The health record interoperability dilemma

(Aug 14, 2019) An ongoing U.S. Department of Health and Human Services rulemaking seeks to increase the interoperability of electronic health records (there are two related rulemakings: one by the Centers for Medicare & Medicaid Services and one by the Office of the National Coordinator for Health Information Technology). The comment period for both rulemakings has closed. While increased interoperability is generally a good thing, as well as something required by the 21st Century Cures Act, it also prese... Read More

Why the CCPA's 'verified consumer request' is a business risk

(Aug 14, 2019) Sometimes it seems like all authenticators are compromised. Passwords, identity documents and even knowledge-based authentication — a plethora of these and other authenticators are readily available on the web or the dark web. The terrible beauty of the California Consumer Privacy Act is that innumerable companies will soon be required to undertake totally novel consumer-facing responsibilities. In the name of empowering consumers, the law is actually introducing threat vectors that can be mani... Read More

Perspective: Why the CCPA's 'verified consumer request' is a business risk

(Aug 14, 2019) One of the requirements in the California Consumer Protection Act gives consumers the right to access their data and those requests must be verified. Annie Bai, CIPP/US, CIPM, FIP, and Peter McLaughlin, CIPP/US, raise concerns the upcoming law does not clarify what "verified" means. “The terrible beauty of the California Consumer Privacy Act is that innumerable companies will soon be required to undertake totally novel consumer-facing responsibilities,” they write. “In the name of empowering con... Read More

Op-ed: The health record interoperability dilemma

(Aug 14, 2019) An ongoing U.S. Department of Health and Human Services rulemaking seeks to increase the interoperability of electronic health records. Though the comment period for both rulemakings has closed, Bob Gellman foresees that increased interoperability will create a privacy dilemma. "Patient access to interoperable health records is good, but making those records readily available to patients will lead to widespread commercial access and use outside the health care system," he writes. In this post fo... Read More

Op-ed: FTC needs more enforcement authority, resources

(Aug 13, 2019) In an op-ed for The New York Times, former U.S. Federal Trade Commission Bureau of Consumer Protection Director Jessica Rich writes Congress needs to give the agency more enforcement authority to properly handle privacy cases. Rich writes the agency has been able to do what it can under the Federal Trade Commission Act to take on privacy cases; however, it does not allow the agency to set normative privacy standards for tech companies to follow. Rich argues the agency also needs more resources. ... Read More

As Calif.'s Legislature reconvenes: This CCPA co-architect is watching closely

(Aug 12, 2019) The California legislature reconvenes Monday, leaving one more month to pass any changes to the California Consumer Privacy Act before it goes into effect Jan. 1, 2020. Mary Stone Ross, one of the co-architects of the CCPA, will be watching the California Legislature's activities closely. In this post for Privacy Perspectives, Ross shares what she sees as the top issues in the coming session, including who will "win the battle" over definitions of "personal information" and "deidentified" and wh... Read More

Op-ed: Adtech can no longer ignore consumers' privacy concerns

(Aug 12, 2019) In an op-ed for AdExchanger, Eyeota Chief Technology Officer Pieter de Zwart writes the advertising technology industry needs to better address consumers’ privacy concerns. He writes the industry has not historically taken those concerns seriously; however, they can start to do so by giving users more control over their information. He adds adtech needs to take a look at its attitude toward cookies. “We also need to stop pretending that the answer is solutions leveraging cookies, such as single ... Read More

What one CCPA co-architect will watch closely with Sacramento back in session

(Aug 12, 2019) Sacramento is back in session, and there is one more month to get changes through the Legislature before the California Consumer Privacy Act goes into effect Jan. 1, 2020.  These are some of the issues I will be watching closely: Who will win the battle over the definitions of 'personal information' and 'deidentified'? Tech lobbyists suffered a major blow when AB 873, changing the definition of "deidentified," failed to pass out of the U.S. Senate Judiciary Committee. Assemblymember Jacqui Irw... Read More

Op-ed: FTC can still be the right agency for privacy enforcement

(Aug 9, 2019) In an op-ed for the Brookings Institute, University of California, Berkeley Adjunct Professor of Information and Law Chris Jay Hoofnagle, Northeastern University Professor of Law and Computer Science Woodrow Hartzog and George Washington University Law School Professor of Law Daniel Solove explain why the U.S. Federal Trade Commission is still the best agency to handle privacy enforcement. The authors cite the FTC’s ability to adapt to new technologies and what it has been able to do with limite... Read More

The what, why and how of privacy engineering

(Aug 8, 2019) "Privacy engineering will be central to the privacy profession going forward," writes IAPP Senior Privacy Fellow Caitlin Fennessy, CIPP/US. "That is an easy assertion to make. Privacy professionals have long discussed the importance of building privacy in rather than bolting it on ... – But as technology has raced ahead, the need for privacy engineering has evolved and intensified." In this in-depth post for Privacy Tech, Fennessy discusses the IAPP's privacy engineering initiative — to better d... Read More