrne sued the Avery Center for Obstetrics and Gynecology, P.C. (“Avery”) for negligence and negligent infliction of emotional distress in connection with Avery’s release of her medical records in response to a subpoena issued by her ex-boyfriend, Andro Mendoza, in the course of a paternity action. The subpoena instructed Avery to send the custodian of its records to appear, together with Byrne’s medical records, at the New Haven Regional Children’s Probate Court. Avery did not alert Bryne about the subpoena, file a motion to quash it, or appear in court – it mailed Byrne’s medical records. Bryne alleges that she suffered harassment and extortion threats from Mendoza because Avery gave him access to her medical records without her knowledge or consent.

Continue reading “Connecticut Supreme Court Establishes Private Right to Sue Over Medical Record Breaches”

VTech Settlement Resolves COPPA Allegations in FTC’s First Connected Toy Case

The Federal Trade Commission announced a settlement with VTech Electronics Limited and its U.S. subsidiary in the FTC’s first case involving Internet-connected toys.

VTech had been charged with violating the FTC Act and the Children’s Online Privacy Protection Act (COPPA) by collecting personal information from children without providing direct notice and obtaining their parent’s consent, as well as failing to properly secure the data it collected. The settlement includes a payment of $650,000 in civil penalties, injunctive relief, and the establishment of a comprehensive security program.

Background

VTech, a Hong Kong corporation, and VTech Electronics North America, advertise, market and distribute electronic learning products (ELPs). The companies offer online games available through the ELPs and operate the Learning Lodge Navigator online service, a platform similar to an app store that allows customers to download child-directed apps, games, e-books and other online content. As of November 2015, approximately 2.25 million parents had created accounts with Learning Lodge for nearly 3 million children, according to the FTC.

Continue reading “VTech Settlement Resolves COPPA Allegations in FTC’s First Connected Toy Case”

DISCERNING DATA

A Faegre Drinker Blog Covering the Latest in Privacy, Cybersecurity and Data Strategy

Author: Discerning Data Editorial Board