Earlier in 2019, a lawsuit was filed against University of Chicago Medicine, University of Chicago Medical Center, and Google. The suit claims that patient information was shared with google as part of a study aimed to advance the use of Artificial Intelligence, however, patient authorization was not obtained and the data used was not properly de-identified. In 2017, University of Chicago (UChicago) Medicine started sending patient data to Google as part of a project to look to see if historical health record data could be used to predict future medical events.
While the legal community has spent much of the last year exhaustively dissecting the European Union’s new General Data Protection Regulation (GDPR), nearly half of businesses in the United States are still not compliant with standards governing the collection, storage, and disposal of payment (credit/debit) card data. Businesses of all sizes should work to ensure that they understand and are in compliance with these standards, or risk significant exposure in the event of a payment card data breach traced back to their organization.
Financial institutions often rely on outside vendors to provide information technology services. While doing so often provides economic efficiency and quicker technological innovation, the risks associated with outsourcing information technology services are significant. Institutions must develop strong vendor management programs to ensure the safety of their customer’s personal information. Several large financial institutions have come together to create a new consortium to perform vendor and partner due diligence.