The NY Supreme Court rules that HIPAA does not apply to organ donor records

The Supreme Court of the State of New York, United States of America has decided that Health Insurance Portability and Accountability Act (HIPAA) regulations of 1996 do not apply to patient records from the New York Organ Donor Network.  The case originated from the claim of a former Network official that four patients had not been declared legally dead before their organs were harvested.  The plaintiff further argued that he had been illegally fired because he reported the events.  The NY Supreme Court ruled that the Network is not covered by HIPAA and that has to release the files related to the four patients.  The Court motivated that the defendant “failed to identify a federal regulation or case law that would prevent this Court from requiring disclosure”.

The decision is available here

Article 29 Working Party issues Guidelines on data portability, DPOs, and LSAs

Article 29 Working Party has issued the final version of its Guidelines on the right of data portability, the Data Protection Officers (DPOs), and for identifying a controller or processor’s lead supervisory authority (LSAs).

Guidelines on the right to data portability are accessible here

The Guidelines on DPOs are accessible here

The Guidelines or identifying a controller or processor’s lead supervisory authority are accessible here

Working Party 29 revises the guidelines on Data Protection Officers

The EU Working Party 29 has revised the Guidelines already adopted on 16 December 2016, on the Data Protection Officers (DPOs).

The guidelines are available here

Working Party 29 adopts the Guidelines on DPIA

The EU Working Party 29 has adopted today the Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679.

The guidelines are available here

Article 29 Working Party adopts an Opinion on the proposed ePrivacy Regulation

Article 29 Working Party, which is the EU Working Party that gathers the European Data Protection Supervisor and representatives of the EU Commission and the Member States’ privacy supervisory authorities, has adopted an Opinion on the ePrivacy Regulation proposed by the EU Commission.  The draft Regulation, which will be directly applicable in all Members States if adopted, aims at replacing the ePrivacy Directive 2002/58/EC.  Article 29 Working Party welcomes the draft Regulation, while is proposes some improvements to render it more consistent with the EU GDPR and rises some points of concern that should be addressed during the legislative process.

The ePrivacy Directive is accessible here

The Article 29 Working Party Opinion is accessible here

The EU Commission Proposal for a Regulation on Privacy and Electronic Communications is accessible here