An international human rights organization is urging the Chinese government to stop building big data policing technologies that aggregate and analyze citizens’ personal information. Though governments collecting information about its citizens is not new, China has begun pursuing newer and ambitious technologies, such as big data analytics, facial recognition, and cloud computing, to better and more quickly aggregate, mine, and leverage personal information.
Continue reading “Human Rights Watch Denounces China’s Big Data Policing”
Category: Privacy
California’s First 2017 Health Care Data Breach Enforcement Results in $2 Million Settlement
Cottage Health System has settled a state enforcement action over two separate data breaches that made more than 50,000 patients’ medical information publicly available online. The no-fault settlement requires Cottage Health System to:
Continue reading “California’s First 2017 Health Care Data Breach Enforcement Results in $2 Million Settlement”
FDA Approves First Digital Pill
The U.S. Food and Drug Administration has approved the country’s first drug with a digital ingestion tracking system.
Abilify MyCite is a pill that digitally tracks whether patients have taken the medication. The pill contains a sensor that, once ingested, sends a message to a patient’s wearable patch, which then transmits the information to a smartphone application. This voluntary process allows patients, caregivers, and physicians to track this information through a web-based portal if the patient has given consent. Experts believe that such digital devices could have a positive impact on public health by addressing a longstanding problem; in this case, that patients do not take their medicines as prescribed.
A Bipartisan Effort to Focus on Healthcare Cybersecurity
House Energy and Commerce Committee members Reps. Billy Long (R-Mo.) and Doris Matsui (D-Calif.) introduced the HHS Cybersecurity Modernization Act earlier this month in a bipartisan effort to address cybersecurity threats to the Department of Health and Human Services (HHS). Representatives Long and Matsui have both described the bill, H.R. 4191, as a stepping-stone towards improving cybersecurity at HHS and the health care industry at large. However, the bill does not authorize any additional appropriations to do so.
Continue reading “A Bipartisan Effort to Focus on Healthcare Cybersecurity”
A.G. Schneiderman Announces SHIELD Act to Protect New Yorkers
The Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) was introduced in the New York legislature in early November and would amend New York’s state breach notification law. The bill was announced after the release of a New York Office of the Attorney General report found a nearly 60% hike in data breaches affecting state residents in 2016 and following the Equifax breach in September, which A.G. Schneiderman is investigating.
Among other things, the SHIELD Act would:
- Require reasonable security for private information, using standards tailored to the size of the business, while avoiding duplicate regulations and providing incentive to businesses that certify security compliance and provides clear examples of safeguards (e.g., technical, administrative, and physical measures).
- Carve out “compliant regulated entities,” which are defined as those already regulated by, and compliant with, existing or future regulations of any federal or NYS government entity (including NYS DFS cybersecurity regulations; regulations under Gramm-Leach-Bliley; HIPAA regulations) by deeming them compliant with this law’s reasonable security requirement.
- Provide safe harbor from AG enforcement actions under this law for “certified compliant entities,” (those with independent certification of compliance with aforementioned government data security regulations, or with ISO/NIST standards).
- Provide a more flexible standard for small business (less than 50 employees and under $3 million in gross revenue; or less than $5 million in assets): requiring reasonable safeguards “appropriate to the [small business’s] size and complexity.
Continue reading “A.G. Schneiderman Announces SHIELD Act to Protect New Yorkers”
“Hey toy – can you …”
The Federal Trade Commission provided additional guidance on how the Children’s Online Privacy Protection (COPPA) Rule, 16 C.F.R. Part 312, applies to the practice of collecting audio files that contain a child’s voice, immediately converting the audio to text, and deleting the files containing the voice recording triggers COPPA’s requirements.
The FTC guidance provides that it will not take enforcement action against operators who collect audio files without first obtaining verifiable parental consent in situations where the child’s voice is being used solely as a replacement for written words, such as to convert voice to text in order to perform a search and other function on internet-connected devices.