OneTrust_Leaderboard_Banner_ROS_728x90_01_19
MediaPro_Ldbd_ROS_iapp-executive-summary-ad-cta-1-728x90-opt
BNA_21569 BLW ACC 2016 AHLA Survey and Guidance Report BAN 728x90_Ldbd
IAPP_Salary-Survey_300x250_FINAL
CS17_Banner_300x250-COPY
MetaCompliance_Webcon

(Feb 17, 2017) Memorial Healthcare System, of Hollywood, Florida, has settled with the U.S. Department of Health and Human Services for $5.5 million following a HIPAA violation. It must also institute "a robust corrective action plan." While Memorial did have access control policies in place, a former employee of an affiliated physician's office was still able to access protected health information repeatedly, without detection, for a year, affecting 80,000 individuals. Acting HHS Office for Civil Rights Director Robinsue Frohboese said the settlement shows "organizations must implement audit controls and review audit logs regularly." Editor's Note: IAPP members can get tools, guidance and insight on HIPAA in the IAPP Resource Center. Read More

Daily Dashboard

Podcast: What went down at RSA?

(Feb 17, 2017) In this episode of The Privacy Advisor Podcast, Jedidiah Bracy, CIPP, discusses his experience at the RSA Conference in San Francisco, California, this week where he spoke on a panel titled, "Encryption and Back Doors: The Line Between Privacy and National Security." Evident both at RSA and via the IAPP's recently released Privacy Tech Vendor Report, Bracy says, a proliferation of vendors have risen to the challenge of helping companies with the complicated and arduous task of protecting data, and the privacy and security worlds are becoming increasingly intertwined.  Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

Automating risk assessment

(Feb 17, 2017) Rebecca Herold, CIPM, CIPP/US, CIPT, FIP, estimates she has done hundreds of security risk assessments since she took them on as part of her career path. While performing them, even developing her own methodology to help produce them faster, Herold began to notice patterns emerging. Now, she's brought that depth of knowledge to software developer David Greek to create SIMBUS Risk Management, an automation tool for the privacy and security industry. IAPP Staff writer Ryan Chiavetta talked shop with Herold and Greek for Privacy Tech. Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

Arguments begin in Schrems 2.0

(Feb 17, 2017) Justice Caroline Costello, of the High Court of Ireland, has begun hearing arguments regarding Irish Data Protection Commissioner Helen Dixon's request to have the CJEU determine whether standard contractual clauses are legitimate methods for transferring personal data outside the EU, Independent.ie reports. Schrems lawyer Eoin McCullough argued Dixon should suspend transfers immediately, and that the CJEU's involvement is unnecessary, while Facebook lawyer Paul Gallagher agreed the CJEU should not be involved, but rather because Schrems' objections to data transfers are "deeply flawed" and have been overtaken by events surrounding the establishment of Privacy Shield. Read More

Daily Dashboard, Europe Data Protection Digest

WP29 still concerned about Trump immigration order

(Feb 17, 2017) While analysis of U.S. President Donald Trump's executive order on immigration appears to show it does not threaten the underpinnings of the Privacy Shield framework, the Article 29 Working Party would like to be sure, Reuters reports. As part of their February plenary session, the EU DPAs decided to write to U.S. authorities directly to point out concerns and seek clarifications. Reached by Reuters, the U.S. Mission to the EU attempted to quickly allay fears: "The executive order also does not affect Privacy Shield because Privacy Shield protections are not dependent on the Privacy Act." Read More

Daily Dashboard, Europe Data Protection Digest

Study: Anonymous web browsing doesn't mean you stay anonymous

(Feb 17, 2017) A study conducted by Stanford University and Princeton University researchers has found that anonymous browsing data can be frequently tied back to actual identities, The Conversation reports. After having users "donate" their browsing history, researchers attempted to connect the data with their Twitter accounts. "Seventy-two percent of people who we tried to deanonymize were correctly identified as the top candidate in the search results, and 81 percent were among the top 15 candidates," resea... Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

Hacker sentenced to 41 months in prison

(Feb 17, 2017) On Feb. 16, a U.S. district court in New Jersey sentenced Ukrainian hacker Serhiy Vovnenko to 41 months in prison after running a botnet of 13,000 computers to steal login and credit card information from users, Radio Free Europe/Radio Liberty reports. He went on to traffic that data from 2010-2012, the report states. In addition to his prison sentence, Vovnenko must also pay $83,368 in restitution. However, he "could be released in a few months if he receives credit for all 32 months he has already spent in custody," the report states. Read More

Daily Dashboard

Regulators to hold conference on fundraising regulatory compliance in the UK

(Feb 17, 2017) U.K. regulators will host a Fundraising and Regulatory Compliance Conference at Manchester Town Hall on Feb. 21 to outline "regulatory requirements and expectations for fundraising bodies and their boards under current and forthcoming data protection legislation," the U.K. Information Commissioner's Office reports. U.K. Information Commissioner Elizabeth Denham, Fundraising Regulator Head of Policy Gerald Oppenheim and Charity Commission CEO Paula Sussex will speak at the event to a crowd of 300... Read More

Daily Dashboard

My Friend Cayla doll: Off with her head, German agency advocates

(Feb 17, 2017) Germany's Federal Network Agency has urged parents to destroy popular talking doll, My Friend Cayla, believing its smart capabilities too easily leak personal information, BBC News reports. "Researchers say hackers can use an unsecure Bluetooth device embedded in the toy to listen and talk to the child playing with it" from up to 10m (33 ft.) away, the report states. University of Saarland student Stefan Hessel's legal concerns about such potential monitoring spurred the warnings from the FNA. The doll is not a stranger to controversy, having received complaints from both U.S. and EU consumer groups since software vulnerabilities were discovered in January 2015. Read More

Daily Dashboard, Europe Data Protection Digest

Travelers wonder whether to bring phone to US

(Feb 17, 2017) BBC News examines software engineer Quincy Larson's widely shared blog post advising travelers to leave their mobile devices at home when traveling to the U.S. Larson's argument was sparked by the airport detainment and subsequent demand for the smartphone password of American-born NASA engineer Sidd Bikkannavar's phone. Larson viewed this incident as a "dangerous precedent." In light of his suggestion, BBC News' Rory Cellan-Jones reached out to U.K. and U.S. officials for their take. The U.K. F... Read More

Daily Dashboard, Europe Data Protection Digest