Tag:

GDPR

GDPR and HIPAA: Next Steps in the U.S. Healthcare Industry

The EU General Data Protection Regulation (“GDPR”) is now in effect as of May 25, 2018, and has been a prominent topic of international debate across multiple sectors as companies look to adjust to new stringent regulations in data management. With a wide scope (the GDPR now applies to all organizations possessing personal data of individuals based in the EU) and steep penalties for companies that fail to comply, companies across the globe are spending millions of dollars in preparation.

Enforcing Foreign Compliance with U.S. Regulations

Compliance standards in the United States come from the laws and policies enacted by the government and its related agencies. Administering U.S. standards on foreign institutions, public or private, poses a unique challenge. Our public and private companies are held accountable by federal, state, local, or agency rules, as well as the guidelines providedby the United States Sentencing Commission. But foreign organizations, in theory, have no real obligation to follow our lead. There have been several notable attempts in recent years to enact legislation on foreign organizations and impose sanctions for noncompliance, and it is likely a continuing trend as the compliance industry grows.

Handling a Data Breach: Equifax v Google

Google answered Amazon’s Echo Dot by recently launching their own pint-sized smart speaker, the Google Home Mini. Recently, Google was forced to disable one of the features on the Home Mini after it was discovered that a technical glitch led to near 24/7 audio recording. Google responded quickly and appropriately, investigating the cause and quickly releasing an update to disable the hardware responsible for the glitch. The Equifax hack –  a breach of personal data including social security numbers, driver’s license information, and other credit details – exposed nearly half the country and waited months to respond. Upcoming European legislation that can significantly impact American companies with European Union clients may be part of the reason for their drastically different responses.  

Brexit & Privacy Compliance

Ryan Meade Editor-in-Chief Director of Regulatory Compliance Studies at Loyola University Chicago School of Law   Now that the UK referendum has expressed the voters’ preference to leave the European Union, there are some fascinating questions regarding how compliance programs deal with the unwinding.  There is still considerable time to wrestle with these matters since both major …
Read more