Apple app store – Privacy Question requirements

From https://developer.apple.com/news/?id=em8fm29e:

“The App Store will soon help users understand an app’s privacy practices before they download the app on any Apple platform. On each app’s product page, users can learn about some of the data types the app may collect, and whether that data is linked to them or used to track them. If you haven’t already, enter your app’s privacy information in App Store Connect.”

Bologna: Deliveroo ruling – AI unfair rating on riders

Court of Bologna section work RG 2949/2019, ord. 12.31.2020, actors FILCAMS CGIL BOLOGNA-NIDIL CGIL BOLOGNA-FILT CGIL BOLOGNA.
https://i2.res.24o.it/pdf2010/Editrice/ILSOLE24ORE/QUOTIDIANI_VERTICALI/Online/_Oggetti_Embedded/Documenti/2021/01/05/bologna.pdf

Articles:

GDPR – Codes of Conduct

(from a post by Luis Montezuma)

Advertising

  • Spanish DPA: https://edpb.europa.eu/sites/edpb/files/conduct/resolucion-aprobacion-cc.0004.2018-autocontrol_en.pdf
  • Austrian DPA: https://lnkd.in/eJaDmcB

Digital (IT organizations)

  • Dutch DPA: https://edpb.europa.eu/sites/edpb/files/conduct/besluit_gedragscode_data_pro_code.pdf

Education

  • Austrian DPA: https://lnkd.in/eBgmP5x

Internet service providers

  • Austrian DPA: https://lnkd.in/ecTyuP4

Credit agencies reporting

  • Italian DPA: https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/9119868

Smart meters

  • Austrian DPA: https://lnkd.in/e4pkZSJ

NIST SP 1800-1 Securing Electronic Health Records on Mobile Devices

https://csrc.nist.gov/publications/detail/sp/1800-1/final

Abstract

Healthcare providers increasingly use mobile devices to receive, store, process, and transmit patient clinical information. According to our own risk analysis, discussed here, and in the experience of many healthcare providers, mobile devices can introduce vulnerabilities in a healthcare organization’s networks. At the 2012 HHS Mobile Devices Roundtable, participants stressed that many providers are using mobile devices for healthcare delivery before they have implemented safeguards for privacy and security. This NIST Cybersecurity Practice Guide provides a modular, open, end-to-end reference design that can be tailored and implemented by healthcare organizations of varying sizes and information technology (IT) sophistication. Specifically, the guide shows how healthcare providers, using open-source and commercially available tools and technologies that are consistent with cybersecurity standards, can more securely share patient information among caregivers who are using mobile devices. The scenario considered is that of a hypothetical primary care physician using her mobile device to perform recurring activities such as sending a referral (e.g., clinical information) to another physician, or sending an electronic prescription to a pharmacy. While the design was demonstrated with a certain suite of products, the guide does not endorse these products in particular. Instead, it presents the characteristics and capabilities that an organization’s security experts can use to identify similar standards-based products that can be integrated quickly and cost-effectively with a healthcare provider’s existing tools and infrastructure.

NIST Cybersecurity Practice Guide, NIST SP 1800-24: Securing Picture Archiving and Communication System (PACS): Cybersecurity for the Healthcare Sector.

NIST Cybersecurity Practice Guide, NIST SP 1800-24, is now available: Securing Picture Archiving and Communication System (PACS): Cybersecurity for the Healthcare Sector.

https://csrc.nist.gov/publications/detail/sp/1800-24/final

Abstract

Medical imaging plays an important role in diagnosing and treating patients. The system that manages medical images is known as the picture archiving communication system (PACS) and is nearly ubiquitous in healthcare environments. PACS is defined by the Food and Drug Administration (FDA) as a Class II device that “provides one or more capabilities relating to the acceptance, transfer, display, storage, and digital processing of medical images.” PACS centralizes functions surrounding medical imaging workflows and serves as an authoritative repository of medical image information.

PACS fits within a highly complex healthcare delivery organization (HDO) environment that involves interfacing with a range of interconnected systems. PACS may connect with clinical information systems and medical devices and engage with HDO-internal and affiliated health professionals. Complexity may introduce or expose opportunities that allow malicious actors to compromise the confidentiality, integrity, and availability of a PACS ecosystem.

The NCCoE at NIST analyzed risk factors regarding a PACS ecosystem by using a risk assessment based on the NIST Risk Management Framework. The NCCoE also leveraged the NIST Cybersecurity Framework and other relevant standards to identify measures to safeguard the ecosystem. The NCCoE developed an example implementation that demonstrates how HDOs can use standards-based, commercially available cybersecurity technologies to better protect a PACS ecosystem. This practice guide helps HDOs implement current cybersecurity standards and best practices to reduce their cybersecurity risk and protect patient privacy while maintaining the performance and usability of PACS.