There have been recent privacy law developments relating to the following:Health Insurance Portability And Accountability Act, Children’s Online Privacy Protection Act, Information Security and the Federal Trade Commission.
Recent Developments In US Privacy Law: HIPAA, COPPA, State Data Security, and Federal Trade Commission Initiatives
Once upon a time, it was fair to say that tackling data privacy issues within an organization was comparable to playing the “whack-a-mole” game at the amusement park. The “moles” (new privacy issues) would suddenly pop up on a tray in front of you (your work inbox), and you would “whack” them quickly with your “privacy compliance mallet,” and they would go away. It’s not that easy anymore. The moles are no longer all the same size and shape. Some are particularly large and ugly, manifesting the different levels of exposure for different privacy concerns (data breach, health/medical privacy, internal investigations and monitoring, conflicts between privacy and other compliance duties, and the like), and new sources of data collection (mobile apps, behavioral advertising, monitoring technologies, and the like). The “rules” of the game (privacy regulations) have also changed. You can no longer just whack all moles on top of the head with your mallet (e.g., issue an accurate privacy notice and maintain reasonable security), but you need to whack some moles on the side (e.g., changing actual business practices through “privacy by design” principles or otherwise). Other moles you need to remove from the game altogether (e.g., terminate a vendor, overhaul a set of information security controls, relegate certain online features to the “Don’ts” category in the “Do’s and Don’ts” company policy). Moreover, you need to attain a much higher score on the game in order to get enough little yellow tickets to redeem your prize at the desk (e.g., enforcement actions are more rigorous, driving you to do more to maintain your organization’s good privacy name). Taken together, it’s therefore more accurate to say that data privacy compliance has become the “whack-a-mole game on steroids.” The following provides a brief overview summary of key recent developments in privacy law. Get your mallet ready.
The Final Rules also include additional modifications related to the use and disclosure of genetic information.