Month: February 2018 (page 2 of 2)

China Releases New Personal Information Privacy Standards

Share

On January 25, 2018, China released the final version of the Personal Information Security Specification, new voluntary standards on the protection of personal information.  The standards anticipate and address the “issues faced in personal information security during the rapid development of IT technology; with the protection of personal information as their core” and is meant to “regulate all phases of big data operations and related conduct, such as the collection, storage, processing, use and disclosure of personal information.”  The standards will go into effect on May 1, 2018.

The standards will apply to organizations using information systems to process personal information; specific departments that involve network security, third party assessment organizations; and other organizations that deal with the oversight, management, and assessment of personal information security.  Generally, they lay out the following 8 basic principles of personal information security.

Continue reading

Drafting an Information Governance Program Charter

Share

This is the second in an occasional series of blog posts providing practical guidance on how to create an information governance program and how successfully to execute on specific information governance projects.

In our first blog post in this series, we discussed managing share drives and getting rid of redundant, outdated and/or trivial information, otherwise known as “ROT.” Today, we will focus on the essential elements of an Information Governance Charter.

Continue reading

FTC Nominees Identify Agency’s Top Challenges in Web Questionnaires

Share

The Senate Commerce, Science & Transportation Committee has set confirmation hearings for February 14 for President Donald Trump’s four nominees to the Federal Trade Commission (FTC).

For the past year, there have been two commissioners leading the agency – Acting Chairman Maureen Ohlhausen and Commissioner Terrell McSweeny.

Continue reading

OCR Kick Starts 2018 with Severe $3.5 Million HIPAA Settlement and Corrective Action Plan

Share

Fresenius Medical Center North America (FMCNA) agreed to pay $3.5 million to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and adopt a two-year comprehensive corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA).

The no-fault resolution agreement states that FMCNA reported five separate incidents that occurred between February 23, 2012 and July 18, 2012 at five distinct FMCNA facilities (FMCNA Covered Entities).  FMCNA provides centralized corporate support to the FMCNA Covered Entities, including storing patient’s medical records, creating and disseminating HIPAA policies and procedures, and investigating the circumstances surrounding each breach reported to it by the FMCNA Covered Entities.

Continue reading

Strava’s Heatmap & IoT Devices

Share

Online fitness tracking app Strava recently published a “heatmap” of data showing the physical movement paths of Strava users around the globe.  The Strava app uses mobile phones’ GPS in conjunction with wearable fitness trackers, such as Fitbit, Garmin, and Xiaomi Mi, to track users’ physical activities, capture performance metrics like speed, pace, and distance, analyze users’ performance, and compare performance metrics with other users.  As useful as this information is to Strava users, it became widely known in late January 2018 that Strava’s heatmap, easily available to the public, shows the movement of soldiers and military personnel in different global locations.  This information can be used to identify, with explicit detail, the location and layout of foreign physical military installations in countries such as Syria and Afghanistan.

Strava’s heatmap, which was updated in November 2017, is a visualization of the company’s global network of athletes.  According to Strava, the heatmap is the “largest, richest, and most beautiful dataset of its kind,” and consists of the following data points:

  • 1 billion activities
  • 3 trillion latitude/longitude points
  • 13 trillion pixels rasterized
  • 10 terabytes of raw input data
  • A total distance of 27 billion km (17 billion miles)
  • A total recorded activity duration of 200 thousand years
  • 5% of all land on Earth covered by tiles

Strava notes that the platform has numerous privacy rules in place, including an enhanced privacy mode, the exclusion of some or all private activities, the cropping of activities to respect user defined privacy zones, and the option to opt-out of contributing data to the heatmap.

Strava’s heatmap highlights a variety of issues associated with the deployment of  Internet of Things (IoT) devices.  The IoT, a broad category of technology that is generally understood to include physical devices that can collect and share data and connect to the Internet, is quickly changing every aspect of our lives, from the way we work and how we purchase goods and services to how we exercise and how well we sleep.  How these devices connect with other devices as well as consumer expectations continue to evolve is this largely unregulated space.

The FTC’s 2012 report, “Protecting Consumer Privacy in an Era of Rapid Change,” provides further insight.

Data Security Concerns Continue in 2018 – Survey Provides New Insight

Share

A vast majority of companies report feeling vulnerable to data breaches and security threats, according to a recent report published by a data security provider and information technology advisory company. It is predicted that companies are planning on spending more than ever before to protect themselves in 2018.

The report, published by Thales eSecurity and 451 Research, summarizes the surveyed responses of more than 1,200 senior security executives employed in the U.S., U.K., Germany, Japan, Sweden, the Netherlands, Korea, and India. Of these respondents, more than one-third had major influence on security-decision making, and nearly half had sole-decision making authority.

Continue reading

Newer posts

© 2018 Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

Disclaimer/Privacy Policy