New information on Facebook’s user data misuse causes a $30 billion market-value loss. US senators propose the Data Care Act to regulate privacy across the 50 states. Reporting data breaches is now mandatory in Canada. The Department of Health and Human Services wants to modify HIPAA.
Facebook lost $30 billion in market value after the New York Times published documents detailing agreements that Facebook had with companies like Microsoft, Netflix, Spotify, Amazon, and Yahoo to access Facebook users’ data on December 18. For example, Netflix and Spotify could read users’ private messages. However, that was not everything. On December 14, Facebook notified its users of a bug in the Photo API that gave developers access to non-shared photos of 5.6 million users.
Pushed by the recent data breaches, 15 senators in the US proposed the Data Care Act on Wednesday to regulate privacy across the 50 states. The Data Care Act main guidelines are:
- Duty of Care – Must reasonably secure individually-identifiable data and promptly inform users of data breaches that involve sensitive information;
- Duty of Loyalty – May not use individually-identifiable data in ways that harm users;
- Duty of Confidentiality – Must ensure that the duties of care and loyalty extend to third parties when disclosing, selling, or sharing individual-identifying data;
- Federal and State Enforcement – A violation of the duties will be treated as a violation of an FTC rule with fine authority. States may also bring civil enforcement actions, but the FTC can intervene;
- Rulemaking Authority – FTC is granted rulemaking authority to implement the Act.
On November 1st, it became mandatory to notify data breaches in Canada. This is an essential step for Canadian privacy regulation and is something that will require a shift in the operation of Canadian businesses because according to Statistics Canada, only 10% of the businesses affected by a cyberattack report it.
The Department of Health and Human Services (HHS) issued a Request For Information (RFI) for input on how to modify HIPAA on the following issues:
- Encouraging information-sharing for treatment and care coordination;
- Facilitating parental involvement in care;
- Addressing the opioid crisis and serious mental illness;
- Accounting for disclosures of protected health information for treatment, payment, and health care operations;
- Altering a providers responsibility to make a good faith effort to obtain an acknowledgement of receipt of the Notice of Privacy Practices;
After a 2018 plagued with data breaches and important privacy regulation (GDPR), we can expect that in 2019, protecting privacy will become a must for public and private organizations. SC Magazine has eight privacy predictions for 2019, most of them revolve around regulations and their impact on the behaviour of organizations and consumers.
Join our newsletter