On July 12, the European Commission formally adopted the EU-US Privacy Shield, a bilateral data privacy agreement hastily assembled from the wreckage of the Safe Harbor Framework, which was invalidated by the European Court of Justice in 2015. U.S. companies immediately lined up to apply the new framework, with tech giants like Google, Salesforce and Microsoft broadcasting their willingness to abide by the deal’s strictures. As of August 26th, over two hundred companies had adopted Privacy Shield, and the list is growing. Read more
UPDATE: Since this article was drafted, Privacy Shield has been formally adopted and is now in effect. Please see this article for more information.
After four months of frantic negotiations, the U.S. and the European Union have a new deal on cross-border data transfer. The agreement, dubbed the “Privacy Shield,”replaces the Safe Harbor Framework, a bilateral agreement governing transfer of personal information that was struck down by the European Court of Justice in October of last year. News of the detente was greeted with a mixture of skepticism and relieved adulation, tempered with a dash of confusion. What do you need to know about Privacy Shield? Read more
The Safe Harbor Framework governing transfer of personal information from the European Union to the United States is no more. On October 6, 2015, the European Court of Justice (ECJ) struck down the vaunted bilateral data protection and transfer agreement, impacting over 4,700 companies that relied on the Safe Harbor for transporting and storing European data overseas. The decision, which took effect immediately and left no grace period for international organizations to make alternative arrangements, vigorously reinforces European legal protections for data privacy while leaving a broad swath of data-related commercial activity on tenuous legal ground.
The healthcare industry is primed to benefit mightily from the ever-expanding influx of medical apps, transforming areas such as personal fitness, information storage, and even complex medical procedures. However, many app developers fail to realize the the role of the Health Insurance Portability And Accountability Act (HIPAA) and the full extent of HIPAA’s applicability to their activities. This article aims to provide app developers with information on how to develop a HIPAA compliant app and related products. Read more
This is the second in a series of three posts that cover the background of the Health Insurance Portability and Accountability Act (HIPAA), HIPAA requirements, and HIPAA compliance strategies for startups and small businesses. The aim of this series is to make the privacy provisions of HIPAA accessible and understandable to startups and small businesses. In our previous post, we provided an overview of HIPAA and the type of entities and information covered by its rules. Please read that post to become familiar with the general concepts and terminology used here. In this second post, we discuss HIPAA requirements that startups and small businesses must know. Read more
Whether dealing with simple applications or constructing complex medical treatment tools, businesses looking to enter the burgeoning market of health care services will need to become familiar with the Health Insurance Portability and Accountability Act (HIPAA). The law has wrought transformative change in the U.S. healthcare market, but its labyrinthine strictures can prove difficult to navigate. This is the first in a series of 3 posts that cover HIPAA’s background, its requirements, and HIPAA compliance strategies for startups and small businesses. The aim of this series is to make the privacy provisions of HIPAA accessible and understandable to startups and small businesses. Read more
Nearly every organization collects personally identifiable information, or PII. Because of the sensitive nature of many different types of PII, its collection can pose an array of unique challenges, especially for younger or smaller organizations without a dedicated privacy department. The unwarranted release of such information can ravage people’s lives and forever destroy any modicum of trust an organization may enjoy with its customers and with the general public. One of the most fundamental privacy questions an organization may face is: what does “personally identifiable information” mean? Given the differing responsibilities that an organization has with respect to PII versus non-PII, the answer to this question is critical. This article is designed to help you flesh out the concept of personally identifiable information and begin to think about the ways your company should handle PII-related issues. Read more