HHS Proposes Updates to HIPAA Security Rule

On December 30, 2024, the U.S. Department of Health and Human Services (HHS) proposed revisions to the HIPAA Security Rule, open for public comment until March 2025. The proposed changes aim to modernize outdated measures, including mandating encryption, malware protection, password management, and multifactor authentication. The proposal eliminates the "addressable" security measure concept, requiring more precise compliance. New provisions include network mapping, vulnerability management, and patch management. HHS emphasizes the need for these updates due to increased cyber threats and the reliance on networked health systems, citing significant rises in healthcare data breaches and ransomware attacks. Read more

Vehicle Data Sparks Privacy Concerns After Las Vegas Explosion

A Cybertruck explosion in Las Vegas on January 1, 2025, has raised questions about privacy in vehicle telematics. Tesla records and charging station data helped authorities trace the truck's movements from Denver to Las Vegas, where the explosion injured seven people. The vehicle, rented via Turo, was loaded with fuel, fireworks, and firearms, and the driver died by suicide before the blast. Tesla's CEO stated the explosion was unrelated to the vehicle. Experts highlight privacy concerns as modern vehicles collect and store vast amounts of data, often shared with third parties or used without clear consumer understanding or consent. Read more

States Enact Laws to Protect Health Data from Geofencing

In response to concerns about geofencing and health data privacy, several states have enacted laws to restrict the use of geofencing near medical facilities. These laws, such as Washington's My Health My Data Act and Nevada's amendments to deceptive practices statutes, prohibit tracking, collecting, or using consumer health data without consent. Geofencing allows precise location tracking via GPS or networks, raising privacy concerns for reproductive and health services. States like New York, California, and Connecticut have expanded protections, while legal conflicts between states and federal authorities over health data privacy remain likely. Read more

Key U.S. Laws Taking Effect in 2025

New laws for 2025 focus on firearms, tech, data privacy, labor, and wages. California expands firearm restrictions, including limits on purchases and restraining orders, while Minnesota bans binary triggers. Florida and Tennessee impose stricter regulations on children's social media use. States like Iowa, Nebraska, and New Hampshire enact consumer data privacy laws, enhancing transparency and accountability. Kentucky legalizes medical marijuana, joining 47 other states. Labor laws in California, Illinois, and Minnesota mandate pay transparency, while Delaware and Maine introduce paid leave requirements. Minimum wage increases take effect in California, Colorado, and other states. Read more

Telegram Transparency Shifts Post-CEO Arrest

Following Telegram CEO Pavel Durov's arrest, the platform updated its privacy policy, agreeing to share user IP addresses and phone numbers with legal authorities. Compliance surged from October 2024, with Telegram fulfilling 900 US data requests affecting 2,253 users by year's end, compared to 14 requests impacting 108 users in the first nine months. The arrest aimed to increase transparency in Telegram's operations. While this change underscores adherence to legal demands, it raises concerns for privacy-conscious users. Those prioritizing complete privacy may consider alternative platforms, as Telegram's encryption and privacy measures remain under scrutiny. Read more