Working in the privacy field in the United States, I observe considerable discussion about the fact that U.S. data protections practices are not currently considered to be “adequate” under EU law. So, as I prepared for a 10-day trip of sightseeing in Milan, Italy and hiking and boating in the Italian Lakes region, I expected that I would enjoy my first true vacation in several years without a thought of privacy issues because I would be in a region of the world that considers privacy to be a human right.
August in Massachusetts is known for trips to the beach, family vacations, and back-to-school activities. But a key event across the state is the Pan Mass Challenge (PMC), a bike-a-thon which, since 1980, has raised over $ 831 million dollars for cancer research and patient care at the Dana Farber Cancer Institute in Boston. This year, my husband and I will get on our bikes as Team Sunshine and participate in our tenth ride hoping to bring our personal fundraising total to over $150,000.
In 2020, when the PMC was “Reimagined” because of the pandemic, I published a Privacy Statement that explains how donations and personal information we receive will be used if you choose to check out my reasons for riding and donate through this link http://profile.pmc.org/SK0183. Like all good privacy policies, notices, and related materials, this Privacy Statement should be reviewed regularly and updated as regulations, business operations, and fundraising needs change. Now, with the PMC “Back in the Saddle” for 2022, I have updated this Privacy Statement:
I recently had the opportunity to visit Embracing our Differences, an annual, outdoor art exhibit in Sarasota Florida. https://www.embracingourdifferences.org/ The exhibit features juried works from across the globe paired with quotes that celebrate the diversity of the human family. This experience led me to consider again the need to respect cultural, business, and regional differences in developing privacy and compliance programs.
By now, most of us are aware of the risk of personal identity theft that results in the misuse of credit card and social security numbers, banking information, or more ominously, medical identities.
Business identity theft is a growing concern that is intended to defraud or hurt a business by creating, using a business’ identifying information without authority. Criminals pose as owners, officers, or employees of a real or fake business to illegally obtain cash or loans or make purchases. In other words, business identity theft is designed to impersonate the business and take fraudulent actions.
This year, we are all talking about small turkeys, small social bubbles, and small outdoor gatherings. Many are spending the holidays alone. The pandemic is raging and our healthcare system is straining to keep us all safe. But solo and small medical practices are not safe from privacy and security enforcement under HIPAA.
While investigations of and fines imposed on larger health systems and insurance companies make headlines, in the last two years, the Department of Health and Human Resources Office for Civil Rights (OCR) has settled enforcement actions brought against a number of solo or small healthcare providers, resulting in substantial fines that can significantly impact profitability and even the ability to remain in practice.
What’s that you say? A privacy consultant could not have been phished. She must know better. Ah, if only that were true. Because October is National Cybersecurity Month, I decided I would come clean. (Fish pun intended.)
Several months ago, I wrote that privacy compliance is like riding a bicycle. But now, after sheltering in place due to the Covid-19 pandemic, I thought back to the few weeks I spent last winter on beautiful Siesta Key in Sarasota, Florida, and started thinking that maybe privacy compliance can be a walk on the beach. Even if you can’t get to your favorite beach vacation now, take a walk with me for a few minutes, and imagine. . .
Our lives have been upended the last few weeks as we deal with the sad, and too often, tragic consequences from the Covid-19/Coronavirus pandemic. Aside from worrying about family members, I have been thinking about privacy, what it is, and how, it too, has been turned upside down. Situations that we considered to be private have become public and vice versa. I tried to amuse myself by playing a game I called “Private or not Private?” Alas, there were no answers. So instead, I offer a few observations and tips on online meetings and work from home concerns, social interactions, regulatory matters, and my best wishes for health and happiness. . . .
In nice weather, which is a precious commodity in New England, I spend a lot of time on my bike. It’s a great way to exercise, spend time outdoors with my husband, and train for a charity fundraiser for an important cause, finding a cure for cancer.
You all know the old adage, once you learn to ride a bike, you never forget. Some may think that this holds true for privacy training and awareness as well. You may think, “We ‘did HIPAA’ years ago, and we are all set” or, “We all know to not click on those strange emails with the dancing snowmen; it’s old news.”
Well bear with me for a moment and let me explain why this type of thinking can cause issues both on the bike and in today’s data-driven workplace . . .
Once again, Data Privacy Day is coming up on January 28 and a weeklong commemoration is underway, known as Data Privacy Week.
Data Privacy Day began in the European Union, which, after a horrific first half or the 20th century, now recognizes privacy as a fundamental human right. Data Privacy Day commemorates the signing of the first of a series of data protection laws on January 29, 1981. These laws have now been replaced by the General Data Protection Regulation (GDPR) which is the model for many of the recently enacted state laws in the United States. In 2009, the United States House of Representatives officially recognized National Data Privacy Day. It took another five years for the U.S. Senate to get onboard, but that’s a story for another day. (Perhaps, election day.)