News Alerts and Breach Report for Week of February 20, 2023
Trans-Atlantic Data Privacy Framework Hits Block
The European Parliament’s Committee on Civil Liberties, Justice and Home Affairs has rejected a draft version of the Trans-Atlantic Data Privacy Framework. The draft framework, designed to govern the flow of personal data between the EU and the U.S., is a culmination of efforts to replace its predecessor, Privacy Shield, a data transfer policy that was struck down in 2020. The Court of Justice of the European Union voted to invalidate Privacy Shield because of the degree to which U.S. intelligence services could access EU citizens’ data. This broad reach was ruled a violation of GDPR, and it continues to be a sticking point for the passage of Privacy Shield’s successor. According to Computerworld, Biden’s executive order protecting EU citizens’ data from U.S. surveillance services is an inadequate safeguard for the agreement because it can be reversed or amended at any time. “In particular, the committee noted, the executive order is too vague, and leaves US courts — who would be the sole interpreters of the policy — wiggle room to approve the bulk collection of data for signals intelligence, and doesn’t apply to data accessed under US laws like the Cloud Act and the Patriot Act.”
Deputy Attorney General Warns Against TikTok
On Thursday, U.S. Deputy Attorney General Lisa Monaco warned against using popular social video platform TikTok, which is owned by Chinese company ByteDance. “The bottom line is China has been quite clear that they are trying to mold and put forward the use and norms around technologies that privilege their interests,” she said at a panel on technology and national security at the Chatham House in London. “I don’t use TikTok and I would not advise anybody to do so because of these concerns.” ABC News notes that “in December, Congress banned TikTok from all devices owned by the federal government. TikTok CEO Shou Zi Chew is scheduled to appear before the House Energy and Commerce Committee in March on the company’s data security practices, the committee said last month. More than half of U.S. states have taken steps toward a partial or full ban of TikTok on government devices.”
Healthcare Consortium Releases Data Privacy White Paper
In December 2022, a consortium of healthcare industry participants—including clinicians, hospitals, payers, technology companies, and consumer advocates—came together for The 2022 Health IT Leadership Roundtable on maintaining consumer trust in health care. The discussion resulted in a whitepaper released last week, which according to its executive summary, distills “many of the key conversations and perspectives raised during the Roundtable event, as well as key considerations for moving forward. The White Paper: (1) highlights limitations or gaps in HIPAA’s protection of health data and what current laws or protections exist at the state or federal level for health information that is not protected by HIPAA; (2) details recent actions taken by Congress and the Administration to advance consumer and patient access to their health information, while also maintaining adequate protections for health information; and (3) discusses the data privacy and consumer trust implications associated with new and emerging technologies that are becoming more commonplace in health settings.”
Financial Data Privacy Committee Meets to Discuss Changes to CFPB
Last week, the House Financial Services Subcommittee on Financial Institutions and Monetary Policy met to examine “areas where banking regulations can be updated to align with existing and emerging technologies; the consumer data privacy and breach notification frameworks; barriers to entry for de novo banks and impacts on competition in community banking; and increasing lack of transparency and accountability in bank regulation and supervision,” according to ACA International. Discussions included oversight and legal structure of the Consumer Financial Protection Bureau (CFPB), and updates to the scope of the Gramm-Leach-Bliley Act.
Breach Report:
* * * * * * *
To read our latest article on the Gramm-Leach-Bliley Act’s updated Safeguards Rule (Rule) set to go into effect on June 9, 2023 and what this Rule means for financial institutions and their information security programs, click here.
Jody Westby hosts our podcast, ADCG on Privacy & Cybersecurity, bringing together leaders in the privacy and cybersecurity arenas to discuss a wide range of issues ranging from the proposed federal and state regulations to best practices and standards for compliance. Episodes can be enjoyed on many platforms including Spotify and Apple Podcasts. Don’t forget to subscribe!
We will release Episode 87 on Wednesday. Our guest is Heather West, Silicon Valley rock star and Senior Director of Cybersecurity Services at Venable LLP. We explore artificial intelligence (AI) and chatbots, such as ChatGPT, and discuss what these technologies can do, who will be early adopters and beneficiaries of AI, whether articles or answers generated by AI can be trusted, and look at some of the privacy and security risks associated with AI.
Our most recently released episodes:
86 | Using Tools to Help Manage Incident Response (with guest Lauren Wallace)
85 | How Incident Response Has Changed (with guest Violet Sullivan)
84 | Internet Archive Project Related to Russia’s War with Ukraine (with guest Mark Graham)
To browse our previously published articles and news alerts, please visit our website, and don’t forget to subscribe to receive free weekly Data and Cyber Governance news and Breach Reports directly to your email.