21st Century Cure bill changing HIPAA privacy rules passed in the House

The US bill which will "revise or clarify" the HIPAA privacy rules relating to use and disclosure of health information for research was approved in the House on 14 May. It introduces civil monetary penalties against healthcare bodies that inappropriately block information sharing and penalties for IT vendors who do not meet information exchange standards. The bill aims to speed up access to health information for research purposes but critics argue that it reduces control over patient data.

US airline United launch reward programme for experts who find security bugs

United airlines have announced this week the launch of a reward programme which will see programmers earn up to one million air miles for finding bugs in United's software. The programme comes in the wake of concerns about the security of in-flight software and United is the first airline to follow major corporations such as Microsoft and Google who already run such ethical hacking programmes.

US mobile phone cell tower privacy decision reversed

The July 2014 decision in United States v Davis granting cell phone users a reasonable expectation of privacy has been reversed this week. The 2014 decision prevented the government from collecting cell phone location data but upon revisiting the subject, the en banc court declared that data can be collected if the government can show that it is connected to an ongoing criminal investigation.

Facebook breaching EU privacy laws says Belgian Privacy Commission

Facebook has come under fire from the Belgian Privacy Commission who accused them of breaching EU data laws by conducting unauthorised tracking of users. The current data task force of Belgium, Germany (Hamburg), Spain, France and the Netherlands demonstrates an ever-growing will to pursue the Internet giant to comply with EU laws even though Facebook only accepts the jurisdiction of the Irish regulator.

UK Information Commissioner's Office fines South Wales Police

The ICO has fined South Wales Police GBP 160,000 for losing a video which was to be used as part of the evidence in a sexual abuse case. The highly sensitive footage was unencrypted and inappropriately stored prior to the loss. In addition to the fine the ICO has also asked the force to sign an undertaking to remedy their policies in response to the "extremely serious" breach as despite warnings, they failed to address the issue of storage.

Peru publishes new Data Protection Law

The new Regulation of the Law on Personal Data Protection has been published in Peru and introduces new requirements for data controllers.  The new law is based on Spain's data protection laws and requires data controllers to register with the Peruvian Data Protection Authority, provide details of the classes of data to be processed and submit its policies and procedures for information security.  The Regulation also implements a new enforcement regime of which details are yet to be released.

Japanese Parliament considering privacy law change

Parliament are currently considering proposals to change two laws to allow corporates to use private information to improve tax collection.  Amongst the proposals are access by the government to citizens' bank account data through a system of voluntary submission.  The changes are part of a law reform aimed at promoting the use of 'Big Data' whilst trying to clamp down on unauthorised or illegal data use.