April 21 - Las Vevas, NV - Harley Geiger will be giving a presentation on de-identification of health data at Centricity Healthcare User Group Spring Conference
This week, we summarize CDT's seven-point plan for fixing the pending cybersecurity bills, we outline what Congress should do on the nascent issue of "drone privacy," and we note recent steps taken by HHS, following CDT's recommendations, to protect the sensitive personal information that will be collected by health insurance exchanges.
A Seven Point Plan for Cybersecurity
Cybersecurity is clearly a priority national problem, and one of the key issues is information sharing. There is widespread support for ensuring that private sector network operators have the benefit of the government's special insights and that those private sector operators can share information with each other to protect their networks and their customers. However, several bills now before the House and Senate have a third element that risks a major loss of civil liberties: they allow far too much information to flow to the government. CDT is drawing attention to the over-broad language in the pending bills and offering concrete suggestions for improvement.
Things are moving quickly. The House leadership is planning "Cybersecurity Week" starting April 23, during which they expect to consider multiple bills. The Senate will follow. CDT has issued a side-by-side analysis of the four major bills (two in the House, two in the Senate). Also, we have drawn up a seven-point plan for preserving Internet privacy and freedom while improving cybersecurity. One of the most important points: don't turn cybersecurity into a backdoor wiretap program by allowing large amounts of data to flow to the government. In addition, it should be specified that information that flows to the government under cybersecurity exceptions should be used only for cybersecurity purposes. Several bills ignore these principles; we're urging Congress to narrow and refocus the information sharing language to empower the private sector to protect its own systems.
How To Write a Drone Privacy Law
Drones are coming to the U.S. Earlier this year, Congress required the Federal Aviation Administration (FAA) to expedite the adoption of rules for licensing drones for domestic use by government agencies and private parties. However, the law failed to include any privacy protections or transparency requirements in its drone usage rules. CDT is urging Congress to amend the new law to require the FAA to be transparent about its licenses for domestic drones and to require drone operators to adhere to basic privacy principles.
Building Privacy into Health Insurance Exchanges
The health care reform law calls for the creation of "health insurance exchanges," which will publish comparative information about health insurance and help individuals enroll in a suitable plan. These exchanges will collect, at a minimum, basic demographic information about individuals, financial information, immigration status, and Social Security Numbers. For consumers to have sufficient trust in the exchanges to take advantage of their benefits, there need to be adequate privacy rules and security safeguards. In recent developments, HHS finalized basic requirements for these exchanges, tracking closely with CDT's privacy recommendations, and CDT issued a paper laying out a privacy framework for the health insurance exchange being created in California.
Click to view this email in a browser
If you no longer wish to receive these emails, please reply to this message with "Unsubscribe" in the subject line or simply click on the following link: Unsubscribe
Center for Democracy & Technology
1634 I St.
Washington, District of Columbia 20006
Read the VerticalResponse marketing policy.