Today’s Law360 addresses “HHS Data-Scrubbing Guidance” with quotes from me and others on the subject:
Clarifying the types of data that need to be removed from data sets can also help companies maximize the value of the information that they hold as the value of and ability to use this data for research and public health purposes increases, Foley Hoag LLP security and privacy practice co-chair Colin Zick added.… More
On November 26, HHS OCR released guidance regarding methods for de-identification of protected health information in accordance with the HIPAA Privacy Rule. This guidance fulfills the American Recovery and Reinvestment Act of 2009 (ARRA) mandate that HHS issue such guidance.
Following the passage of ARRA, OCR collected research and views regarding de-identification approaches, best practices for implementation and management of the current de-identification standard and potential changes to address policy concerns.… More
At the end of what was an interesting, but rather ordinary interview in the Wall Street Journal, FTC Chair Jon Leibowitz dropped this interesting nugget:
MS. ANGWIN: The EU has a very different approach to privacy, and there has been concern about whether we’re going to move in that direction. What’s your view?
MR. LEIBOWITZ: My sense is you might see Europe moving a little bit more to our approach of allowing some advertising and allowing some collection of data.… More
The FTC has announced a preliminary agenda for a program it calls “The Big Picture: Comprehensive Data Collection.” This workshop “will explore the practices and privacy implications of comprehensive data collection.”
The program will be held in Washington, DC, on Dec. 6, 2012, and is free and open to the public.
The workshop will be webcast live and a link will be available on FTC.gov. … More
Gant Redmon of Co3 Systems has an interesting take on the differences in U.S. and EU privacy regimes in a Security Week column entitled, “Privacy: Why Europeans Think You’re Inadequate.” In his column, he addresses three key issues: “First, what does privacy mean to folks in the US versus the EU? Second, how has history played a role in defining privacy in the US and EU? … More
Blizzard—maker of the video games Diablo III and World of Warcraft—was sued last week in California over its two-factor authentication service. The complaint seeks class action status.
The concept of two-factor authentication should be familiar to anyone that has used RSA SecurID. When logging into an online service, users enter both a password and a single-use authentication code. Blizzard offers its customers the option of using authentication codes when logging into its Battle.net service. … More