Top Stories
FTC Seeks to Update Health Breach Notification Rule to Clarify Health App Coverage
The Federal Trade Commission (FTC) proposed amendments to the Health Breach Notification Rule, aiming to enhance patient privacy protection for the millions of patients utilizing digital health apps.
The FTC Pushes Boundaries With Proposed Health Rule Change
Proposed changes unveiled this week by the Federal Trade Commission to its health breach rule have many advocates agreeing that personal health data needs stronger protections even as some question whether the agency has the legal authority to enact its proposal.
Breaches
Dental Health Insurer Hack Affects Nearly 9 Million
Fort Lauderdale, Florida-based MCNA insurance Company, in a data breach notification letter filed with the Maine state attorney general's office, said it detected unauthorized access to certain MCNA systems on March 6 and discovered that certain systems within the network were infected with malicious code.
Harvard Pilgrim Health Care ransomware attack hits 2.5 million people
Harvard Pilgrim Health Care (HPHC) has disclosed that a ransomware attack it suffered in April 2023 impacted 2,550,922 people, with the threat actors also stealing their sensitive data from compromised systems.
Privacy
The ranging impacts of Florida's Digital Bill of Rights
On 4 May, the Florida Legislature passed Senate Bill 262, the Florida Digital Bill of Rights. Unlike the comprehensive privacy laws recently enacted in other states, most of the bill's provisions carry narrow scopes that apply only to large technology companies.
Texas latest to add comprehensive state privacy law
The most notable difference is HB 4's coverage thresholds, which do not include common monetary stipulations other states adopted and rely instead on a unique three-factor applicability standard. But the bill's familiar provisions will be equally impactful, including requirements for recognition of universal opt-out mechanisms by 1 Jan. 2025.
Out of the mouths of babes? FTC says Amazon kept kids’ Alexa voice data forever – even after parents ordered deletion | Federal Trade Commission
“Stop it!” Moms and Dads may have to repeat that instruction to their kids, but when parents said it to Amazon in an effort to get the company to delete children’s voice data obtained through its Alexa voice assistant, Amazon should have honored those requests immediately. But according to a complaint filed by the Department of Justice on the FTC’s behalf, Amazon responded by deleting files in some databases while maintaining them elsewhere – meaning the information was available for Amazon to use for its own purposes. The lawsuit alleges Amazon violated the Children’s Online Privacy Protection Act Rule by flouting parents’ deletion requests, retaining kids’ voice recordings indefinitely, and not giving parents the straight story about its data deletion practices. Amazon also allegedly violated the FTC Act by falsely representing that Alexa app users could delete their geolocation information and voice recordings and by engaging in unfair privacy practices related to deletion, retention, and employee access to data.
Europe
ORG report finds that ICO failed to hold the government to account over use of public health data during pandemic | Open Rights Group
A report published by the Open Rights Group claims the ICO failed to act in response to government breaches of data protection regulations related to the COVID-19 health programs NHS Test and Trace, NHS Contact Tracing App and NHS Datastore. In a statement, the ICO said it disagrees with the report, noting its "priority during the pandemic was to ensure organisations understood how data protection law could facilitate action at a time of emergency."