Regulators, industry experts, and researchers provided insight into health privacy and security enforcement trends, emerging threats, and new tools at a recent conference focused on HIPAA. Moving into 2020, organizations with health data should be aware of: Shifting OCR enforcement priorities, regulators’ continued attention to key HIPAA compliance activities, the changing threat landscape for health data, and new guidance and frameworks for health data not regulated by HIPAA.
While eyes focus on the privacy legislative debate now underway in the United States, the development of a new Privacy Framework by the influential National Institute for Standards and Technology (“NIST”) is also worthy of attention. On May 13-14, 2019, NIST hosted its second workshop on the recently released discussion draft of its “Privacy Framework: An Enterprise Risk Management Tool” (“Privacy Framework”). The workshop brought together stakeholders to provide feedback on the draft and suggest areas for revision. NIST had previously hosted a workshop in October 2018 to kick off the development of the Privacy Framework and had presented its thinking at other fora such as the Brookings Institution.
In September, we proudly launched our online client cybersecurity resource portal: Ready, Set, Respond. The portal was designed by our cross-practice team of global practitioners to provide in-house counsel with the tools they need to not only prepare for the inevitable cybersecurity incident, but quickly and easily stay up to date on the evolving state of cybersecurity regulation around the world. Today, we’re taking a closer look at the Asia region with our partner Mark Parsons. Visit Ready, Set, Respond for more information or to take advantage of the tools and data available there.
On November 27, the European Commission released a strategy memo on rebuilding trust in the mechanisms allowing data to flow from the European Union (“EU”) to the United States. The Commission recognizes that EU-U.S. data flows are essential to the strategic and economic partnerships between the two markets. However, revelations about U.S. surveillance programs have, according to the Commission, caused EU Member States and citizens to believe that the current data transfer mechanisms do not provide adequate protections for personal data. To address those concerns and rebuild trust in transatlantic data flows, the Commission recommends six initiatives, including specific recommendations for reforming the U.S. privacy framework. Of particular note, the Commission identified several shortcomings with the EU-U.S. Safe Harbor framework and offered 13 recommendations for reform. And the Commission once again calls on the United States to adopt comprehensive privacy legislation.
Hogan Lovells Privacy and Information Management practice Leader Chris Wolf recently was interviewed by the Bureau of National Affairs (BNA) in a video on what companies should be doing as changes in privacy law get mulled at the FTC, in Congress and internationally. Chris observes that companies collecting, using, sharing and storing personal data should anticipate change, and should begin to provide greater transparency about data collection and use, greater consumer choice over such collection and use, practice data minimization and use specification, and be prepared for changes in the law whether they come legislatively or through regulatroy enfotcement.
BNA graciously has given us permission to provide access to the video for readers of the Hogan Lovells Chronicle of Data Protection. You may access the video in this blog entry.