It has been reported that Google will give EU businesses the opportunity to store personal data exclusively on servers in the EU. This appears to have been prompted by compliance difficulties with the current EU data protection Directive when cloud computing service providers store personal data on servers or in data centres based outside the EU. Such compliance difficulties encountered by cloud clients were highlighted by Peter Hustinx, the European Data Protection Supervisor (EDPS), in his opinion issued on November 16, 2012 (http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2012/12-11-16_Cloud_Computing_EN.pdf).
December 2012
Learning from the Past: The FTC Bans Undisclosed History Sniffing
It has been said that we must learn from the past to profit by the present. Taking this literally in this digital age of ours, one online advertising company has found this maxim to have some serious privacy implications as evidenced by the FTC order last week banning undisclosed history sniffing practices.
OCR Issues Guidance On HIPAA Privacy Rule’s De-Identification Standard
On November 26, 2012, the Department of Health and Human Services Office for Civil Rights (“OCR”) published a thirty-two page document titled “Guidance Regarding Methods for De-identification of Protected Health Information in Accordance with Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule” (“De-Identification Guidance”). OCR described the guidance document as a culmination of two years of work by “stakeholders with practical, technical and policy experience in de-identification.” OCR also acknowledged that the guidance implements many of the issues and topics that were raised during an OCR workshop held in Washington, DC on March 8-9, 2010.