World Privacy Forum

Report: From the Filing Cabinet to the Cloud: Updating the Privacy Act of 1974

Patient’s Guide to HIPAA: How to Use the Law to Guard your Health Privacy

prev next

May 22 2023

A potential path forward after the Irish Data Protection Commission enforcement decision regarding Meta Ireland

The Irish Data Protection Commission (DPC) has determined that Meta Ireland infringed Article 46(1) of the GDPR when it “continued to transfer personal data from the EU/EEA to the USA following the delivery of the CJEU’s judgment in Data Protection Commissioner v Facebook Ireland Limited and Maximillian Schrems.” The DPC has given Meta Ireland 6 months to find a solution. This is just enough time to create the possibility of a road forward; a possibility which is contained primarily in the effective implementation of proposed European – U.S. Data Privacy Framework on the part of the U.S. and the EU.

Apr 27 2023

WPF Executive Director to serve as Senior Rapporteur for ID4Africa workshops regarding policy and regulatory challenges for digital identity and privacy and data protection in ID systems

The World Privacy Forum is pleased to announce Executive Director Pam Dixon has been invited to serve as the Senior Special Rapporteur for two workshops at the 2023 ID4Africa Annual General Meeting which will take place in Nairobi, Kenya 23-25 May. ID4Africa is regarded as the single most important gathering of identity experts and authorities in the world. The focus of Dixon’s rapporteur work will include policy and regulatory challenges for digital identity: the African perspective (Workshop 2), and privacy and data protection in identity systems (Workshop 4)…

Apr 12 2023

Emerging Technologies, Human Subject Research, and the Common Rule: High level overview of the 2023 OHRP Research Community Forum

Earlier this month, WPF attended a joint conference focused on the shifting dynamics of how the Common Rule that governs human subject research in the US will be interpreted amidst new technological shifts such as AI. The department of Health and Human Services is seeking to define what the next steps and new policy frameworks should be to ensure the Common Rule protects individuals in current and future research environments. Details on the presentations, conversations, and key takeaways in the post.

Feb 15 2023

Kate Kaye joins WPF as Deputy Director

News, Press, and Media

The World Privacy Forum is delighted to announce that award-winning technology journalist Kate Kaye will join WPF as its deputy director. As a longstanding technology journalist, Kate has been at the forefront of emerging technology, data privacy, and governance issues. Her reporting exposed the earliest forms of online political microtargeting and voter data use, explained

Feb 01 2023

FTC takes first enforcement action under its Health Breach Notification Rule; also takes action against misrepresentation of HIPAA compliance

The FTC announced its first enforcement action under its Health Breach Notification Rule. This rule applies to entities that are not covered under HIPAA. The announcement of the proposed order was filed by the U.S. Department of Justice on behalf of the FTC against the “…telehealth and prescription drug discount provider GoodRx Holdings, Inc. for

National IDs Around the World — Interactive map

About this Data Visualization: This interactive map displays the presence...
Report: From the Filing Cabinet to the Cloud: Updating the Privacy Act of 1974

This comprehensive report and proposed bill text is focused on the Privacy Act of 1974, an important and early Federal privacy law that applies to the government sector and some contractors. The Privacy Act was written for the 1970s information era -- an era that was characterized by the use of mainframe computers and filing cabinets. Today's digital information era looks much different than the '70s: smart phones are smarter than the old mainframes, and documents are now routinely digitized and stored and perhaps even analyzed in the cloud, among many other changes. The report focuses on why the Privacy Act needs an update that will bring it into this century, and how that could look and work. This work was written by Robert Gellman, and informed by a two-year multi-stakeholder process.
COVID-19 and HIPAA: HHS’s Troubled Approach to Waiving Privacy and Security Rules for the Pandemic

The COVID-19 pandemic strained the U.S. health ecosystem in numerous ways, including putting pressure on the HIPAA privacy and security rules. The Department of Health and Human Services adjusted the privacy and security rules for the pandemic through the use of statutory and administrative HIPAA waivers. While some of the adjustments are appropriate for the emergency circumstances, there are also some meaningful and potentially unwelcome privacy and security consequences. At an appropriate time, the use of HIPAA waivers as a response to health care emergencies needs a thorough review. This report sets out the facts, identifies the issues, and proposes a roadmap for change.

A potential path forward after the Irish Data Protection Commission enforcement decision regarding Meta Ireland

WPF Executive Director to serve as Senior Rapporteur for ID4Africa workshops regarding policy and regulatory challenges for digital identity and privacy and data protection in ID systems

Emerging Technologies, Human Subject Research, and the Common Rule: High level overview of the 2023 OHRP Research Community Forum

Kate Kaye joins WPF as Deputy Director

FTC takes first enforcement action under its Health Breach Notification Rule; also takes action against misrepresentation of HIPAA compliance

Reports

Infographics

WPF in the News