The FTC and the New Common Law of Privacy

Solove, Daniel J.; Hartzog, Woodrow

doi:10.2139/ssrn.2312913

Cited by 68 publications

(59 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…15 As a result, patients using apps and other telehealth devices must largely rely on company policies regarding uses of data, typically found in a company's privacy policy or the license agreement. These policies are frequently offered to users unilaterally: Accept the terms or don't use the product.…”

Section: Other Federal Protectionsmentioning

confidence: 99%

See 1 more Smart Citation

For Telehealth To Succeed, Privacy And Security Risks Must Be Identified And Addressed

Hall¹,

2014

View full text Add to dashboard Cite

The success of telehealth could be undermined if serious privacy and security risks are not addressed. For example, sensors that are located in a patient's home or that interface with the patient's body to detect safety issues or medical emergencies may inadvertently transmit sensitive information about household activities. Similarly, routine data transmissions from an app or medical device, such as an insulin pump, may be shared with third-party advertisers. Without adequate security and privacy protections for underlying telehealth data and systems, providers and patients will lack trust in the use of telehealth solutions. Although some federal and state guidelines for telehealth security and privacy have been established, many gaps remain. No federal agency currently has authority to enact privacy and security requirements to cover the telehealth ecosystem. This article examines privacy risks and security threats to telehealth applications and summarizes the extent to which technical controls and federal law adequately address these risks. We argue for a comprehensive federal regulatory framework for telehealth, developed and enforced by a single federal entity, the Federal Trade Commission, to bolster trust and fully realize the benefits of telehealth.T elehealth involves the use of telecommunication technologies to prevent and treat illness and promote the health of individuals and populations. Although telehealth has particular benefits for rural and underserved populations, it is increasingly recognized for its potential to control costs while providing real-time tools to promote wellness, prevent disease, and enable the home management of chronic conditions.Telehealth frequently involves bidirectional, digital collection and communication of sensitive health information among health care providers and patients. For a medical device to qualify as a telehealth device, there must be communication of health information from the device over a network. For example, a glucose monitor becomes a telehealth device when it sends readings to a provider or a provider's information system over an information network. Similarly, some generic communications technologies-such as videoconferencing-are frequently used to communicate health care information and thus become telehealth tools in those settings. Telehealth devices include mobile software applications (apps) in addition to hardware. This article focuses on network-enabled telehealth devices where a device collects information from the patient (for example, measuring a function of the body or scanning the environment for safety risks) and then transmits data to a health care provider.To realize telehealth's full potential, however, patients and providers must trust telehealth systems to keep personal information private and secure. We identify privacy and security risks of telehealth systems, summarize the extent to

show abstract

Section: Other Federal Protectionsmentioning

confidence: 99%

“…15 Because the FTC does not set detailed requirements for either data privacy or security, protections for telehealth technologies not covered by HIPAA are largely dependent on the technology vendor's discretion.…”

Section: Other Federal Protectionsmentioning

confidence: 99%

For Telehealth To Succeed, Privacy And Security Risks Must Be Identified And Addressed

Hall¹,

2014

View full text Add to dashboard Cite

show abstract

“…More recent breaches such as Target's loss of millions of consumer credit cards have also resulted in FTC investigations and lawsuits for companies responsible for data [47]. However, the effectiveness of these lawsuits has been questioned [51], and more robust laws have been suggested [52].…”

Section: Software Industrymentioning

confidence: 99%

Panel Summary

Edwards

Locasto

Epstein

2014

Proceedings of the 2014 New Security Paradigms Workshop

View full text Add to dashboard Cite

A panel at the New Security Paradigms Workshop (2014) discussed the topic of regulation and licensing of software developers and information security professionals. This included topics of the current state of certification, future possibilities, and challenges associated with new forms of regulation. This paper presents a brief background on the subject, three opinions presented by the panelists, and finally a summary of the discussion which occurred at the workshop, including input from both the panelists and the workshop attendees.

show abstract

“…The news about data leakages and their potential effects frequently appear in media, informing the audience about the potential privacy risks. Since privacy violations are in the center of interest, governments and policymakers introduced legal guidelines and regulations aiming to protect personal data, such as the General Data Protection Regulation (GDPR) in Europe [42] or FTC requirements in USA [49]. Simultaneously, the academic research resulted in multiple studies about online privacy, demonstrating that people are concerned about their data, nevertheless, they trade them for potential benefits arising from applications [4,55,16].…”

Section: Introductionmentioning

confidence: 99%

Is It Harmful? Re-examining Privacy Concerns

Kitkowska

Wästlund

Meyer

et al. 2018

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

Abstract. The increased popularity of interconnected devices, which we rely on when performing day-to-day activities expose people to various privacy harms. This paper presents findings from the empirical investigation of privacy concerns. The study revealed that people, regardless of their diversity, perceive privacy harms as generic and simplified models, not individually as suggested in Solove's framework. Additionally, the results identified differences in privacy concerns related to information disclosure, protection behavior, and demographics. The findings may benefit privacy and system designers, ensuring that policies and digital systems match people's privacy expectations, decreasing risks and harms.

show abstract

The FTC and the New Common Law of Privacy

Cited by 68 publications

References 19 publications

For Telehealth To Succeed, Privacy And Security Risks Must Be Identified And Addressed

For Telehealth To Succeed, Privacy And Security Risks Must Be Identified And Addressed

Panel Summary

Is It Harmful? Re-examining Privacy Concerns

Contact Info

Product

Resources

About