(Updated) Urgent for California Parents: Detailed student SSNs, medical information to be released by a court

Update for March 3, 2016: This week a judge has ordered that the approximately 10 million records of California students held by the California Department of Education will not be turned entirely over to a group of community nonprofits in the Morgan Hill case. Instead, the judge ordered that several smaller databases will be turned over

Op Ed on Employer-Sponsored Wellness Programs

Today The Guardian published an op-ed I wrote about employer-sponsored wellness programs. You can find that op-ed here. I have researched and written about HIPAA, health plans, wellness, predictive analytics, and big data for years now. A lot of my work coalesced together when Robert Gellman and I researched and wrote the Scoring of America

Update: EU, US reach new Safe Harbor deal

Update for February 29, 2016: The US and the European Commission have released new details about the proposed Privacy Shield program. We have published a new post about this release here. Briefly, the US Department of Commerce has released a 132-page package containing the program principles, letters from the FTC, the Department of Transportation, the Office of the Director

Update on Safe Harbor: Commissioner Jourova’s remarks on the state of the framework talks

The closely watched Safe Harbor talks to craft new privacy rules for transatlantic data flows between the US and the EU have resulted in some preliminary signals today, although a final outcome is still pending. Commissioner Jourova, speaking before the Committee on Civil Liberties, Justice, and Home Affairs, said that the talks had not yet produced an agreement.

Genetic Information Nondiscrimination Act (GINA): WPF files comments on wellness program privacy, purchase of employee genetic data, more

The World Privacy Forum has filed extensive comments on the proposed changes to how the Genetic Information Nondiscrimination Act will be interpreted. Our comments focus on how the proposal will impact wellness program privacy, as well as family and spousal privacy. In our comments, we discuss our concerns with a variety of aspects of wellness program privacy, including the fact that much data from wellness programs falls outside of HIPAA protections. We also have strongly urged the EEOC to not allow employers to purchase genetic information about employees from third parties without consent, among other items related to this issue.