HIPAA Compliance for Medical Practices
83.8K views | +4 today
Follow
HIPAA Compliance for Medical Practices
HIPAA Compliance and HIPAA Risk management Articles, Tips and Updates for Medical Practices and Physicians
Your new post is loading...
Your new post is loading...
Scoop.it!

Does Obama privacy push have oomph?

Does Obama privacy push have oomph? | HIPAA Compliance for Medical Practices | Scoop.it
President Barack Obama’s rollout of privacy and data security policies Monday offered big promises to protect consumer information online, but the reality is his legislative ideas are a long shot in Congress and his voluntary industry initiatives lack enforcement teeth.

The package of proposals — including a data-breach notification law and a privacy bill of rights — are mostly a rehash of previous administration proposals. While some lawmakers have expressed interest in data breach and student privacy bills, such legislation has made little progress in the past. Congress has even less enthusiasm for the base-line privacy bill that Obama says he will release in coming weeks.

The president’s announcement comes on the heels of the high-profile Sony hacking case and after a year of major retail hacks that compromised millions of Americans’ credit cards. But the glacial progress of privacy and data security legislation shows just how difficult it has been for Washington to come up with workable new laws in this area.

In a 15-minute speech at the Federal Trade Commission, Obama previewed proposals that will be part of his State of the Union address on Jan. 20. Pressing Congress to take action, the president led his speech with recent headlines from the Sony hack.

“This mission, protecting our information and privacy in the information age, this should not be a partisan issue,” Obama said. “It’s one of those new challenges in our modern society that crosses the old divides — transcends politics, transcends ideology. Liberal, conservative, Democrat, Republican, everybody is online, and everybody understands the risks and vulnerabilities as well as opportunities that are presented by this new world.”

White House press secretary Josh Earnest later put it more bluntly. “I do think that, certainly, in the aftermath of some of the more recent cyberattacks we’ve seen that have been carried out against a number of private companies, including most recently Sony, hopefully that got the attention of people on Capitol Hill,” he said.

Obama’s data-breach proposal would impose a national standard for companies to notify consumers, in the event their information is stolen or compromised, within 30 days of the discovery of an incident. His student privacy bill, modeled on a California measure, would impose new restrictions on companies that collect or store student data while providing products and services to K-12 schools.

The president also announced that JPMorgan Chase and Bank of America are joining a list of firms making credit scores available for free to consumers to combat identity theft, the top consumer complaint for 14 years running at the FTC.

Some privacy advocates, while bullish for laws that will tighten consumer privacy, remain skeptical that Obama’s push will have any oomph behind it, seeing it more as a public relations maneuver designed to reassure European privacy officials as they work to complete a trade deal by the end of the year.

“An unannounced but intended audience for the administration’s plan is to remove a serious obstacle to its plans for a U.S.-EU trade deal, known as TTIP,” or the Transatlantic Trade and Investment Partnership, said Jeff Chester, executive director of the Center for Digital Democracy. Consumer privacy has been one of the sticking points with EU officials who worry that the U.S. doesn’t have a comprehensive privacy framework.

There is some support for a data-breach bill in the new Congress, and industry groups and the FTC have long pressed for a federal law to streamline the 49 different state breach rules they have to follow. Reps. Marsha Blackburn (R-Tenn.) and Peter Welch (D-Vt.) say they are already working on a data-breach bill.

“There has been consensus and a call from many in the business community several years running for data-breach legislation,” said Stu Ingis, a partner at Venable and counsel to the Digital Advertising Alliance, which represents several marketing and advertising groups.

But such legislation has repeatedly run into fears that a federal standard would weaken stricter rules enacted by states — a theme some privacy advocates hit again Monday.

“The Personal Data Notification and Protection Act would pre-empt stronger state laws and contains no private right of action,” said Marc Rotenberg, executive director of the Electronic Privacy Information Center. He said the president’s student privacy plan “looks promising,” adding the country ultimately needs a more comprehensive approach to online privacy issues.

“The White House announcement is a step in that direction. But more needs to be done,” Rotenberg said.

Obama touted the 75 education tech companies that have voluntarily committed to keeping student data private, including Microsoft. Apple, which did not sign on initially, has now committed to the pledge. But other major players in the ed tech market, including Google and Pearson, are still not listed as signatories.

Concerns over student privacy have grown steadily as the use of online tools has exploded in classrooms. Ed tech companies can scoop up millions of data points on each child by monitoring them as they click through digital textbooks, educational games and online homework assignments. They can build detailed profiles of students’ academic ability — and also of their cognitive skills, including their learning styles.

The prospect of such intimate information being mined for possible commercial gain has mobilized parent privacy activists from across the political spectrum.

The administration has eyed privacy and data security measures since the president’s first term and proposed a national data-breach standard as part of a cybersecurity proposal in 2011. It unveiled a blueprint for a consumer privacy bill of rights in 2012.

Some parts of the tech industry said the president should have broadened his proposal to include surveillance reform, a key issue for Internet companies following Edward Snowden’s leaks about the National Security Agency.

“The president missed an opportunity to address the continued push by law enforcement and intelligence agencies to weaken security for the purpose of surveillance,” said Daniel Castro, senior analyst for the Information Technology and Innovation Foundation. “These actions threaten the competitiveness of the U.S. tech sector and discourage consumer confidence in digital products and services.”
No comment yet.
Scoop.it!

Obama's data-breach initiative has privacy advocates optimistic, cautious

Obama's data-breach initiative has privacy advocates optimistic, cautious | HIPAA Compliance for Medical Practices | Scoop.it

There may finally be a standard set of rules for how US companies protect customer's data in the aftermath of a breach, if new proposed rules from the president become law.

For years, companies in America have contended with a patchwork of laws regarding how they treat customer information. Some states have strict rules, designed to ensure consumer protection. Others have none.

President Barack Obama wants that to change, and so do consumers. A Pew Research study conducted last year found 18 percent of consumers have seen their credit card, bank account, or Social Security number stolen, up from 11 percent only six months earlier.

They have reason to be concerned. The Identity Theft Resource Center said data breaches in the US were up 27.5 percent in 2014 over the year before. The past couple of years have been filled with headlines about catastrophic data breaches from Target and Home Depot, as well as arts and crafts chain Michaels and restaurant chain P.F. Chang's. In November, Sony Pictures suffered one of the worst hacks in corporate history.

Now, the government may step in, at least to ensure consumers are protected. President Obama on Monday proposed a new law called the Personal Data Notification and Protection Act, which would create a basic set of rules for how companies handle their customer information. It also would criminalize international trade in stolen personal identity information.

Aside from one specific rule that would require companies to notify customers within 30 days of the discovery of a data breach, there aren't many other details available yet about Obama's proposal. The president is expected to outline more specifics in his State of the Union speech next week.

In the mean time, tech industry executives and privacy advocates are excited at the prospect of a renewed effort to create a national standard. They say the bills that succeed are typically aimed at the government and how it handles information, rather than corporations.

Now that could change.

"This is a huge shot in the arm to a much-needed advancement for our legislative protections," said Scott Talbott, who heads up government relations for the trade group Electronic Transactions Association.

Some, like Alvaro Bedoya, the executive director of the Center on Privacy and Technology at Georgetown University, are cautiously optimistic. "Some states tend to have very strong data breach laws," he said. "We're going to need to put the Obama proposal side-by-side with those states' laws and see how they stack up."

Many questions still remain

While 47 states have laws requiring companies to at least notify consumers of security breaches involving their personal information, according to the National Conference of State Legislatures, the similarities often end there.

The toughest state laws, said Bedoya, have strong provisions for credit monitoring, requiring companies give affected consumers at least a year of free credit protection. Companies must notify consumers that their information has been compromised within 30 days. California, for example, lets its residents attempt to recover damages, making it one of most aggressive.

But South Dakota, Alabama and New Mexico have no data breach protections at all for consumers, according to Heidi Shey, a security and risk analyst at research firm Forrester.

The Electronic Privacy Information Center, a research group that tracks privacy and civil liberties issues, said the proposal would greatly impact consumers in those places, while also creating a minimum set of rules that all companies would have to follow.

President Obama isn't the first to propose such nationwide measures. In the previous session of Congress alone, which lasted from 2013 to 2015, there were four similar bills in the House of Representatives and two in the Senate. All of them went nowhere.

But that was before the latest string of privacy breaches. "It's important to have this in place from a consumer perspective," said Forrester's Shey. "If we have 50 separate laws, it makes it so much harder for a company to respond. It gets easy to drop the ball."


No comment yet.