The recently declassified ruling by FISA Court James Boasberg about NSA and FBI violations of privacy in collecting personal data from tech and telcos,
Full text here:
In July 2020, the CNIL (DPA for France) published guidelines on data retention (Guide pratique – Les durées de conservation). https://www.cnil.fr/sites/default/files/atoms/files/guide_durees_de_conservation.pdf
These reflect early CNIL recommendations from 11-Oct-2005 on the archiving of personal data.
They aim to provide practical help to define the data retention rules and periods.
Similar to DIN-66398 (German industry standard on data retention/deletion) they don’t include guidance on specific data categories. https://din-66398.de/
However, CNIL does define data retention periods in separate dcouments (“Référentiel”). Up to now, two such Référentiels have been published for the health sector:
The EDPB just published the long-awaited successor of WP 169 of 2010:
Guidelines 07/2020 on the concepts of controller and processor in the GDPR
OCR launched a new feature on HHS.gov, titled Health Apps. This new webpage takes the place of OCR’s previous Health App Developer Portal, and is available at https://www.hhs.gov/hipaa/for-professionals/special-topics/health-apps/index.html.
The new webpage highlights OCR’s guidance on when and how the Health Insurance Portability and Accountability Act (HIPAA) regulations apply to mobile health applications, including: