PrivacySignal
← Front page

Search & browse the archive

The full corpus — beyond today's front page.

Reset

764 results · page 26 of 32

Breach
IAPP · · International

Why data mining is functionally required after a HIPAA breach

Following a HIPAA breach, covered entities are effectively compelled to conduct extensive data mining to identify which records were exposed, assess the scope of harm, and meet regulatory notification obligations — making deep internal data analysis a practical necessity rather than an optional step.

Why this matters: The requirement to mine patient data post-breach, while protective in intent, means sensitive health information is subjected to broad internal scrutiny. How organizations scope, log, and retain that analysis introduces secondary privacy risks that HIPAA's breach framework does not fully address.

Who should care: Cybersecurity · Privacy officers · Administrators · Healthcare professionals · Compliance

#breach#healthcare Read original →
AI Governance
H Healthcare Dive · · International

CHAI releases AI governance guidance for health systems

The Coalition for Health AI (CHAI) has published new governance guidance aimed at helping health systems manage artificial intelligence responsibly, addressing oversight frameworks for AI deployment in clinical and administrative settings.

Why this matters: Health AI systems handle exceptionally sensitive personal data; governance standards that lack strong patient transparency and consent provisions could normalize broad data use with limited individual recourse or awareness.

Who should care: AI governance · Lawyers · Administrators · Compliance · General readers · Policy

#ai-governance#regulation#ai Read original →
Enforcement
CNIL · · EU / France

Health data: fine of 5 million euros against IQVIA

France's data protection authority CNIL has imposed a €5 million fine on IQVIA, a healthcare data and analytics company, for violations related to the handling of health data.

Why this matters: Health data ranks among the most sensitive personal information, and this enforcement action signals that regulators are willing to impose meaningful financial penalties on commercial data brokers who profit from processing it without adequate legal safeguards.

Who should care: Lawyers · Privacy officers · Compliance · Healthcare professionals

#enforcement#healthcare Read original →
News
The Guardian — Tech · · International

AI ‘art’ is boring, soulless theft – and when I see it as an artist I see red | Jess Harwood

I draw the old way – with my hand. Doing it with AI would not make me more creative, it would drain the colour out of my existence Last week I went to a gig by myself for the first time. I sat myself down in my single seat, possibly the youngest person in the room and one of thousands excited to see Split Enz. I loved it – I felt joy and heartache as the lyrics spoke of human experiences, really lived. I happily realised that I did not have to wonder whether Split Enz had used AI in their work (as I so often do nowadays) as these bangers were created long before it was even dreamed of. As a v…

Who should care: General readers · AI governance · Policy

#ai Read original →
Healthcare
The Markup · · International

The form asked my permission to share my health data. Then it wouldn’t let me say no.

Patients at healthcare providers are encountering consent forms that nominally offer the right to opt out of data sharing with large health networks, but interface design prevents them from actually exercising that choice, effectively coercing consent.

Why this matters: When opt-out rights exist on paper but are deliberately obstructed in practice, informed consent becomes fiction — leaving patients' sensitive medical data flowing to third parties without meaningful control, and eroding a foundational protection in health privacy law.

Who should care: Healthcare professionals · Privacy officers · Compliance · General readers · Policy

#healthcare#privacy Read original →
AI Governance
IAPP · · International

When the framework doesn't fit: AI governance for the rest of the world

A piece published via the IAPP examines how dominant AI governance frameworks may be poorly suited to countries outside the Western regulatory sphere, raising questions about whether those models adequately address the diverse legal, cultural, and institutional contexts found elsewhere in the world.

Why this matters: Governance frameworks that don't translate across contexts can leave individuals in non-Western countries with weaker protections against algorithmic harm, surveillance, and data misuse — effectively creating a two-tier system of rights depending on where a person lives.

Who should care: AI governance · Lawyers · Administrators · General readers · Policy

#ai-governance#ai Read original →
News
Data Protection Commission · · EU / Ireland

Domestic CCTV

Domestic CCTV  Data Protection Commission

Who should care: General readers · Privacy officers · Policy

#privacy Read original →
← Prev Page 26 of 32 Next →