Healthcare and Privacy News

on November 26, 2025 at 9:16 am

Join the IAPP 4 Dec. for a LinkedIn Live unpacking the finer points of the EU’s digital omnibus packages. IAPP Research and Insights Director Joe Jones, Managing Director, Europe, Isabelle Roccia, CIPP/E, and AI Governance Center Managing Director Ashley Casovan discuss what the proposed changes to AI, data and cybersecurity rules could mean for governance and compliance professionals. Editor’s note: IAPP Editorial Director Jedidiah Bracy reported from Brussels on the European Commission’s omnibus packages.Full story

on November 26, 2025 at 9:04 am

JLSheridan Law Principal Jennifer Sheridan, AIGP, CIPP/E, CIPP/US, examined different ways U.S. state laws approach health care data collected by wearable devices. She notes state laws have increasingly identified such information as “sensitive” to varying degrees and requiring additional compliance efforts. “These states are moving the nation closer to HIPAA-style protections for consumers where businesses would be wise to de-identify sensitive consumer health data before sharing or selling it,” Sheridan writes.Full story

on November 26, 2025 at 9:03 am

A coalition of 36 U.S. state attorneys general, led by New York Attorney General Letitia James, sent a letter urging U.S. Congress to forego adding language for a proposed state AI law moratorium to the annual National Defense Authorization Act. The coalition argued states “are best equipped to respond to the rapidly changing technology because state governments are more agile.” James pointed to AI chatbots’ impacts to children’s mental health and deepfake-supported scams as examples of where states need the power to act. Editor’s note: IAPP News Editor Joe Duball reported on the latest proposals for preemption of state AI laws.Full story

on November 26, 2025 at 9:02 am

The U.S. House Committee on Energy and Commerce introduced its legislative package containing 19 bills aimed at enhancing children’s online safety. The package includes updated versions of the Children and Teens’ Online Privacy Protection Act and the Kids Online Safety Act. Also included are the App Store Accountability Act and bills to address issues around AI chatbot, profiling and the sale of children’s data. The Energy and Commerce Subcommittee on Commerce, Manufacturing, and Trade will hold a 2 Dec. legislative hearing to debate the bills.Full story

on November 26, 2025 at 9:00 am

The Council of the European Union reached a negotiating position for proposed child sexual abuse material regulation. Member states’ position includes required risk assessments and subsequent mitigation measures as well as the introduction of risk categories. The council also proposed companies’ CSAM scans be required instead of voluntary. Negotiations with European Parliament, which reached its CSAM position in 2023, can begin immediately.Full story

on November 26, 2025 at 8:58 am

The Guernsey Office of the Data Protection Authority released a 10-step guide for using AI when processing personal data. The steps cover actions like checking if the data you are using counts as personal, knowing your role as a processor and carrying out a data impact assessment. “The challenge for all organisations, is to harness the power of AI in their work activities, while managing any of its associated risks,” the guide states.Full story

on November 26, 2025 at 8:57 am

In an op-ed for Tech Policy Press, Georgetown Institute for Technology Law and Policy Senior Fellow Stephanie Nguyen said researchers should look at the specific data processing protections in regulations such as New York’s Algorithmic Pricing Disclosure Act to understand how these regulations could protect consumer data. Nguyen noted, while surveillance pricing laws aim to promote transparency, their “impact will be shaped in part by how researchers, investigative journalists, and other watchdogs can turn its disclosures into tools for accountability.”Full story

on November 26, 2025 at 8:49 am

A report by Palo Alto Networks found hackers are looking to access and build underground AI tools to commit sophisticated cyberattacks, CyberScoop reports. Palo Alto Networks’ Unit 42 Senior Director of Threat Intelligence Andy Piazza noted cyber criminals don’t have to be technologically savvy to commit extensive attacks using jailbroken AI tools to install malware quickly.Full story

on November 26, 2025 at 8:45 am

The U.S. Cybersecurity and Infrastructure Security Agency released guidance on best practices for mobile communications securities after identifying cyber espionage activity from Chinese government-related actors. The best practices are specifically aimed at senior government, military and political positions who might possess government information and thus be targeted more than others. The agency warned those people should “assume that all communications between mobile devices — including government and personal devices — and internet services are at risk of interception or manipulation.”Full story

on November 26, 2025 at 8:35 am

A cyberattack on SitusAMC, a technology vendor used by hundreds of banks and lenders, potentially breached consumers personal financial data, Axios reports. SitusAMC’s accounting records, legal agreements and bank customers’ information may have been accessed or stolen in the incident. FBI Director Kash Patel said the agency is investigating the incident and remains “committed to identifying those responsible and safeguarding the security of our critical infrastructure.”Full story

on November 26, 2025 at 8:23 am

U.S. Rep. Eric Swalwell, D-Calif., filed a lawsuit against Federal Housing Finance Agency Director Bill Pulte for allegedly breaching privacy regulations by accessing lawmaker mortgage information without consent, The New York Times reports. The lawsuit alleged Pulte violated protections to prevent government officials from “leveraging their access to citizens’ private information as a tool for harming their political opponents.”Full story

on November 25, 2025 at 9:53 am

Euractiv reports U.S. Secretary of Commerce Howard Lutnick reiterated the White House’s call for the EU to roll back aspects of its digital rulebook affecting U.S. companies. Lutnick made the comments during a visit with EU trade ministers and said changes to the Digital Services Act and the Digital Markets Act could net the bloc more positive trade provisions. His comments come as the legacy of the so-called “Brussels Effect” is in question after EU officials debuted its draft digital and AI simplification packages, Politico reports. Editor’s note: IAPP Editorial Director Jedidiah Bracy reported from Brussels on the European Commission’s proposed omnibus packages.Full story

on November 25, 2025 at 9:36 am

The Australian government said an institute designed to monitor, test and share information about AI technologies, harms and risks will come online in early 2026. The Australian Artificial Intelligence Safety Institute will work alongside regulators to keep them informed of technological developments, share insights and help support coordinated government action. It will partner with the National AI Centre and is part of the International Network of AI Safety Institutes.Full story

on November 25, 2025 at 9:34 am

WilmerHale Partner Kirk Nahra, CIPP/US, discussed a recent health care privacy bill introduced to U.S. Congress proposing a modernized solution to a regulatory gap in the Health Insurance Accountability and Affordability Act, which includes insufficient requirements around data collection by personal health devices. Nahra outlines the proposal and its scope, arguing the bill may ultimately create “a big set of confusing issues that may not easily make the growing mess any better — and will likely make it worse.”Full story

on November 25, 2025 at 9:20 am

The European Commission announced the reporting system for whistleblowers to alert regulators to suspected violations of the AI Act is now operational. The tool, which is available in any of the EU languages, is a way for concerned people to raise issues with an AI usage affecting fundamental rights, health or public trust. Encryption has been added to the reporting system and it has a follow-up mechanism to keep whistleblowers informed.Full story