The World Privacy Forum filed comments regarding the US Federal Trade Commission’s 2023 Notice of Proposed Rulemaking regarding Health Breach Notification. This marks the second set of comments WPF has filed, our first being in 2009 regarding the first iteration of the Health Breach Rule. The comments are technical, and focus on the fundamental challenges
The FTC announced its first enforcement action under its Health Breach Notification Rule. This rule applies to entities that are not covered under HIPAA. The announcement of the proposed order was filed by the U.S. Department of Justice on behalf of the FTC against the “…telehealth and prescription drug discount provider GoodRx Holdings, Inc. for
The FTC held an historic open FTC Commission meeting, during which the Chair and Commissioners conducted their business openly and also provided an opportunity for public comments. The World Privacy Forum was selected to provide a public comment, which focused on the need to update the Health Breach Notification Rule.
The World Privacy Forum has submitted comments to the FTC regarding its proposed consent order In the Matter of Flo Health, Inc. requesting that the FTC conduct further analysis regarding the FTC Health Data Breach Rule and its potential applicability to the alleged unconsented sharing of women’s pregnancy, menstruation, mental health, and other data with
All 50 states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted data breach notification laws. The first data breach law was passed in 2002 in California, and in 2018 the final two states, South Dakota and Alabama, passed their data breach laws. Some states require reporting of breaches to the