The Consumer Financial Protection Bureau (CFPB) on Dec. 3, 2024, issued its long-awaited proposed rule to amend Regulation V (Proposed Rule), which implements the Fair Credit Reporting Act (FCRA). If enacted, the CFPB's...more
On December 3, 2024, the Consumer Financial Protection Bureau (CFPB) issued a Notice of Proposed Rulemaking (NPRM or Proposed Rule) that proposes to significantly expand the scope of the Fair Credit Reporting Act (FCRA) to...more
If there is one thing artificial intelligence (AI) systems need is data and lots of it as training AI is essential for achieving success for a given use case. A recent investigation by Australia’s privacy regulator into the...more
The Federal Trade Commission (FTC) has a long-standing habit of creating legal obligations through blog posts. Recent communications from the FTC by way of its Office of Technology Blog evidence an aggressive expectation...more
Address the latest updates & emerging trends in privacy - Join us this October for HCCA's virtual event dedicated to privacy compliance. This virtual event provides first-hand insights from government agencies regarding...more
Learning Objectives: - Understand the methods for de-identification - Learn about the differences between anonymization, de-identification, and pseudonymization - Understand what “potential for re-identification”...more
Healthcare providers running on thin margins or just seeking new (and in the case of tax-exempt providers, permissible) revenue sources may jump at the chance when third party vendors offer to help them monetize their patient...more
Today the U.S. Department of Health & Human Services (HHS) finalized rules published in December of 2022 changing the requirements for handling SUD patient information governed by 45 CFR part 2 (Part 2)....more
Does your role require you to stay up to date on healthcare privacy issues and trends? Join us this October for HCCA’s newest learning opportunity, the Healthcare Privacy Compliance Conference. This virtual event will...more
What does the United Kingdom's Information Commissioner's Office's draft guidance say about governance and anonymization? Why is it important for GDPR and for the host of new US Privacy laws, including CPRA, CDPA and CPA? ...more
On November 1, 2021, the Personal Information Protection Law of the People’s Republic of China (the “PRC”) (the “Personal Information Protection Law”) went into effect, two months after the Data Security Law of the PRC (the...more
Although it received little notice, the CCPA was amended effective January 1, 2021 to clarify and modify the exemption relating to de-identified data, with particular focus on medical data. Specifically, AB 713 amended the...more
Report on Patient Privacy 20, no. 11 (November 2020) - HHS Office of the National Coordinator (ONC) for Health Information Technology (ONC) is giving health care organizations more time to meet new rules on information...more
On June 12, 2020, Québec’s then minister of justice, Sonia LeBel, tabled in the National Assembly Bill 64, An Act to modernize legislative provisions as regards the protection of personal information. Bill 64’s purpose is...more
An amendment to the California Consumer Privacy Act (“CCPA”) was signed in September 2020. The CCPA regulates how large companies treat their customers’ personal information. However, the CCPA and healthcare information...more
The CCPA defines both “aggregate consumer information” and “deidentified information.” Aggregate consumer information is defined to mean “information that relates to a group or category of consumers, from which individual...more
Given the significant risk of harm to individuals stemming from data re-identification, it is imperative that the SJC account for data identifiability in determining which information in court records will be made accessible...more
In some cases yes, and in other cases no. The CCPA defines “personal information” as information that, among other things, “is capable of being associated with” a particular consumer....more
Maybe. “Tokenization” refers to the process by which you replace one value (e.g., a credit card number) with another value that would have “reduced usefulness” for an unauthorized party (e.g., a random value used to...more
Maybe. “Salting” refers to the insertion of a random value (e.g., a number or a letter) into personal data before that data is hashed. Whether personal information that has undergone salting and hashing is still...more
Maybe. Hashing refers to the process of using an algorithm to transform data of any size into a unique fixed sized output (e.g., combination of numbers). ...more
New York Attorney General Announces Record Number of Data Breach Notices in 2016 - On March 21, 2017, the New York Attorney General's Office announced that it received 1,300 reported data breaches in 2016—a 60 percent...more
You’ve had your apple a day, but you can’t keep the subpoenas away… And, if your organization is facing a request seeking records or other materials that may contain patient health information (“PHI”), it bears...more
De-identification of data refers to the process used to prevent personal identifiers from being connected with information. The FTC indicated in its 2012 report Protecting Consumer Privacy in an Era of Rapid Change:...more
Data can be valuable for a variety of reasons. Organizations often find that one of its greatest values is to research product or service markets, customer behaviors, or market trends. ...more