isba privacy cle “special areas”
TRANSCRIPT
![Page 1: ISBA Privacy CLE “special areas”](https://reader036.vdocuments.mx/reader036/viewer/2022062900/58ece50a1a28ab4e7e8b4651/html5/thumbnails/1.jpg)
“Special Areas” - HIPAA, COPPA & State Laws
ISBA Privacy CLE:
![Page 2: ISBA Privacy CLE “special areas”](https://reader036.vdocuments.mx/reader036/viewer/2022062900/58ece50a1a28ab4e7e8b4651/html5/thumbnails/2.jpg)
HIPAA: Privacy
Health Information Privacy• Protection against the disclosure of Personally Identifiable Health Information
• demographic information• individual physical or mental health• provision of or payment for health care • Transmitted or maintained in any form or medium by a Covered Entity or its
Business Associate 45 CFR § 160.103• “Covered Entities” = any entity that bills electronically or stores electronic
medial records
![Page 3: ISBA Privacy CLE “special areas”](https://reader036.vdocuments.mx/reader036/viewer/2022062900/58ece50a1a28ab4e7e8b4651/html5/thumbnails/3.jpg)
HIPPA: Rules
Three Key Concepts1. The Privacy Rule:
– Federal standards to protect medical records & health information
– Provide patients with access to medical records & control over disclosure
2. The Security Rule: – Standards to protect creation, receipt, use, or
maintenance – Requires appropriate administrative, physical and
technical safeguards – 45 CFR Part 160 and Subparts A and C of Part 164.
3. Breach Notification Rule: – requires HIPAA covered entities and their business
associates to provide notification following a breach – 45 CFR §§ 164.400-414
![Page 4: ISBA Privacy CLE “special areas”](https://reader036.vdocuments.mx/reader036/viewer/2022062900/58ece50a1a28ab4e7e8b4651/html5/thumbnails/4.jpg)
HIPPA: Risk Areas
Where It Arises(Need a Business Associate Agreement)
1. IT2. Lawyer3. Accountant4. PR5. Auditor6. Marketing/Social Media7. Photocopier/Fax Repair
person
![Page 5: ISBA Privacy CLE “special areas”](https://reader036.vdocuments.mx/reader036/viewer/2022062900/58ece50a1a28ab4e7e8b4651/html5/thumbnails/5.jpg)
HIPPA: Common Vulnerabilities
– Paper files – Flash drives– Laptops– Social media– HER– Safeguards not in place
(white boards, conversation where others can hear)
– Who owns devices? – Encrypted information– Remote wipe of devices– Training
![Page 6: ISBA Privacy CLE “special areas”](https://reader036.vdocuments.mx/reader036/viewer/2022062900/58ece50a1a28ab4e7e8b4651/html5/thumbnails/6.jpg)
COPPA Pt. 1
What it Is:– Enacted October 1998 - Applies to web sites
that target /collecting information from a child
What it Requires:– Privacy Policy that 1) explains what info is
collected, 2) by whom, 3) the intended use, 4) 3d parties who might access, and 5) how to access or delete
– VERIFIABLE PARENTAL CONSENT before collecting info, and delete all info previously collected
– Initial "opt-in" with a continuing "opt-out”– Sites prohibited from extracting extras information
from children as a prerequisite for participation – Requires “reasonable procedures” to protect
confidentiality, security and integrity of information obtained
![Page 7: ISBA Privacy CLE “special areas”](https://reader036.vdocuments.mx/reader036/viewer/2022062900/58ece50a1a28ab4e7e8b4651/html5/thumbnails/7.jpg)
COPPA Pt. 2
Common Pitfalls:– FTC particularly concerned about mobile apps– Apps automatically collect & disclose broad
range of info: geolocation, phone numbers, contacts and unique device identifiers
– REPORT: Most apps failed to adequately disclose data practices on store pages and the landing page of their websites prior to download
Enforcement Highlights:– United States v. W3 Innovations, LLC - 1st COPPA
enforcement action: $50,000 and a 6 year record-keeping obligation
Practice Guidelines:– FTC did NOT approve proposed device-signed
form as a method to obtain verifiable parental consent, consisting of a multi-step method requiring entry of a code sent by text message to a mobile device
![Page 8: ISBA Privacy CLE “special areas”](https://reader036.vdocuments.mx/reader036/viewer/2022062900/58ece50a1a28ab4e7e8b4651/html5/thumbnails/8.jpg)
State Legislative Response
California: “Do not Track”" law effective January 1, 2014
• Who: Any operator of a website, online service, or mobile app
• How: If personally-identifiable info about CA residents is collected
• What: Must include do-not-track disclosures in its privacy policy
• Implications: Applies to ANY online business
![Page 9: ISBA Privacy CLE “special areas”](https://reader036.vdocuments.mx/reader036/viewer/2022062900/58ece50a1a28ab4e7e8b4651/html5/thumbnails/9.jpg)
State Legislative Response
California: S.B. 568 enacts two new statutes under the title “Privacy Rights for California Minors in the Digital World.”
• Business & Professions Code section 22580, prohibits advertising certain products to minors online
• Business & Professional Code section 22581, requires business to provide an online “eraser button” for remorseful minors
• Implications: Applies to ANY online business
![Page 10: ISBA Privacy CLE “special areas”](https://reader036.vdocuments.mx/reader036/viewer/2022062900/58ece50a1a28ab4e7e8b4651/html5/thumbnails/10.jpg)
Privacy In Pleadings
Use Of Fictitious Name Under 735 ILCS 5/2-401(e)
• Why? Anonymous Plaintiff• How? (Include reasons in the initial Pleadings)
– Under Seal? NO. After the Fact = Courts balance Free Speech & Public Right of Access Skolnick v. Altheimer & Gray 191 Ill.2d 214 (2000)
– Fictitious Name - “Upon application and for good cause shown, the parties may appear under fictitious names.” 735 ILCS 5/2-401(e)
– Party seeking to use pseudonym MUST show privacy interest that outweighs the publics interest in open judicial proceedings. Doe v. Doe 282 Ill.App.3d 1078, 1088 (1st Dist. 1996)
– Privacy interest must be exceptional (matters of a highly personal nature e.g. abortion, adoption, sexual orientation, religion, privacy of children, rape victims particularly vulnerable parties or witnesses) A.P. v. M.E.E., 345 Ill.App.3d 989, 1003 (1st Dist. 2004)
– Damage defendant's family's reputation defendant's own reputation in alleged sexually molestation of minor NOT sufficient good cause Doe 282 Ill.App.3d at 1082
![Page 11: ISBA Privacy CLE “special areas”](https://reader036.vdocuments.mx/reader036/viewer/2022062900/58ece50a1a28ab4e7e8b4651/html5/thumbnails/11.jpg)
best practices1. Review collection practices
![Page 12: ISBA Privacy CLE “special areas”](https://reader036.vdocuments.mx/reader036/viewer/2022062900/58ece50a1a28ab4e7e8b4651/html5/thumbnails/12.jpg)
best practices2. Review marketing partners
![Page 13: ISBA Privacy CLE “special areas”](https://reader036.vdocuments.mx/reader036/viewer/2022062900/58ece50a1a28ab4e7e8b4651/html5/thumbnails/13.jpg)
best practices3. Privacy Policy Tune-up | DNT, Online Eraser
![Page 14: ISBA Privacy CLE “special areas”](https://reader036.vdocuments.mx/reader036/viewer/2022062900/58ece50a1a28ab4e7e8b4651/html5/thumbnails/14.jpg)
best practices4. Put systems in place
![Page 15: ISBA Privacy CLE “special areas”](https://reader036.vdocuments.mx/reader036/viewer/2022062900/58ece50a1a28ab4e7e8b4651/html5/thumbnails/15.jpg)
best practices5. Data, Collection, Storage, Use, Sharing
![Page 16: ISBA Privacy CLE “special areas”](https://reader036.vdocuments.mx/reader036/viewer/2022062900/58ece50a1a28ab4e7e8b4651/html5/thumbnails/16.jpg)
Thank You! David M. Adler
Adler Law Group Safeguarding Ideas, Relationships & Talent®
Tel.: 866.734.2568Web: www.adler-law.comEmail: [email protected]: adlerlaw.wordpress.comTwitter: @adlerlaw