Best Practices

Health Industry Cybersecurity Practices: New consensus practices and tools from HHS

The US Department of Health and Human Services (HHS) has produced a set of cybersecurity resources for healthcare provider organizations from small to large. So far, HHS has published four documents: an overview report of cybersecurity issues and practices, two technical volumes, and a toolkit. The documents focus on what an expert multistakeholder consensus group determined to be the five most prevalent cybersecurity threats and the ten core cybersecurity practices. The practices are voluntary, and utilize the NIST cybersecurity framework. The documentation is based in reality, not conjecture, and the documents are not intended to sell any particular products for any particular vendor. This has allowed for a rich and helpful documentation of current challenges along with solutions. See our overview of the four new resources.

Public Comments: WPF comments on proposed revised consent decree re: Uber; requests FTC to hold workshop to determine standards for privacy assessments

In comments to the FTC regarding a proposed revised consent decree with Uber Technologies, Inc., WPF urged the FTC to clarify what the term “assessment” means in the context of a consent decree with a company. The comments note that the requirement for an assessment is not the same as the requirement for an audit.

WPF at RightsCon to Present on Digital Identity, Digital Rights

We are honored to be speaking on two panels at this year’s RightsCon, an event that takes place 29-31 March in Brussels, Belgium. Both of our panels will be on the 31 of March. Here is some additional reading and information for each of the panels: Panel 1: Managing Concerns Around Digital Identity, Fri, 9:00-10:15, Innovation, 1st Floor….

When TVs watch you: What we learned from the FTC’s VIZIO case

Television maker VIZIO is paying $2.2 million in penalties to settle charges after the FTC and the New Jersey Attorney General’s office brought a complaint against the company for violating its customers’ privacy. The complaint against VIZIO stated that the company collected detailed information on millions of its customers TV viewing habits without their express consent, and that VIZIO facilitated something called “data appending,” which is when even more detailed information is added to existing customer profiles.