Welcome to the Q1 issue of the Health Advisory Council Newsletter. This quarter, NCL and Council Members have been active on many fronts. Please read on for NCL policy updates, a new Q&A with the Alliance for Aging Research, Member updates, and more.

Thank you for renewing your membership! 
Thank you for renewing your Health Advisory Council membership for 2017. We appreciate your support and look forward to continuing to work with you to improve the health of consumers and workers. 

 Save the date! NCL’s 2017 Health Advisory Council Spring Membership Meeting  

We hope you will join us on June 6 from 12:00 PM – 2:30 PM for NCL’s Health Advisory Council Spring Membership Meeting in Washington, DC. Stay tuned for additional details!

 NCL health policy at work 

Defending the ACA and Medicaid. As part of the Protect Our Care coalition, NCL has been actively engaged in the nationwide effort to protect the Affordable Care Act and Medicaid. Through press releases, letters, and social media, NCL joined with its colleagues in the consumer, patient, and public health communities in urging Congress to reject the House GOP’s health plan, which would result in millions of Americans losing coverage and paying more for less. In January, NCL also joined the effort to encourage consumers to enroll in the 2017 Health Insurance Exchanges prior to the January 31 deadline.

Click here for more NCL health policy updates. 

 Member spotlight

Get to know Alliance for Aging Research with a new Q&A.

NCL staffing news

Welcome NCL’s new Senior Director of Development Lee Granados. NCL is pleased to announce that Lee Granados has joined NCL as its Senior Director of Development, replacing Amy Sonderman, who has taken a position at USP. Lee started her career as an elementary school teacher after receiving a BA in Education from the University of Dayton. After nine years, she left the classroom to consult nationally on bilingual education, cultural competency, and linguistics. Simultaneously she found herself managing small and large events in Washington, DC and serving on nonprofit boards with a focus on DC residents, community, and education.

Lee said: “I am thrilled to join NCL and its team of committed advocates and policy experts who work on behalf of keeping America’s families safe and healthy. As we move into the next 100 years of NCL’s work in health policy, I look forward to working with Sally, Karin, Janay, and the Members of the Health Advisory Council.”  

 Updates on Member programs

American Society of Health-System Pharmacists (ASHP)

Pharmacy and Medically Underserved Areas Enhancement Act Reintroduced: Legislation that enjoyed strong bipartisan support last Congress has been reintroduced early in the 115^th. H.R. 592/S.109 would enable pharmacists to provide care for Medicare beneficiaries in medically underserved areas. H.R. 592, sponsored by Representatives Brett Guthrie (R-KY) and G.K. Butterfield (D-NC), was introduced on January 20 with over 100 cosponsors. S. 109, sponsored by Senator Charles Grassley (R-Iowa) and Bob Casey (D-PA), was introduced on January 12 with over 20 cosponsors. This legislation would significantly increase access to basic care services in medically underserved areas, medically underserved populations, and health professional shortage areas. Developed by the Patient Access to Pharmacists’ Care Coalition (PAPCC), the bills are once again gaining strong bipartisan support in both Houses of Congress. Congress is expected to consider Medicare-related legislation later this year and PAPCC is working to include the legislation in any future Medicare legislative package. The PAPCC (http://pharmacistscare.org/) is a multi-stakeholder and interdisciplinary initiative. Membership is comprised of organizations representing patients, pharmacists, and pharmacies, as well as other interested stakeholders, including NCL. 

Association for Accessible Medicines

The Association for Accessible Medicines (AAM), formerly the Generic Pharmaceutical Association, unveiled a new identity in February during the annual meeting, ACCESS! 2017, as part of a major campaign to better communicate its mission and improve recognition that generics and biosimilars lower health costs for millions of people. The campaign, “Keeping Medicines in Reach,” shares the story of patients whose health and lives are improved by access to generic medicines. The first patient stories have been featured in broadcast, cable and digital advertising, and are available on the association’s new website, www.accessiblemeds.org, as well as through Twitter and Facebook. 

Over 700 participants attended ACCESS! 2017—including for the first time, patient advocacy groups, who gathered with generic and biosimilar executives and industry professionals to listen to industry thought leaders and to discuss the opportunities and challenges for the pharmaceutical industry in 2017. Ignited by a premier line-up of dynamic speakers, including The Honorable Bobby Jindal and the Center for American Progress’s Neera Tanden on “The Most Uncertain Political Environment Ever,” attendees engaged in two days of deep and thoughtful conversation, reflecting on how the industry could work together to raise its collective voice. AAM also celebrated those within our industry and those outside whose contributions improve access to medicines, including recognizing NCL and its Executive Director Sally Greenberg with a Champions of Access award.

Additionally, the Biosimilars Council, a division of AAM, partnered with The Atlantic for the second in a series of biosimilar breakfast briefings as part of The Atlantic’s Politics & Policy series. The event, The Next Drugs: The Future for Biosimilars, delved into the FDA’s recent naming and interchangeability guidances and how the new administration’s priorities will impact biosimilars.  The briefing featured opening remarks from the Biosimilars Council followed by two moderated discussions featuring Rep. Mike Burgess (R-TX); Jim Van Lieshout, Vice President Market Access and Pharmacy Strategy, Apobiologix; Len Lichtenfeld, MD, Deputy Chief Medical Officer, American Cancer Society; and David Fox, Partner, Hogan Lovells. You can view the full briefing here.

Consumer Healthcare Products Association

Know Your Dose: Acetaminophen safety: Consumers’ knowledge of acetaminophen safe use is at an all-time high, according to a new nationwide survey conducted by the Consumer Healthcare Products Association (CHPA) Educational Foundation. The survey shows a positive trend over the past six years: more people than ever are aware of how to use products containing acetaminophen safely and effectively, while avoiding the risks of accidental overdose and liver damage.

Findings include:

• More consumers agree it is “important not to exceed the dosing directions on the label” of pain relievers (increased to 96 percent in 2016 from 90 percent in 2010).
• More consumers understand that “exceeding the recommended daily dose of acetaminophen may lead to liver damage” (increased to 90 percent in 2016 from 78 percent in 2010). 

More information on the study and its findings can be found here. 

Up and Away: Poison Prevention Week: March 19-25, 2017 marked a successful National Poison Prevention Week. As part of its efforts to reach more consumers with its message of the importance of storing medicines up and away and out of sight and reach of young children, the CHPA Educational Foundation developed a toolkit that it distributed via its partners and digital channels. Health Advisory Council members can follow the discussion and help share this message on social media using the hashtags #MedsUpAway and #NPPW.

Council for Affordable Health Coverage

Prescriptions for Value Campaign: The Council for Affordable Health Coverage is launching a new multi-stakeholder advocacy campaign – called Prescriptions for Value – to raise awareness of the growing challenges posed by rising costs, and to help drive common sense solutions that promote lower costs through incentives, competition and innovation. By bringing together leading payer, manufacturer, patient, consumer and health care industry leaders, Prescriptions for Value is committed to advancing near-term solutions that can improve the lives of all patients across the country. We support changes to current law and regulations that:

• Encourage value-based arrangements where payers and manufacturers link payment for a medicine to medical outcomes;
• Reduce regulatory barriers and create incentives to speed biopharmaceutical development and approval in ways that create competition and lower costs across products;
• Provide consumers with actionable information and tools to help them make informed choices; and
• Expand value-based insurance arrangements that promote plan flexibility.

We urge all stakeholders interested in finding and delivering solutions to these pressing issues to join our effort. Contact Joel White (joel.white@cahc.net) or Sloane Salzburg (sloane.salzburg@cahc.net) at CAHC to discuss the campaign further. 

Eli Lilly and Company

John Lechleiter, CEO (emeritus) of Eli Lilly and Company, wrote a series for Forbes last year on the need for a more constructive and inclusive approach to the challenge of affording high-quality medicines. In a column last summer, Lechleiter argued for an agenda focused on reducing out-of-pocket costs to patients, elevating value as the preeminent criteria in pricing medicines, and increasing competition among pharmaceutical suppliers. Lechleiter’s Oct. 2016 piece further explores cutting out-of-pocket costs in “Ways To More Affordable Medicines: Cutting Out-of-Pocket Costs.” In addition, Eli Lilly’s policy piece “A Holistic Approach for Prescription Drug Prices” discusses the importance of putting the needs of patients first, making value the preeminent criteria in pricing medicines, and focusing on removing obstacles towards drug development and review.        

FDA Office of Women’s Health

Diverse Women in Clinical Trials Initiative: Increasing the participation of women from diverse backgrounds in clinical research will require the support and participation of government, industry, clinicians, researchers, and other interested stakeholders. The FDA Office of Women’s Health is partnering with the NIH Office of Research on Women’s Health and other national organizations to raise awareness about women of different ages, races, ethnic backgrounds, and health conditions participating in clinical trials. The Diverse Women in Clinical Trials Initiative includes a consumer awareness campaign, as well as resources and workshops for health professionals and researchers. Use the Partner Toolkit to inform the women in your network about clinical trials. The toolkit includes resources for ‘everyday’ women and health professionals including fact sheets, sample social media and email messages, and articles.

• Get the Diverse Women in Clinical Trials Initiative Partner Toolkit
• Sign Up to be a DWCT Partner

Johnson & Johnson Consumer, Inc.

Johnson & Johnson Consumer, Inc. is pleased to support the launch of year 6 of Safe Kids Worldwide’s Medicine Safety campaign. This year’s campaign is anchored by a research report, “Safe Medicine Storage: A Look at the Disconnect Between Parent Knowledge and Behavior,” that explores the gap between what parents know they should do to keep kids safe around medicine and what they actually do. A new nationwide survey of 2,000 parents revealed that while the clear majority of parents agree that it’s important to store all medicine out of sight and up high after every use, less than half of the survey respondents reported doing so. With almost one call every minute to poison control centers and enough kids to fill about four school buses a day arriving to emergency rooms due to accidental medicine poisonings, it is more important than ever for parents to store medicine safely. Here are some things families can do to protect kids:

• Store medicine up and away and out of sight and reach every time.
• Keep medicine in its original child-resistant packaging.
• Practice safe storage of medicine as soon as your first child is born.
• Put the Poison Help number – 1-800-222-1222 – into your phone and post it visibly at home.
• Instead of keeping your medicine handy, use safe reminder tools like cell phone alarms or medication schedules.

For more information on the campaign, visit the Medication Safety section of the Safe Kids website. For sample social media posts for use to amplify Safe Kids’ medication safety campaign efforts, please contact Leily Saadat-Lajevardi at lsaadat@its.jnj.com.   

National Association of Nurse Practitioners in Women’s Health

The National Association of Nurse Practitioners in Women’s Health (NPWH) has a busy spring/early summer season planned with its fourth annual Women’s Sexual Health Course scheduled for June 8-11, 2017 in Baltimore, MD. NPWH has also been participating as a member of the planning committee for the May 17th Women’s Health Empowerment Summit, organized by the Coalition for Women’s Health Equity (of which NPWH is a member). NPWH also cosponsored several CEs, including a webinar series on Preventing Unintended Teratogen Exposure in Reproductive-aged Women, which are available to view at www.npwh.org/courses. Registration will open soon for the 20^th annual Premier Women’s Health Care Conference, being held October 11-14 in Seattle, WA. Be on the lookout for registration at http://bit.ly/NPWH2017.  

National Council on Patient Information and Education (NCPIE) 

A Roadmap for Building a National Self-care Movement in the U.S.: In late 2016, NCPIE convened a diverse group of advisors for a facilitator-led discussion to gain input and guidance on the development of a comprehensive national self-care action plan with priorities for action across an ages and life stages continuum. Towards this end, NCPIE convened a group of advisors from leading professional societies, voluntary health organizations, government agencies and industry with the goal of assessing the opportunities for self-care in the U.S. and agreeing on a roadmap for action to accelerate progress, especially regarding the appropriate selection and use of over-the-counter (OTC) medicines and other self-care strategies that are necessary for the treatment of minor ailments and the daily management of chronic conditions. Objectives for the advisory group’s deliberations included:

• Arrive at a definition of consumer-centered self-care that can be clearly understood by the general public and healthcare professionals to ensure that clear messaging can be developed for a broad range of audiences.
• Establish a consensus-driven framework for determining appropriate self-care objectives across an ages and life-stages perspective.
• Develop a strategic Priorities for Action communications and educational roadmap to reach consumer and patient audiences, healthcare professionals, health policymakers and the media with impactful themes and messaging to advance informed self-care.

NCPIE plans to release the Roadmap for Building a National Self-care Movement, with national priorities that can have the greatest impact in improving the climate for self-care in this country, in the spring. Interested organizations should contact Ray Bullman, NCPIE, at bullman@ncpie.info.   

NCPIE wishes to acknowledge Pfizer Consumer Health for its support to enable NCPIE to develop this resource. The content and editorial control of all included material is solely the responsibility of NCPIE.

National Partnership for Women and Families

GetMyHealthData is a project of the National Partnership for Women & Families focused on improving people’s access to and use of their health information. Access to relevant and actionable health data can empower consumers to better contribute to and shape their health care decisions – from choosing the right health plan to understanding and following treatment recommendations. GetMyHealthData has spent the last year documenting what happens when individuals request their medical records and other health information. Personal stories have been powerful fuel for generating interest in and commitment to our work. Help us make the case that change is needed and inspire action! Tell us about your experience asking for or using your health information: What steps did you take? What problems did you encounter? How would you describe the experience? Share your story today: https://getmyhealthdata.org/share/ 

Network for Excellence in Health Innovation (NEHI) 

NEHI invites Health Advisory Council members to join the conversation by registering for NEHI’s 2017 Annual Conference, which will take place on April 25-26 in Washington, DC. The goal of this year’s meeting, “Fresh Starts, Enduring Challenges”, is to explore the cross-sector issues that we face in health and health care, and the impending changes stemming from new leadership in Washington.

The conference will include sessions on:

• Innovation in Value-Based Payment and Delivery Reform: The Next Four Years
• Advancing Cures in Cancer
• The New Minds in Health Care – Artificial Intelligence and Cognitive Computing
• Cross-Sector Conversation – Looking Ahead for Health Care

The full agenda and list of speakers is available here, and registration is available at this link. Please share with any and all interested colleagues!

U.S. Pharmacopeial Convention (USP) 

Dietary supplements: Responding to the concern and need for consistent quality in dietary and nutritional supplements, USP founded the Dietary Supplements Quality Collaborative (Collaborative). This multi-stakeholder partnership (NCL is a founding member) is pursuing consensus-based initiatives focused on public and private efforts to improve the quality of products marketed as dietary supplements.

The Collaborative understands that millions of U.S. consumers rely on dietary supplement products to meet nutritional or other needs, with demand only increasing. Yet illegal, fraudulent, adulterated, misbranded, and poor quality products put consumers at risk and taint the marketplace. The Collaborative believes that consumers and healthcare providers should be able to expect the dietary supplements they purchase and recommend are safe and quality products. Further, the Collaborative recognizes that ingredient suppliers, supplement manufacturers, retailers and the government share responsibility to keep illegal, fraudulent, adulterated and misbranded products from entering the marketplace.

PQM report: USP would like to share the release of its 2016 Promotion of Quality Medicines (PQM) annual report. PQM is a collaboration between USP and USAID tasked with strengthening health systems in 34 critical countries by enhancing technical assistance to build laboratory capacity of medicines and regulatory authority.

 We want to hear from you!

If you have time-sensitive information and updates you’d like to share with the Health Advisory Council in between NCL’s quarterly newsletters, please contact Karin Bolte (karinb@nclnet.org) or Janay Johnson (janayj@nclnet.org), and we will be happy to forward your materials to the Council membership. We also encourage you to contact us with your ideas and suggestions for Council activities.

_______________

National Consumers League
Published March 28, 2017

Defending the ACA and Medicaid

As part of the Protect Our Care coalition, NCL was actively engaged in the nationwide effort to protect the Affordable Care Act and Medicaid. Through press releases, letters, and social media, NCL joined with its colleagues in the consumer, patient, and public health communities in the successful effort to beat back the House GOP’s health plan, which would have resulted in millions of Americans losing coverage and paying more for less. In January, NCL also joined the effort to encourage consumers to enroll in the 2017 Health Insurance Exchanges prior to the January 31 deadline.

Script Your Future Medication Adherence Team Challenge

In January, NCL launched the sixth annual Medication Adherence Team Challenge. From January 16 through March 17, inter-professional teams—including student pharmacists, nurses, doctors, and others—implemented creative outreach activities in their communities to raise awareness and improve understanding about medication adherence, using Script Your Future. Since the Challenge began in 2011, more than 9,500 future health care professionals have directly counseled more than 34,000 patients and reached more than 11 million consumers about the importance of medication adherence. Stay tuned for NCL’s announcement of this year’s winners in May.

Generic drugs
This February, the Association for Accessible Medicines (AAM) (previously the Generic Pharmaceutical Association) honored NCL with the prestigious “Champion of Access” award at its annual meeting in Orlando, FL. NCL and Executive Director Sally Greenberg (pictured at right) were recognized for their work advocating for programs and policies that promote low-cost, effective drugs that benefit patients as well as the American healthcare marketplace. Over the decade from 2006-2015, the use of generic drugs saved the U.S. healthcare system approximately $1.46 trillion. To reduce out-of-pocket costs while receiving the same quality of care, NCL encourages consumers to ask their healthcare providers if there is a generic version of their prescription available.

Vaccines
Building on NCL’s long history of advocating for life-saving vaccines, NCL issued a statement opposing the appointment of anti-vaccination activist Robert F. Kennedy Jr. to chair a vaccine safety or autism commission, as well as a guest blog on the appointment. NCL also promoted the importance of vaccines on our social media channels and joined a letter organized by the American Academy of Pediatrics urging Congress to ensure that HHS Secretary Tom Price is “committed to protecting the citizens of this nation from vaccine preventable diseases.”

Counterfeit drugs
NCL joined the Alliance for Safe Online Pharmacies (ASOP Global) as an Observer member, and participated in both of its campaigns to educate senior citizens and healthcare providers about the dangers of counterfeit drugs. In addition, NCL coordinated sign-on letters to the Appropriations and Energy and Commerce Committees on the continued need for FDA’s Office of Criminal Investigation’s important work in protecting consumers and pursuing criminal enterprises that are illegally selling and distributing drugs not approved for sale in the United States.

Right to Try legislation
NCL has been coordinating with our colleagues in the consumer and patient communities to reach out to Congress to express opposition to the Trickett Wendler Right to Try Act of 2017 (S.204/H.R. 878), which would place vulnerable patients at risk. Right to Try laws are designed to grant terminally ill patients the “right to try” an unapproved drug or medical device. However, as NCL Executive Director Sally Greenberg explains in The Huffington Post, FDA’s existing expanded access program achieves the right balance between facilitating patient access to unapproved drugs and providing appropriate protections for patients, without undermining the clinical trials process. While we are all committed to ensuring new treatments and therapies are available to patients, we must not sacrifice safety by passing this federal Right to Try bill.

Issue 40 | February 28, 2017

#DataInsecurity Digest: Advocates unite against DHS plan to check passwords at the border

By John Breyault (@jammingecono, johnb@nclnet.org)
NCL Vice President of Public Policy, Telecommunications and Fraud

Subscribe here. Tell us what you think.

Editor’s Note: DHS Secretary John Kelly’s comments that the agency may require non-citizens to provide passwords to their social media accounts at U.S. borders is provoking quite a backlash. Last week, NCL joined more than 100 data security experts, privacy and civil liberties organizations that said the proposal “will fail to increase the security of U.S. citizens and is a direct assault on fundamental rights.” The move also prompted a reaction from Sen. Ron Wyden (D-OR), a noted privacy hawk, who vowed to introduce legislation requiring DHS to obtain a warrant before demanding passwords to Americans’ online accounts and mobile devices. In other news, Yahoo’s mega-breaches finally have a price tag: $350 million — the discounted sale price negotiated by Verizon due to the overhanging liability stemming from the breaches. Finally, while there was plenty of news from the big RSA security conference, the most troubling was probably a Nuix survey of RSA attendees that more than 80 percent of hackers said they can breach a network’s security and steal valuable information in less than 24 hours.

And now, on to the clips!

—————–

Public interest and privacy experts stand firm against DHS. A coalition of 100+ data security experts and civil liberties, human rights, and consumer organizations (including NCL) last week blasted a DHS plan to require non-citizens to provide social media passwords at the border. “The first rule of online security is simple: Do not share your passwords,” noted the groups’ letter. “No government agency should undermine security, privacy, and other rights with a blanket policy of demanding passwords from individuals.” (Source: Center for Democracy and Technology) 

Sen. Ron Wyden (D-OR) to introduce legislation to prevent seizure of passwords.. “Circumventing the normal protections for such private information is simply unacceptable,” and that his legislation would ensure that the “4th Amendment is respected at the border.” (Source: Buzzfeed)

Chairman of House Homeland Security committee: ‘We are in the fight of our digital lives…and we are not winning.’ In his remarks before the RSA conference, Rep. Michael McCaul (R-TX) also discussed the lack of “clear proportionate response policies for striking back against nation states, cyber criminals and others” and the need to show that “there will be consequences and that intruders will be brought to justice.” (Source: Government Technology)

Yahoo’s massive data breaches caused $350 million devaluation. In the wake of its massive data breaches, Yahoo had to make serious concessions to Verizon to keep the buyer on board. In the new deal, Yahoo will split any financial liabilities caused by their two massive breaches 50-50 with Verizon. In addition, @Ryan_Knutson reports that “as part of the revised agreement, Verizon will give up its right to sue over the idea that Yahoo had covered up the hacks, one of the people said. The entity selling Yahoo will retain liability for the SEC investigation and any shareholder lawsuits related to the deal itself. Verizon will split costs and liabilities related to any lawsuits from consumers or partners.” (Source: Wall Street Journal)

Verizon’s general counsel defends the decision to move ahead on the deal. @TheNLJ reports that, while many have criticized Verizon’s lack of due diligence surrounding data breaches, Verizon general counsel Craig Silliman disagrees. “’There is no way you can do due diligence and find something … that the company itself hasn’t found,’ he said, adding that this is why representations and warranties are added to these agreements. ‘I don’t think one of the lessons learned is the need for due diligence around data breaches,’ he said. ‘I do think it points to the importance of reps and warranties around data breaches.’” (Source: The National Law Journal)

Microsoft proposes ‘Digital Geneva Convention.’ At the RSA conference last week, Microsoft President and Chief Legal Officer Brad Smith argued for a “Digital Geneva Convention.” @jeremy_kirk reports that “[h]is proposal would commit governments to implementing norms designed to protect civilians on the internet in times of peace, in the same spirit as the Fourth Geneva Convention of 1949. Governments should agree to not conduct cyberattacks against the private sector, specifically stealing intellectual property, or critical infrastructure.” (Source: Bank Info Security)

New York’s ‘first-in-the-nation’ breach notification law takes effect today. The new rules require New York-based financial firms to “scrutinize” their security practices and notify regulators after a data breach. @NYGovCuomo stated that “these strong, first-in-the-nation protections will help ensure this industry has the necessary safeguards in place” to protect businesses and clients “from the serious economic harm caused by these devastating cyber-crimes.” (Source: Reuters)

88 percent of hackers believe they can breach your network defenses in less than 12 hours. That’s according to @nuix, a Virginia-based security firm whose Black Report surveyed hackers at the DEFCON conference this year in Las Vegas. The report also found that once inside a system, 81 percent of respondents could identify and steal high value data in fewer than 12 hours. Most concerningly, the report found that nearly two-thirds of hackers stated that their biggest frustration was that “most organizations did not bother to fix the vulnerabilities and security weaknesses they discovered.” (Source: ZDNet)

Breach du jour: Coachella. The user information for the popular California music festival Coachella is currently for sale on the dark web. The listing boasts 950,000 accounts, including users’ email addresses, usernames, and hashed passwords. @motherboard reports that according to the listing, “around 360,000 of the accounts relate to the main Coachella website, and another 590,000 concern the message board. The latter set allegedly includes more information such as the user’s IP address.” (Source: Motherboard)

Quick hit: Trump’s Chief Digital Officer leaves White House over security concerns. @politico reports that “White House Chief Digital Officer Gerrit Lansing was among the six staffers escorted out of the White House last week after being unable to pass an FBI background check.” The CDO slot is a somewhat nebulous position within the White House. Former Obama CDO Jason Goldman described the role as meant to “create more meaningful online engagement between government and American citizens.” (Source: Politico)

Upcoming events

May 24, 2017 – Planning for the Future: A Conference About Identity Theft – Washington, DC
The FTC will host an all-day conference to take a comprehensive look at how identity theft has evolved over the last decade and what can be done to address this challenge in the future. The conference will be used to gather input from academics, business and industry representatives, government experts, and consumer advocates. Participants will look at the current state of identity theft, examine potential future challenges, and discuss how to address these issues.

May 25, 2017 – Workshop on Technology and Consumer Protection (ConPro ’17) – San Jose, CA
At this year’s 38th IEEE Symposium on Security and Privacy, a Workshop on Technology and Consumer Protection (ConPro’17) will explore computer technology’s impact on consumers, with a special focus on privacy and ways in ”which computer science can prevent, detect, or address the potential for technology to deceive or unfairly harm consumers.” ConPro’17 aims to bring together academic and industry researchers along with government officials.

National Consumers League
Published February 28, 2017

Issue 38 | February 1, 2017

#DataInsecurity Digest: No executive action on cyber just yet, reflecting on Ramirez, and more

By John Breyault (@jammingecono, johnb@nclnet.org)
NCL Vice President of Public Policy, Telecommunications and Fraud

Subscribe here. Tell us what you think.

Editor’s Note: With battle over President Trump’s immigration policies consuming much of the political oxygen, it might be easy to overlook what was an exciting few weeks on the data security front. President Trump’s much-discussed executive order on cybersecurity — rumored to reduce DHS’s role in protecting the nation’s critical cyber infrastructure — was delayed late Tuesday for reasons that remain unclear. Underscoring fears about the lack of clear direction from the Trump Administration so far on data security, new data from the Pew Research Center finds that nearly 2 in 3 Americans have been affected by data breaches, doing significant damage to consumers’ faith in the Internet. That may be one reason a bipartisan group of senators is calling for a permanent Senate committee to focus attention on cybersecurity. The fallout from two massive breaches at Yahoo look likely to push the close of its merger with Verizon into Q2, a delay that is attracting the SEC’s attention. Finally, we say goodbye to FTC Chairwoman Edith Ramirez, who prepares to depart an agency that her admirers (including yours truly) are increasingly seeing as the Federal “Technology” Commission.

And now, on to the clips!

—————–

Cybersecurity order delayed amid concerns over reduced role for DHS. President Trump’s much-anticipated signing of an Executive Order on cybersecurity was delayed yesterday for reasons that remain unclear to many data security watchers. A draft version of the order had suggested that the Pentagon would be elevated to a co-equal role with the Department of Homeland Security, though–as of Monday night–DHS officials had reportedly not yet seen a finalized version of the order. @attackerman (who has the must-read story on these developments) writes that “[a] former senior DHS official said the department’s apparent downgrading would lead to surveillance fears among companies concerned with customer privacy, as well as interrupting relationships … with Silicon Valley firms in the years after the disclosures of Edward Snowden.” (Source: The Guardian)

Pew: Shocking number of Americans are victims of a major data breach. We know that data insecurity affects millions of Americans, but a new study from the Pew Research Center is casting light on the scope and effects on consumers. Pew found that 64 percent of Americans “have experienced or been notified of a significant data breach pertaining to their personal data or accounts.” The same study found that “[r]oughly half of Americans think their personal data are less secure compared with five years ago.” This should be of particular concern for social media sites, with more than half of survey respondents expressing a lack of confidence in a company’s ability to protect their data. (Source: Pew Research Center)

Senators call for permanent cybersecurity committee. Senators Cory Gardner (R-CO) and Chris Coons (D-DE) are calling on colleagues to create a permanent Senate Select Committee on Cybersecurity to address the scattered nature of Congressional oversight of cybersecurity. Last Congress, at least 20 standing committees of the House and Senate held hearings on the topic of cybersecurity. Gardner and Coons hope such a committee will draw together the various committees with jurisdiction and focus attention and resources on addressing the problem. “With a stronger cybersecurity congressional oversight structure, our federal government agencies could have built more proactive and resilient defenses,” wrote Gardner in TIME. “Even if these safeguards failed, with greater congressional oversight, it may not have taken a year for OPM to disclose that its network was breached.” (Source: TIME)

SEC investigation is the latest Yahoo breach fallout. Federal authorities are now investigating whether Yahoo violated Securities and Exchange Commission (SEC) rules after the company took 2+ years to report its massive 500-million-account breach to investors. @WSJ reports that Yahoo could be in hot water as “[t]he SEC requires companies to disclose cybersecurity risks as soon as they are determined to have an effect on investors.” Former SEC enforcement official John Reed commented that the Yahoo case was particularly interesting: “Here you are talking not just about the potential for a data breach, but a deal [the proposed Verizon-Yahoo merger] blowing up because of a data breach.” (Source: Wall Street Journal)

Yahoo/Verizon deal delayed. Yahoo executives had hoped to complete the estimated $4.8 billion buyout by the end of Q1 2017. However, Yahoo’s two massive data breaches may be gumming up the deal as executives are now “working expeditiously to close the transaction as soon as practicable in Q2.” (Source: CNET)

Third Circuit Court allows data breach class-actions to proceed. Under the Supreme Court’s ruling in Spokeo v. Robins, it is extremely hard for consumers affected by data breaches to bring a class-action lawsuit. That could be changing, thanks to a decision by the Third Circuit Court of Appeals earlier this month. The court ruled that even when plaintiffs’ injuries are intangible (such as when the defendant in the case, Horizon Healthcare, exposed the plaintiff’s data through an unsecured laptop) victims may form a class action. If the decision stands, the ability of consumers to be compensated for harm suffered as a result of data breaches could become a reality. (Source: Reuters)

Acer settles with New York Attorney General Office for $115,000. Taiwanese computer manufacturer Acer left 35,000+ credit card numbers unprotected in plain text for more than a year, and now they’re paying for it. Last week, NY AG Eric Schneiderman reached a settlement that will prevent Acer from making such a mistake again. “Businesses have a duty to protect their customers’ personal information as securely as possible,” Schneiderman said in a statement. “Lax security practices like those we uncovered at Acer put New Yorkers’ credit card information and other personal data at serious risk.” (Source: PC Magazine)

Farewell to Ramirez. As FTC Commissioner (formerly Chairman) Edith Ramirez prepares to leave her post, analysis of her time at the FTC reveals her influence as having established, in effect, the Federal “Technology” Commission. @omertene argued that “after three years in office and six years as FTC Commissioner, Ramirez leaves the agency stronger and better equipped to deal with the challenges of the next years.” (Source: IAAP)

@POTUS Twitter account linked to insecure private email account. President Trump’s @POTUS Twitter account, as well as the First Lady’s @FLOTUS, and Vice President Pence’s @VP accounts, are seriously vulnerable to hacking since they were linked to commercial Gmail addresses. While the accounts have been moved to more secure whitehouse.gov addresses, the episode continues to fan concerns about the ability of the Trump White House to protect its data. “It’s unclear whether compromising those email addresses would give an attacker access to the accounts,” writes @russellbrandom. “President Trump has drawn criticism from many in the security world for apparently continuing to use his unsecured Android phone, while his senior staff has drawn similar fire for maintaining private email accounts at the RNC.” (Source: The Verge)

Upcoming events

May 24, 2017 – Planning for the Future: A Conference About Identity Theft – Washington, DC
The FTC will host an all-day conference to take a comprehensive look at how identity theft has evolved over the last decade and what can be done to address this challenge in the future. The conference will be used to gather input from academics, business and industry representatives, government experts, and consumer advocates. Participants will look at the current state of identity theft, examine potential future challenges, and discuss how to address these issues.

May 25, 2017 – Workshop on Technology and Consumer Protection (ConPro ’17) – San Jose, CA
At this year’s 38th IEEE Symposium on Security and Privacy, a Workshop on Technology and Consumer Protection (ConPro’17) will explore computer technology’s impact on consumers, with a special focus on privacy and ways in ”which computer science can prevent, detect, or address the potential for technology to deceive or unfairly harm consumers.” ConPro’17 aims to bring together academic and industry researchers along with government officials.

National Consumers League
Published February 1, 2017