Let’s catch several new sets of rules now in effect.
A new Executive Order was signed that outlines how the US will uphold its commitments under a new European Union-U.S. Data Privacy Framework that the White House announced alongside the European Commission in March. The framework strengthens existing privacy and civil liberties safeguards around U.S. intelligence collection activities, requiring such activities to be conducted “only in pursuit of defined national security objectives,” according to a White House fact sheet.
Also, in new rules, healthcare organizations must give patients unfettered access to their complete health records in digital format. The new federal rules — passed under the 21st Century Cures Act — are designed to shift the balance of power to ensure that patients can get their data and choose whom to share it with.
CISA has also ordered federal agencies to better account for the technology they use and the vulnerabilities within them. The directive will be considered a success when all federal civilian agencies have an up-to-date inventory of networked assets, a list of software vulnerabilities, data on how often an agency tracks its assets, and the ability to send all of this to CISA.
The White House is moving forward with a plan to develop a labeling system to alert consumers to the security risks associated with connected devices. “a common label for products that meet U.S. government standards and are tested by vetted and approved entities.” The effort will begin with routers and home cameras, characterized as the most prevalent and “often most at-risk” technologies.
And in a proposed rule, The Department of Labor has proposed a new regulation that would make it harder to classify gig workers as independent contractors. To determine whether a worker should be classified as an employee or independent contractor, the DOL now says it will use the “department’s approach with courts’ Fair Labor Standards Act interpretation and the economic reality test,” which considers how long an individual has worked for an agency, their role at the company, and “opportunities for profit and loss,” among other factors.
Why do we care?
Data is becoming a priority for consumers, and these changes reflect that. It’s an asset to protect, and these rules define that. I’ve noted in a recent question that data governance is a space to watch. Here’s more fodder.
Awareness of vulnerabilities was my other area of focus here. The theme – making sure the consumer of the technology, be it the government agency or the individual consumer, is aware of the risks of managing the technology. That principle should be one a provider latches onto with their customer engagement.