News – Page 42 – Privacy Design®

September 8, 2020

Declassified FISA court ruling on NSA and FBI personal data collection

The recently declassified ruling by FISA Court James Boasberg about NSA and FBI violations of privacy in collecting personal data from tech and telcos,

Full text here:
https://www.intelligence.gov/assets/documents/702%20Documents/declassified/2019_702_Cert_FISC_Opinion_06Dec19_OCR.pdf

September 8, 2020September 8, 2020

CNIL guidance on data deletion and retention

In July 2020, the CNIL (DPA for France) published guidelines on data retention (Guide pratique – Les durées de conservation). https://www.cnil.fr/sites/default/files/atoms/files/guide_durees_de_conservation.pdf

These reflect early CNIL recommendations from 11-Oct-2005 on the archiving of personal data.
They aim to provide practical help to define the data retention rules and periods.
Similar to DIN-66398 (German industry standard on data retention/deletion) they don’t include guidance on specific data categories. https://din-66398.de/

However, CNIL does define data retention periods in separate dcouments (“Référentiel”). Up to now, two such Référentiels have been published for the health sector:

Recherches dans le domaine de la santé – https://www.cnil.fr/sites/default/files/atoms/files/referentiel_-_recherches_dans_le_domaine_de_la_sante.pdf
Traitements dans le domaine de la santé (hors recherches) – https://www.cnil.fr/sites/default/files/atoms/files/referentiel_-_traitements_dans_le_domaine_de_la_sante_hors_recherches.pdf

September 3, 2020September 3, 2020

New Health Apps Section on HHS.gov/HIPAA

OCR launched a new feature on HHS.gov, titled Health Apps. This new webpage takes the place of OCR’s previous Health App Developer Portal, and is available at https://www.hhs.gov/hipaa/for-professionals/special-topics/health-apps/index.html.

The new webpage highlights OCR’s guidance on when and how the Health Insurance Portability and Accountability Act (HIPAA) regulations apply to mobile health applications, including: