Cybersecurity

Jan 23 2020

States That Publish Data Breach Lists: interactive infographic

All 50 states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted data breach notification laws. The first data breach law was passed in 2002 in California, and in 2018 the final two states, South Dakota and Alabama, passed their data breach laws. Some states require reporting of breaches to the

Oct 21 2019

WPF advises SEC regarding data risk factors and disclosures

The World Privacy Forum advised the SEC in comments today regarding the SEC proposal to modernize the description of business, legal proceedings, and risk factor disclosures pursuant to Regulation S-K. In its notice, the SEC described risk from environmental regulation as material to companies. In its comments to the SEC, WPF noted that privacy and

Jan 03 2019

Health Industry Cybersecurity Practices: New consensus practices and tools from HHS

The US Department of Health and Human Services (HHS) has produced a set of cybersecurity resources for healthcare provider organizations from small to large. So far, HHS has published four documents: an overview report of cybersecurity issues and practices, two technical volumes, and a toolkit. The documents focus on what an expert multistakeholder consensus group determined to be the five most prevalent cybersecurity threats and the ten core cybersecurity practices. The practices are voluntary, and utilize the NIST cybersecurity framework. The documentation is based in reality, not conjecture, and the documents are not intended to sell any particular products for any particular vendor. This has allowed for a rich and helpful documentation of current challenges along with solutions. See our overview of the four new resources.

Sep 06 2018

Voting system data breach notifications – National Academies of Science recommendations for securing voting systems

The National Academies of Science have released Securing the Vote: Protecting American Democracy. The consensus report richly documents how, during the 2016 presidential election, actors sponsored by the Russian government attacked the US voting and election infrastructure. The report assesses the web of technology infrastructures related to voting, and gives detailed recommendations for strengthening these

May 24 2018

Privacy News: Historic Data Broker Regulation in the US Welcomed by World Privacy Forum

PDF Version of Release here 24 May 2018 For Immediate Release Historic Data Broker Regulation in the United States Welcomed by World Privacy Forum Vermont: First state to adopt modern rules for unregulated data brokers WPF call for data broker protections to be elevated to national level and provided for consumers in all states in

World Privacy Forum @privacyforum·

10h

U.S. Health & Human Services has appointed Lisa Pino as Director of the HHS Office for Civil Rights (OCR) as of Monday. OCR is tasked with HIPAA privacy enforcement, and is a key health privacy agency in the US. More background about Pino here: https://www.govinfosecurity.com/former-dhs-official-to-lead-hhs-hipaa-enforcement-agency-a-17627

Reply on Twitter 1442893555882618897 Retweet on Twitter 1442893555882618897 Like on Twitter 14428935558826188972

COVID-19 and HIPAA: HHS’s Troubled Approach to Waiving Privacy and Security Rules for the Pandemic

The COVID-19 pandemic strained the U.S. health ecosystem in numerous ways, including putting pressure on the HIPAA privacy and security rules. The Department of Health and Human Services adjusted the privacy and security rules for the pandemic through the use of statutory and administrative HIPAA waivers. While some of the adjustments are appropriate for the emergency circumstances, there are also some meaningful and potentially unwelcome privacy and security consequences. At an appropriate time, the use of HIPAA waivers as a response to health care emergencies needs a thorough review. This report sets out the facts, identifies the issues, and proposes a roadmap for change.
Without Consent: An analysis of student directory information practices in U.S. schools, and impacts on privacy

Without Consent is the first major benchmarking privacy report to examine school directory information practices and related privacy issues in a multi-year study across more than 5,000 schools at the primary, secondary, and postsecondary levels. The research found troubling and challenging student privacy problems that need to be urgently addressed. The report contains extensive findings and recommendations regarding student privacy, and includes best practices, sample forms, and resources for schools, parents, and students.
Patient’s Guide to HIPAA: How to Use the Law to Guard your Health Privacy

Download PDF Download ePub Donate Credits → Version 2.0...