Tuesday, March 26, 2019

Shifting legal landscape for personal data privacy

Image courtesy NCSL
PARCA eNews – Feb. 8, 2019 – By an unanimous vote the New Jersey Assembly passed bill that expands the types of personal information that require notifications to be sent to consumers following a data breach.

The new law requires businesses and public entities to send notifications to consumers if there has been a breach of their Social Security numbers, driver’s licenses or a bank account number if they are accompanied with a password that would allow the account to be accessed.

The New Jersey law is among the first of many states to take up the issue of personal data breach notification, according to the Nation Conference of State Legislatures. New laws in Alabama and South Dakota were passed in 2018 and another 31 states, Puerto Rico and D.C. are considering similar measures.

At the federal level Nevada Senator Catherine Cortex Masto has introduced the Data Privacy Act in the US Senate. If passed the law would give consumers greater say in the types of information collected and require HIPAA-covered entities to obtain consent from patients prior to using or disclosing their health information for reasons other the providing healthcare, payment or healthcare operations.

Under the federal law consumers must be given a method of opting in or opting out of data collections and sharing of sensitive data, including biometric, genetic, and location data.

Sources: National Conference of State Legislatures, and HIPAA Journal

No comments:

Post a Comment