data privacy law overview
play

Data Privacy Law Overview Privacy Protections (D) Working Group - PowerPoint PPT Presentation

Dec 28, 2022 •221 likes •465 views

Data Privacy Law Overview Privacy Protections (D) Working Group Jennifer McAdam Senior Counsel DECEMBER 8, 2019 Data Privacy vs. Data Security Data Privacy Data Security How data is collected & How data is stored & used

  1. Data Privacy Law Overview Privacy Protections (D) Working Group Jennifer McAdam Senior Counsel DECEMBER 8, 2019

  2. Data Privacy vs. Data Security Data Privacy Data Security • How data is collected & • How data is stored & used protected: security measures & safeguards • Procedures & policies governing collection and • Procedures & policies to appropriate use of personal ensure data isn’t being used data or accessed by unauthorized parties • Consumers retain control over how their personal • Ex: Insurance Data Security data is used Model Law • Ex: California Consumer Privacy Act 2

  3. NAIC Data Privacy Model Laws • 1980: NAIC Insurance Information and Privacy Protection Model Act (#670) • 1998: Health Information Privacy Model Act (#55) • 2000: Privacy of Consumer Financial and Health Information Regulation (#672) 3

  4. Model #670 Legislative History • 1970: Fair Credit Reporting Act – Addresses the fairness, accuracy and privacy of the personal information contained in the files of the consumer reporting agencies. • 1974: Federal Privacy Act – Governs the collection, maintenance, use, and dissemination of personally identifiable information about individuals that is maintained in systems of records by federal agencies. 4

  5. Model #670 Key Provisions • Sets standards for the collection, use, and disclosure of information gathered in connection with insurance transactions. • Requires insurers to provide notice that alerts the individual of the insurer’s information practices. • Gives consumers right to request an insurer: – Provide access to recorded personal information; – Disclose the identity of the third parties to whom the insurance disclosed the information; – Provide the source of the collected information; – Correct and amend the collected information; – Amend the personal information; and 5 – Delete the collected personal information.

  6. Model #670 Key Definition "Personal information" means any individually identifiable information gathered in connection with an insurance transaction from which judgments can be made about an individual's character, habits, avocations, finances, occupation, general reputation, credit, health or any other personal characteristics. Includes an individual's name and address and "medical record information" but does not include "privileged information". 6

  7. Model #55 Key Provisions Requires carriers to: • Create policies, standards and procedures governing health information • Notice of policies, standards and procedures • Consumer right to access PHI • Consumer right to amend PHI • Provide list of disclosures of PHI • Obtain authorization for collection, use or disclosure of PHI (with exceptions) 7

  8. Model #55 Key Definitions Health information: any information or data, whether oral or recorded in any form or medium, and personal facts or information about events or relationships that relates to: (1) The past, present or future physical, mental or behavioral health or condition of an individual or a member of the individual’s family; (2) The provision of health care to an individual; or (3) Payment for the provision of health care to an individual. Protected health information (PHI): health information: (1) That identifies an individual who is the subject of the information; or (2) With respect to which there is a reasonable basis to believe that the information could be used to identify an individual. 8

  9. Model #672 Legislative History • Provisions governing protection of health information based on: – Health Information Privacy Model Act (#55); and – HHS health information privacy regulations (pursuant to HIPAA) • Provisions governing protection of financial information are based on privacy regulations promulgated by federal banking agencies. 9

  10. Model #672 Key Provisions • Requires insurers provide notice to consumers about its privacy policies and practices; • Describes the conditions under which a licensee may disclose nonpublic personal health information and nonpublic personal financial information about individuals to affiliates and nonaffiliated third parties; and • Provides methods for individuals to prevent a licensee from disclosing that information: – “opt out” for financial info and “opt in” for health info. • Enforced via the state’s Unfair Trade Practices Act. 10

  11. Model #672 Key Definitions Health information: any information or data except age or gender, whether oral or recorded in any form or medium, created by or derived from a health care provider or the consumer that relates to: (1) The past, present or future physical, mental or behavioral health or condition of an individual; (2) The provision of health care to an individual; or (3) Payment for the provision of health care to an individual. Personally identifiable financial information: any information: (1) A consumer provides to a licensee to obtain an insurance product or service from the licensee; (2) About a consumer resulting from a transaction involving an insurance product or service between a licensee and a consumer; or (3) The licensee otherwise obtains about a consumer in connection with providing an insurance product or service to 11 that consumer.

  12. State Adoption of Privacy Models • NAIC Insurance Information and Privacy Protection Model Act (#670)  17 states • Privacy of Consumer Financial and Health Information Regulation (#672)  Every state has a version (19 have adopted only financial requirements – not health) 12

  13. Privacy Standards in Market Conduct Examinations • Standard 10: Procedures for the collection, use and disclosure of information gathered in connection with insurance transactions to minimize any improper intrusion into the privacy of applicants and policyholders. • Standard 11: Developed and implemented written policies, standards and procedures for the management of insurance information. • Standard 12: Policies and procedures to protect the privacy of nonpublic personal information relating to its customers, former customers and consumers that are not customers. • Standard 13: Provides privacy notices to its customers and, if applicable, to its consumers who are not customers regarding treatment of nonpublic personal financial information. 13

  14. Privacy Standards in Market Conduct Examinations cont. • Standard 14: If the regulated entity discloses information subject to an opt-out right, the regulated entity has policies and procedures in place so that nonpublic personal financial information will not be disclosed when a consumer who is not a customer has opted out, and the regulated entity provides opt- out notices to its customers and other affected consumers. • Standard 15: Collection, use and disclosure of nonpublic personal financial information are in compliance with applicable statutes, rules and regulations. • Standard 16: In states promulgating the health information provisions of Model #672), or providing equivalent protection through other substantially similar laws, entity has policies and procedures in place so that nonpublic personal health information will not be disclosed, except as permitted by law, unless a customer or a consumer who is not a customer has authorized the disclosure. 14

  15. General Data Protection Regulation (GDPR) • Effective May 2018 • Applies to U.S. companies that collect data from citizens of the EU over the internet • Requires companies to obtain explicit consent from consumers to collect their data (“opt in”) with an explanation of how the data will be used (consent can be withdrawn anytime) • Provides standards for safeguarding the data 15

  16. California Consumer Privacy Act (CCPA) • Effective January 1, 2020 • Applies to for-profit companies that do any business in California • First U.S. “omnibus” privacy law – imposes broad obligations on businesses to provide consumers with transparency and control of their personal data 16

  17. California Consumer Privacy Act (CCPA) Consumer has right to request that a business: Disclose: • – categories and specific pieces of personal information collected; – categories of sources the information was collected from; business purpose for collecting the information; and – categories of third parties with whom the information is shared, and the specific pieces of personal information that was shared Delete any personal information; • Right to opt-out of information being disclosed to third parties. • With separate opt-in requirements for minors. Right not be discriminated against for exercising rights • (nondiscrimination provision) 17

  18. CCPA Exemptions • Full exemption for protected health information governed by HIPAA and a partial exemption for information subject to GLBA. • If the information subject to GLBA is breached, the consumer can pursue a private civil action against the company. 18

  19. CCPA Key Definition Personal Information: Information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household such as a real name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, social security number, driver's license number, passport number, or other similar identifiers 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Data Privacy for IEEE Volunteer Data Managers 2 Overview Changes in Data Privacy IEEE

Data Privacy for IEEE Volunteer Data Managers 2 Overview Changes in Data Privacy IEEE

Data Privacy for IEEE Volunteer Data Managers 2 Overview Changes in Data Privacy IEEE Privacy Policy Terms & Conditions and Subscriptions Consent Structure and Preferences Meetings, Conferences, and Events

926 views • 36 slides
Privacy & Data Protection Laws Overview and History Introduction to Privacy and the GDPR

Privacy & Data Protection Laws Overview and History Introduction to Privacy and the GDPR

Privacy & Data Protection Laws Overview and History Introduction to Privacy and the GDPR Simone Fischer-Hbner CC-BY-4.0 Privacy Legislation - History 1950 Art. 8 ECHR: Everyone has the right to respect for his private and family

413 views • 4 slides
CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security in Healthcare Li Xiong Healthcare security and privacy HIPAA overview Research survey on information security and privacy in healthcare

1.05k views • 57 slides
Review Review Course Overview Privacy Querying Published data, Encrypted Data yp Statistical

Review Review Course Overview Privacy Querying Published data, Encrypted Data yp Statistical

Review Review Course Overview Privacy Querying Published data, Encrypted Data yp Statistical databases Statistical databases, Differential privacy, Location-based privacy Encryption E ti Insider Threat/ DBMS Steganographic Intrusion

394 views • 24 slides
Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No

Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No

Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No privacy breaches! Public Data Anonymization Data representation? Privacy breach? Value of data? Data publisher Privacy Analyst Work by: Elena

80 views • 3 slides
EU Art.29 Data Protection Users care about privacy Working Party From: Special Eurobarometer

EU Art.29 Data Protection Users care about privacy Working Party From: Special Eurobarometer

28/05/15 Outline Data privacy and the evolving regulation Privacy threats from LBS to geoSN EveryWare Lab Main (location) privacy protection techniques Data Management for Mobile Protecting geo-tagged resource publication

411 views • 7 slides
Data privacy: an overview Vicen c Torra December, 2019 Hamilton Institute, Maynooth

Data privacy: an overview Vicen c Torra December, 2019 Hamilton Institute, Maynooth

Data privacy: an overview Vicen c Torra December, 2019 Hamilton Institute, Maynooth University, Ireland Overview Outline Overview What is data privacy? Why is it necessary and why it is challenging/difficult? Some definitions

2.02k views • 188 slides
matching and the Privacy Act 1988 (Cth) Dimitrios (Jim) Kormas | Assistant Director| Privacy

matching and the Privacy Act 1988 (Cth) Dimitrios (Jim) Kormas | Assistant Director| Privacy

Government data matching and the Privacy Act 1988 (Cth) Dimitrios (Jim) Kormas | Assistant Director| Privacy Assessments 17 May 2018 Brief overview of the OAIC, Privacy Act and Australian Privacy Principles (APPs) OAICs involvement

454 views • 16 slides
Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in many ways over the years. Usually privacy is concerned with the individual human being. We may talk about privacy as the control over your own

230 views • 21 slides
Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

ECE598NB Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics Course Structure Privacy Define privacy Privacy History Privacy has always existed Cities / large populations have made

173 views • 14 slides
Secure Multiparty Computation Introduction to Privacy Preserving Distributed Data Mining Li

Secure Multiparty Computation Introduction to Privacy Preserving Distributed Data Mining Li

CS573 Data Privacy and Security Secure Multiparty Computation Introduction to Privacy Preserving Distributed Data Mining Li Xiong Slides credit: Chris Clifton, Purdue University; Murat Kantarcioglu, UT Dallas Outline Overview Data

901 views • 42 slides
Data privacy and big Data privacy and big data data Engineering & Public Policy Lorrie

Data privacy and big Data privacy and big data data Engineering & Public Policy Lorrie

CyLab Data privacy and big Data privacy and big data data Engineering & Public Policy Lorrie Faith Cranor November 12, 2015 y & c S a e v c i u r P r i t e y l b L a a s b U o 8-533 / 8-733 / 19-608 /

658 views • 21 slides
Privacy October 2006 Overview I. Definition II. Basic Privacy Principles III. Privacy Issues

Privacy October 2006 Overview I. Definition II. Basic Privacy Principles III. Privacy Issues

Simone Fischer-Hbner Privacy October 2006 Overview I. Definition II. Basic Privacy Principles III. Privacy Issues (LBS, RFID,...) IV. European Privacy Legislation/ Directives I. Definition Warren & Brandeis 1890 The right to

694 views • 30 slides
Privacy and Data Protection Designing for Privacy Tobias Pulls CC-BY-4.0 Privacy is a Human

Privacy and Data Protection Designing for Privacy Tobias Pulls CC-BY-4.0 Privacy is a Human

Privacy and Data Protection Designing for Privacy Tobias Pulls CC-BY-4.0 Privacy is a Human Right (1/2) From the United Nations Universal Declaration of Human Rights: Article 12 No one shall be subjected to arbitrary interference with his

338 views • 7 slides
11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity

11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity

11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity Being on-line without giving up everything about you Ensuring collected data doesnt reveal its users data Privacy in Structured Data:

766 views • 49 slides
CS573 Data Privacy and Security Local Differential Privacy Li Xiong Privacy at Scale: Local

CS573 Data Privacy and Security Local Differential Privacy Li Xiong Privacy at Scale: Local

CS573 Data Privacy and Security Local Differential Privacy Li Xiong Privacy at Scale: Local Differential Privacy in Practice (Module 1) Graham Cormode, Somesh Jha, Tejas Kulkarni, Ninghui Li, Divesh Srivastava, and Tianhao Wang Differential

819 views • 38 slides
Quick guide Step 1: Purchasing an RSEvents! membership Step 2: Downloading RSEvents! Step 3:

Quick guide Step 1: Purchasing an RSEvents! membership Step 2: Downloading RSEvents! Step 3:

Quick guide Step 1: Purchasing an RSEvents! membership Step 2: Downloading RSEvents! Step 3: Installing RSEvents! Step 4: Configure RSEvents! Step 5: Add user permissions Step 6: Create event categories Step 7: Create event locations Step 8:

627 views • 35 slides
FERPA Family Educational Rights & Privacy Act Federal Requirements for Security of College

FERPA Family Educational Rights & Privacy Act Federal Requirements for Security of College

FERPA Family Educational Rights & Privacy Act Federal Requirements for Security of College Student Data The Office of Legal Affairs Presented by: Venus D. Boston, Assistant University Legal Counsel What is FERPA? The Family Educational

562 views • 21 slides
Crash Course: California Consumer Privacy Act Overview David Zetoony Partner & Co-Chair of

Crash Course: California Consumer Privacy Act Overview David Zetoony Partner & Co-Chair of

Crash Course: California Consumer Privacy Act Overview David Zetoony Partner & Co-Chair of Global Data Privacy and Security Team 1 Agenda The History of the CCPA Scope of the CCPA What it requires businesses to do.

269 views • 24 slides
RSA PARTNER CENTRAL A step-by-step guide for RSA SecurWorld partners 1 BEFORE YOU BEGIN

RSA PARTNER CENTRAL A step-by-step guide for RSA SecurWorld partners 1 BEFORE YOU BEGIN

REGISTERING FOR RSA PARTNER CENTRAL A step-by-step guide for RSA SecurWorld partners 1 BEFORE YOU BEGIN This guide is intended for existing RSA SecurWorld Partners. You will not be able to access RSA Partner Central until you have

284 views • 16 slides
System deployment and management System Architecture (software) Windows Server 2012 R2 64bit

System deployment and management System Architecture (software) Windows Server 2012 R2 64bit

System deployment and management System Architecture (software) Windows Server 2012 R2 64bit IIS 8 (full features Installation) ASP.NET 4.5.2 Framework SSL certificate for the domain of the site installed on the platform together

373 views • 4 slides
New technology stack in Invenio v2.0 SQLAlchemy , Flask and Jinja2 Ji r Kun car

New technology stack in Invenio v2.0 SQLAlchemy , Flask and Jinja2 Ji r Kun car

New technology stack in Invenio v2.0 SQLAlchemy , Flask and Jinja2 Ji r Kun car jiri.kuncar@cern.ch CERN www.invenio-software.org May 9th, 2012 Outline Introduction Model Controller View Invenio Integration Models Testing

509 views • 26 slides
G T Venkateshwar Rao IRS 1 The message sage by other er tax administr nistrations ations to

G T Venkateshwar Rao IRS 1 The message sage by other er tax administr nistrations ations to

360 degree Profiling -- Using Data Mining to convert information to actionable intelligence G T Venkateshwar Rao IRS 1 The message sage by other er tax administr nistrations ations to o improve rove voluntary untary complian mpliance

397 views • 25 slides
Northwest Federal Credit Union Training Seminar Fall 2013 Discussion Topics Best Practices

Northwest Federal Credit Union Training Seminar Fall 2013 Discussion Topics Best Practices

Northwest Federal Credit Union Training Seminar Fall 2013 Discussion Topics Best Practices Generally Credit Union Remedies Bankruptcy Litigation Process Death of a Member Best Practices Personal Information Best Practice Highlight s:

828 views • 34 slides

More recommend