The World Privacy Forum filed comments regarding the US Federal Trade Commission’s 2023 Notice of Proposed Rulemaking regarding Health Breach Notification. This marks the second set of comments WPF has filed, our first being in 2009 regarding the first iteration of the Health Breach Rule. The comments are technical, and ...
The FTC announced its first enforcement action under its Health Breach Notification Rule . This rule applies to entities that are not covered under HIPAA. The announcement of the proposed order was filed by the U.S. Department of Justice on behalf of the FTC against the " ...telehealth and prescription ...
The FTC held an historic open FTC Commission meeting, during which the Chair and Commissioners conducted their business openly and also provided an opportunity for public comments. The World Privacy Forum was selected to provide a public comment, which focused on the need to update the Health Breach Notification Rule.
The World Privacy Forum has submitted comments to the FTC regarding its proposed consent order In the Matter of Flo Health, Inc. requesting that the FTC conduct further analysis regarding the FTC Health Data Breach Rule and its potential applicability to the alleged unconsented sharing of women's pregnancy, menstruation, mental ...
All 50 states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted data breach notification laws. The first data breach law was passed in 2002 in California, and in 2018 the final two states, South Dakota and Alabama, passed their data breach laws. Some states require ...
WPF Executive Director Pam Dixon will testify before the full committee of the National Committee on Vital and Health Statistics (NCVHS) regarding emerging privacy concerns in the healthcare environment, including the role of artificial intelligence, patient authorizations, and automated access to patient health information. The NCVHS is the statutory [42 ...
The World Privacy Forum advised the SEC in comments today regarding the SEC proposal to modernize the description of business, legal proceedings, and risk factor disclosures pursuant to Regulation S-K. In its notice, the SEC described risk from environmental regulation as material to companies. In its comments to the SEC, ...
We have updated our medical data breach map to bring it current to January 2019. This interactive map displays the location of each medical data breach recorded at the US Department of Health and Human Services from 2009-2018. To get the most from the map, you can view breaches by year, by region, and in a simple text list.
The US Department of Health and Human Services (HHS) has produced a set of cybersecurity resources for healthcare provider organizations from small to large. So far, HHS has published four documents: an overview report of cybersecurity issues and practices, two technical volumes, and a toolkit. The documents focus on what an expert multistakeholder consensus group determined to be the five most prevalent cybersecurity threats and the ten core cybersecurity practices. The practices are voluntary, and utilize the NIST cybersecurity framework. The documentation is based in reality, not conjecture, and the documents are not intended to sell any particular products for any particular vendor. This has allowed for a rich and helpful documentation of current challenges along with solutions. See our overview of the four new resources.
The Marriott data breach announced on Nov. 30, 2018 is a significant breach, reaching across multiple countries and affecting an estimated 500 million people. The breach includes an array of data that does create the potential for meaningful identity theft risk. Who does the breach affect? The breach affected guests ...
The FTC finalized an expanded settlement with Uber, Inc. regarding the company's data security practices. According to the FTC complaint, in the midst of the Commission's original investigation, Uber experienced a second serious breach and waited more than a year after learning of the breach before informing the public or ...
The current debate over federal privacy regulation must be inclusive of secondary and tertiary uses of consumer data. WPF Executive Director Pam Dixon says: "Through our longstanding work regarding data brokers and related harms to consumers, it is abundantly clear that if Congress enacts privacy legislation that fails to effectively regulate data brokers and stop the consumer harms they directly cause, any legislation enacted will be a failure."
The National Academies of Science have released Securing the Vote: Protecting American Democracy . The consensus report richly documents how, during the 2016 presidential election, actors sponsored by the Russian government attacked the US voting and election infrastructure. The report assesses the web of technology infrastructures related to voting, and ...
PDF Version of Release here 24 May 2018 For Immediate Release Historic Data Broker Regulation in the United States Welcomed by World Privacy Forum Vermont: First state to adopt modern rules for unregulated data brokers WPF call for data broker protections to be elevated to national level and provided for ...
Here is a spring 2018 update on a selection of privacy stories WPF has been quoted in over the past few months, many of them quoting our work on privacy. For more articles, see our full World Privacy Forum in the News page. In you missed our recent posts on ...
We have updated our tips for immediate steps victims (or potential victims) of the Equifax data breach can take. In this updated version of our tips, we have added information for individuals in the UK who want to check and see if they have been affected by the breach, and ...
Note: This post has been updated. We have added our tips for immediate steps victims (or potential victims) of the Equifax data breach can take. In this updated version of our tips, we have added information for individuals in the UK who want to check and see if they have ...
Have you ever filled out an application online for a “loan matching service”? If so, you have to hope that you didn’t fill out an application on one of the websites operated by a company called Blue Global. They ran websites like autoloansusa.com, loanmarketplace.com, moneytoday.com, 247loan.com, 100dayloans.com, and others. Court documents released this week by the US Federal Trade Commission reveal that after the company collected consumers' financial information, it sold most of that information to non-lenders, including SSNs, bank account numbers, and ...
The Global Risk Report 2017 from the World Economic Forum cites threats to global economic wellbeing ranging from natural disasters and large scale involuntary migration to -- this year -- risks arising from a "growing cyberdependency." Specific risks the report calls out in this category are cyberattacks, data fraud and ...
On December 14 Yahoo announced a serious security breach in which sophisticated data attackers grabbed users' answers to security questions, among other information such as names, email addresses, phone numbers, and birth dates. This breach is particularly worrisome because it culled sensitive information from 1 billion Yahoo customers, which makes ...
This interactive map displays the location of each medical data breach recorded at the US Department of Health and Human Services from 2009-2016. To get the most from the map, you can view breaches by year, by region, and in a text list.
This coming Thursday, WPF Executive Director Pam Dixon will give a keynote speech on health privacy and security, "The New Healthcare Fraud Continuum." Based on her latest research in health privacy, this talk will be Dixon's first talk about the new fraud continuum, what it is, how it operates, what ...
WPF Executive Director Pam Dixon will testify before the Senate Judiciary this Tuesday, Nov. 3. The hearing is on data broker security, with Chairman Flake presiding. Hearing details: Data Brokers – Is Consumers’ Information Secure? Subcommittee on Privacy, Technology and the Law Date: Tuesday, November 3, 2015 Time: 2:30 pm ...
The World Privacy Forum joined the US PIRG, the National Consumer Law Center and other signatories in a joint letter to the US Federal Trade Commission and the Consumer Financial Protection Bureau regarding the recent Experian data security breach. The letter asks key questions about the breach, and requests the ...
The FCC has announced that it will be considering a declaratory order and ruling June 18, 2015 on more than 20 petitions about robocalls. The ruling would update and clarify the Telephone Consumer Protection Act. The news is very good for consumers, because the FCC has stated clearly in its ...
