Aug 312017
 August 31, 2017  Posted by  Court, Surveillance, U.S.

Ben Hancock reports:

Civil liberties advocates scored a win at the California Supreme Court on Thursday with a unanimous ruling that data gathered by police license plate readers are not generally exempt from public disclosure under state law.

The American Civil Liberties Union, the Electronic Frontier Foundation, and various news organizations have sought data collected by automated license plate readers (ALPRs) to raise awareness about how much data is collected by police on innocent civilians.

Read more on The Recorder.

Aug 312017
 August 31, 2017  Posted by  Business, Featured News, Surveillance, U.S. reports:

The push to connect vehicles to one another and to the Internet has created a role for federal agencies to clarify its privacy protection role, the Government Accountability Office (GAO) concluded in a report released on Monday. The government watchdog agency is worried that vehicles will continue to collect more and more data while federal standards continue to fall behind, failing to keep up with the pace of change in the industry.


GAO researchers contacted the sixteen automakers responsible for 90 percent of the cars and trucks sold in the United States and found that thirteen of them offered automobiles that connected to the Internet. In 2014, GAO released a report focusing on the privacy of in-car navigation devices (view report), but this report focused specifically on systems that use a SIM card to connect to wireless data providers to provide services such as roadside assistance or automatic crash notification.


Aug 312017
 August 31, 2017  Posted by  Breaches, Govt

Adam Stone reports:

Federal agencies continue to over-collect, over-use and over-display Social Security numbers, leading to the an unnecessarily high risk of identity theft.

That’s the latest from the U.S. Government Accountability Office. In a recent report GAO declares that a decade’s worth of effort to pare the use of SSNs in government has had only “limited success.”

Read more on Federal Times.

Aug 302017
 August 30, 2017  Posted by  Announcements, Healthcare

From HHS, clarification during these difficult times:

HHS Secretary Waives Certain HIPAA Privacy Rule Provisions for Texas and Louisiana Hospitals; OCR Issues Bulletin for Medical Professionals Navigating HIPAA Rules in Emergency Situations

In response to Hurricane Harvey, U.S. Department of Health and Human Services (HHS) Secretary Tom Price, M.D., declared a public health emergency in Texas and Louisiana and has exercised the authority to waive sanctions and penalties against a Texas or Louisiana covered hospital that does not comply with the following provisions of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule:

  • The requirements to obtain a patient’s agreement to speak with family members or friends involved in the patient’s care
  • The requirement to honor a request to opt out of the facility directory
  • The requirement to distribute a notice of privacy practices
  • The patient’s right to request privacy restrictions
  • The patient’s right to request confidential communications

Other provisions of the Privacy Rule continue to apply, even during the waiver period.

When the Secretary issues such a waiver, it only applies: (1) in the emergency area and for the emergency period identified in the public health emergency declaration; (2) to hospitals that have instituted a disaster protocol; (3) with respect to the provisions identified above; and (4) for up to 72 hours from the time the hospital implements its disaster protocol. When the Presidential or Secretarial declaration terminates, a hospital must then comply with all the requirements of the Privacy Rule for any patient still under its care, even if 72 hours have not elapsed since implementation of its disaster protocol.  All other provisions of the HIPAA regulations, including the Security Rule and the Breach Notification Rule, remain in effect.

As emergency personnel and medical facilities undertake immediate action to ensure the safety of those affected, OCR continues to highlight how the HIPAA Privacy Rule allows patient information to be shared to assist in disaster relief efforts and to assist patients in receiving the care they need, regardless of whether a waiver is granted.

For more detailed information regarding HIPAA privacy and disclosures in emergency situations, click here.

For more detailed information regarding emergency situation preparedness, planning, and response, click here.

To utilize the Disclosures for Emergency Preparedness Decision Tool, click here.