Jonathan Armstrong, technology lawyer for Cordery and data regulation advisor here at Absolute, wrote an article for Tech Page One on Data regulation around the world. In the article, Jonathan talks about how global data regulations can impact businesses of all sizes. Right now, every business has the potential to be a global one, and while that comes with amazing possibilities, it brings its own sets of challenges. When it comes to data regulation, every organization operating abroad must understand these questions: What are the rules? How can you protect yourself? What should you do if something goes wrong?
According to a survey soon to be released at the 2015 National Student Privacy Symposium by the Future of Privacy Forum, 87% of parents feel concern that their child’s electronic education records are at risk, due to hacking or theft of data or data devices. Parents are not the only ones with these concerns; 57% of K-12 IT leaders believe data security has become more important in the past decade. Perhaps the most influential trend affecting data security in education has been mobility. While there is no question that mobility is essential in administration, it has been transformative on the educational front, and yet not without additional risks to data security.
Millennials, the so-called “Digital Natives,” are the first generation to grow up with technology and, in 10 years, will account for 75% of the workforce. Millennials are already shifting the workplace, with smartphones glued to their sides and demands to work whenever and wherever they want. According to a new report in the UK, smartphones are now the preferred device for going online, overtaking laptops for the first time.
We have talked a lot about the overlapping compliance requirements that many organizations face, when it comes to data security. Complying with State laws, Federal requirements, industry regulators, and even International laws such as the EU GDPR. We have also spoken to the importance of holding external vendors / contractors to the same security credentials expected internally. Flipping the perspective, you can then see the additional challenges organizations face as the hired contractor / vendor, adhering to the standards of other organization(s) in addition to all these other requirements.
Government Officials in the UK have been facing ongoing backlash over their ability to protect citizen information following a string of data breaches over the past few years. Most recently, East Sussex NHS Trust came under fire for misplacing a memory stick containing the personal data of 3,000 of its patients. The ICO has levied more than £5 million worth of civil monetary penalties against the public sector, with these fines set to increase with the finalization of the EU General Data Protection Regulation (EU GDPR), which will come into effect in 2017.
The American Health Information Management Association (AHIMA) recently released a framework of Information Governance Principles for Healthcare (IGPHC). The goal of this resource is to set up a framework to identify risks and areas for improvement.
The Third Circuit this week affirmed that the Federal Trade Commission (FTC) has the authority to regulate data security standards of commercial entities. In FTC v. Wyndham, the agency sued Wyndham hotels after customer financial data was exposed. The FTC alleged that the hotel chain failed to maintain reasonable data security practices, outlined in detail, which led to at the exposure of the consumer data between 2008 and 2010. The company argued that the FTC lacks authority to regulate data security standards of commercial entities, an argument that was overruled in the lower court and again at the US Court of Appeals for the Third Circuit.
Although it’s true that the healthcare industry is facing more targeted cyber attacks, these attacks are not necessarily more sophisticated. Most healthcare organizations, particularly hospitals, are leaving many “doors” open due to a lack of proper cyber security defences.