The Internet Association (IA), a group of 40 major internet and technology firms, called for the establishment of a national privacy framework anchored by six privacy principles on Wednesday. In its press release announcing the principles, the IA indicated its support for the American approach to federal privacy legislation that is “consistent nationwide, proportional, flexible, and encourages companies to act as good stewards of the personal information provided to them by individuals.”
Security Recommendations for Mobile Health Apps
Expanded use of Electronic Health Records (EHRs) is an integral component of the ongoing modernization of the U.S. health care system through digitalization. Among the anticipated advantages of using EHRs are improvements in patient care (e.g., through faster access to relevant information and consequently improved care coordination), increased patient engagement, as well as reduction of medical errors and cost savings. On the other hand, implementing EHRs in a sustainable and legally compliant way requires upfront investment in hardware, software, training, workflow restructuring, as well as management of risks unique to electronic records, such as vulnerability to malicious interference. When EHRs are combined with mobile platforms, the cybersecurity risks multiply. Addressing this latest challenge can be daunting, both for medical practices and EHR product providers.
Continue reading “Security Recommendations for Mobile Health Apps”
UK Information Commissioner’s Office Fines Direct Marketing Company for PECR Violation
The UK Information Commissioner’s Office (ICO) announced that it has fined a direct marketing company, Everything DM Ltd. (EDML) £ 60,000 ($77,421) for failing to take reasonable steps to ensure that unsolicited marketing emails sent on behalf of its clients complied with privacy laws applicable to electronic communications.
California Lawmakers to Consider Technical Amendments to the California Consumer Privacy Act
The California legislature will consider technical amendments to the California Consumer Privacy Act (CCPA), S.B. 1121, by August 31, 2018, which is the deadline in the current legislative session for bills to be passed by the legislature.
Brazil Adopts New Privacy Law Similar to GDPR
On August 14, the president of Brazil signed the Brazilian General Data Protection Law (LGPD) into law. It will become effective on Valentine’s Day 2020. The elements of the new law are similar to the European Union’s General Data Protection Regulation (GDPR).
Continue reading “Brazil Adopts New Privacy Law Similar to GDPR”
Cybersecurity Responsibilities of a Plan Sponsor
Plan sponsors of retirement plans handle a lot personal participant data, but many are unaware of their fiduciary duties in the context of cybersecurity. If a retirement plan suffers a cyberattack, plan assets could be diverted and misused. Under the Employee Retirement Income Security Act (ERISA), the plan sponsor could be held liable for a fiduciary breach for failure to satisfy a duty of loyalty and to act prudently.
Continue reading “Cybersecurity Responsibilities of a Plan Sponsor”