Tag:Privacy & Security
Impact of Provisions of Revised Rules of FDA-Regulated Clinical Investigations
The FDA regulationson human subject protection and Institutional Review Boards(IRBs) provide guidance to protect the rights, safety, and welfare of subjects who participate in FDA-regulated clinical investigations. The regulations conform with the requirements set forth by the Department of Health and Human Services (HHS) Federal Policy of Human Research Subjects(45 CFR 46, part A). In order to reduce confusion and burdens associated with complying with both the FDA regulations and the HHS policies regarding human subject protections, the FDA is revising the current “common rule”.
Managing Your Health in 2018: Mobile Medical Applications and FDA Regulations
Immediately upon introduction, mobile medical applications became favored by physicians and patients alike because the applications are user friendly and allow the patient to understand their care and participate in more meaningful discussions with their provider about their health. Due to the rapid development of technology and, as a result, a surge of mobile medical applications flooding the market, the Food and Drug Administration has issued three guidances on how they plan to regulate mobile medical applications. In order for mobile medical application manufacturers to remain compliant with the FDA guidances, they must meet the seven categories of requirements that are laid out in Appendix E of FDA’s 2015 guidance and also comply with any further guidance that is released.
GDPR Enforcement Notice to AggregateIQ
On July 6, the Information Commissioner’s Office (ICO) issued their first Enforcement Notice to AggregateIQ (AIQ) under the General Data Protection Regulation (GDPR) and the United Kingdom’s Data Protection Act (DPA). The GDPR is a law regulating data protection and privacy as well as the export of personal data outside of the European Union (EU). It became enforceable on May 25, 2018. The DPA supplements the GDPR and regulates the processing of personal data. The ICO is a regulatory office in the UK which enforces regulations under the DPA and GDPR. AIQ is a Canadian digital advertising, web and software development company that was charged with violations regarding the use of data analytics in political campaigning. This article will address the AIQ enforcement notice and how companies ensure compliance with the GDPR to prevent receipt of an enforcement notice.
Electronic Health Record Compliance Measures Benefit Patient Centered Care
In a time when data breaches occur fairly frequently, whether it’s credit card information being stolen from department stores or a credit reporting bureau breach affecting hundreds of millions of customers, keeping personal information private seems to get harder every day. That fact may give patients pause when they are asked to sign up for an electronic health record account. A 2017 survey listed electronic health record management as one of patients top concerns. Changes in recent years have led to changes in compliance measures that make electronic health records security an added benefit to patients and ensure the continued increase of their adoption.
GDPR, Data, & Blockchain: The New Wonders of the Digital World
In a world where our reliance on technology and the cloud is increasing exponentially, data security’s growth has stagnated. The European Union (EU) passed the General Data Protection Regulation (GDPR) in hopes of ensuring that consumer data is protected and not harbored by businesses. The effects of the GDPR, however, have passed the borders of the European Union. In a world where our actions extend internationally with just the click of a button, the GDPR’s impact circles the globe as well. The GDPR has pushed for a shift in data privacy and regulation for companies within and outside of the EU as it holds to protect European citizens, no matter where they are in the world. This international reach has not only created forces to drive U.S. companies to comply, but states within the U.S. are now creating GDPR-inspired laws to protect their own citizens. The GDPR has started a trend that will soon become the norm and finally push compliance to keep up with the exponential growth of technology.
Nearly Half of All Businesses Out of Compliance With Payment Card Security Standards
While the legal community has spent much of the last year exhaustively dissecting the European Union’s new General Data Protection Regulation (GDPR), nearly half of businesses in the United States are still not compliant with standards governing the collection, storage, and disposal of payment (credit/debit) card data. Businesses of all sizes should work to ensure that they understand and are in compliance with these standards, or risk significant exposure in the event of a payment card data breach traced back to their organization.
How “Bring Your Own Device” Policies Increase Privacy Concerns
With the increased integration of laptops, cellphones, and tablets in both work and personal life, many companies have started adopting a “bring your own device” (BYOD) policy into employment protocols. BYOD policies allow employees to use their personal device for work, removing the need for employers to provide work devices. Although BYOD policies allow for easy transition from home to work, they increase security risks for employers. BYOD policies create differing advantages and disadvantages for employees and employers; thus, it is important that they are carefully assessed before implementation. If a BYOD policy is adopted, strict regulation and oversight of company policies and procedures is required.
You’ve Heard About the GDPR, but What About the CCPA?
On June 28, 2018 California took a page out of the European Union’s (EU) book and signed the California Consumer Privacy Act (CCPA) into law. The CCPA is a landmark privacy bill that will come into effect on January 1st, 2020 and it is being closely compared to the General Data Protection Act (GDPR).
What does this mean for California businesses and residents? In short, more privacy and more control over data. Key aspects include allowing consumers to request what data an organization has collected about them, allowing consumers the right to fully erase data, protecting children’s data, and making verification processes more stringent for businesses.
Facial Recognition Technology: How Much Can State Law Protect Users?
Sei Unno Associate Editor Loyola University Chicago School of Law, JD 2019 Facial recognition has become mainstream, whether the laws are ready or not. Video games are using facial recognition to check the ages of their users and cars are being equipped with technology to identify drivers who are fatigued or distracted. In the U.S., states …
Read more
SEC’s Settlement to Prevent Future Market Disruption by Elon Musk and Tesla
On September 27, 2018, the Securities and Exchange Commission (“SEC”) filed a complaint, alleging Tesla CEO and Chairman, Elon Musk, committed stock market fraud by misleading investors. The matter was resolved through settlement and later approved by a judge. It is hoped that the settlement will prevent Tesla and Musk from causing future market disruption and harm to shareholders.