On February 7, 2023, President Joe Biden delivered his second State of the Union address to the United States (U.S.). Biden addressed many issues facing the nation, including the privacy rights of U.S. citizens.

First, Biden affirmed the importance of protecting and safeguarding patient privacy for information obtained about them in a health care setting. The importance of this privacy right is very timely, considering that, on February 1, the Federal Trade Commission (FTC) issued its first regulatory penalty for a company’s breach of the FTC’s Health Breach Notification Rule, which “requires vendors of personal health records and related entities to notify consumers following a breach involving unsecured information.” 

Biden also asserted that the US “must finally hold social media companies accountable for the experiment they are running on our children for profit.” Biden added that bipartisan legislation should be passed governing the collection of personal data by companies, with a special emphasis on the protection of “kids and teenagers online” through a prohibition on collecting their data and utilizing targeted advertising to children.

According to Wired, President Biden’s mention of data privacy issues is a rare topic to be discussed in a State of the Union, as it was never addressed during any of former president Trump’s State of the Union and it was only addressed once by former president Obama. Biden’s mention of these issues, according to Wired, “sets a precedent that the topic should be of real concern to US presidents and the public.”

This notion is further evidenced by the fact that Biden has addressed data privacy pertaining to children in each of the State of the Unions he has delivered. In the 2022 State of the Union, he said “[i]t’s time to strengthen privacy protections; ban targeted advertising to children; demand tech companies stop collecting personal data on our children[.]”

Although Biden has been the first US president to formally address data protection, this progress has been reportedly insufficient according to some industry participants.

According to a statement by Alex Santos, CEO of the critical infrastructure protection-focused firm Fortress Information Security, Biden’s recognition of cybersecurity was “disappointing,” although Santos did acknowledge that this speech, being that it is “arguably a performance” had to hit on the issues most pressing to the public and that “maybe the public isn’t as interested in that issue as some of the headline issues.”

Mark Green, the new chairman of the House Homeland Security Committee and Republican Congressman from Tennessee, stated that the exclusion of cybersecurity as a topic during the State of the Union was a large issue as he believes cybersecurity should be treated as a priority due to the “cyberthreats from criminal actors and nation-state adversaries [being] a preeminent national security threat of our time.”

Regardless of your opinions on Biden’s State of the Union, one thing can be for sure: data privacy is at the forefront of the regulatory scheme for 2023. As such, we should all be considering the effectiveness of our data privacy policies and practices.

* * * * * * *

To read our news alerts discussing: EDPB’s review of data transfer guidelines, the EU’s ruling on DPOs and conflicts of interest, ChatGPT’s security issues, and the World Economic Forum’s bleak cybersecurity outlook,  click here.

This week’s breach report covers breaches of the following companies: Pepsi Bottling Ventures, Reddit, FanDuel, DraftKings, BetMGM, TransUnion, and Banner Health. Click here to find out more.

This week on our podcast, ADCG on Privacy & Cybersecurity, Jody Westby interviews Lauren Wallace, Chief Privacy Officer and General Counsel for RadarFirst, a leading tool for cyber incident management, as they discuss how privacy and cybersecurity incidents are converging and the difficulty large companies are having in managing the vast array of data involved in incident response, especially as it relates to U.S. and global privacy and cybersecurity compliance requirements.  They also delve into the complexity of notification requirements, involving law enforcement, consumer protection agencies, attorneys general, regulators, and victims and how incident response tools can help manage the notification process and decrease notification.

Listen here: 86 | Using Tools to Help Manage Incident Response

Episodes can be enjoyed on many platforms including Spotify and Apple Podcasts. Don’t forget to subscribe! Our most recently released episodes:

85 | How Incident Response Has Changed (with guest Violet Sullivan)

84 | Internet Archive Project Related to Russia’s War with Ukraine (with guest Mark Graham)

83 | Geofence Warrants and January 6: Constitutional and Privacy Issues (with guest Matthew Esworthy)

To browse our previously published articles and news alerts, please visit our website, and don’t forget to subscribe to receive free weekly Data and Cyber Governance news and Breach Reports directly to your email.

Previous
Previous

Gramm-Leach-Bliley Act Updates Take Effect Soon

Next
Next

News Alerts and Breach Reports for Week of February 13, 2023