Apr 302019
 April 30, 2019  Posted by  Breaches, Govt

Craig A. Newman of Patterson Belknap writes:

The Securities and Exchange Commission is warning investment firms to step up their game when it comes to following the agency’s privacy rules. In a Risk Alert issued by the Office of Compliance Inspections and Examinations (OCIE), a laundry list of compliance “deficiencies or weaknesses” were identified in recent examinations of SEC-registered investment advisers and broker dealers.

Regulation S-P or the Safeguards Rule – the SEC’s primary rule regarding privacy – requires investment firms to “adopt written policies and procedures that address administrative, technical, and physical safeguards for the protection of customer records and information.”

Read more on Data Security Law Blog.

Apr 302019
 April 30, 2019  Posted by  Healthcare, Non-U.S.

This may be a bit challenging to wade through, but Yusuf TUNA reports:

A proposal by Robin Li (李彦宏) –founder of Baidu (百度) and an influential figure amongst China’s policymakers– yet again attracted the attention to the Medical Cloud. He thinks that Medical Cloud contains rich clinical data which catalyzes the research and application of electronic medical records, improving the medical system, so as to alleviate the problem of insufficient medical resources and uneven distribution between urban and rural parts of China. Indeed, launched by the Government in 2016; rights and responsibility of data collection, sharing and utilization and cloud management have been regulated, stimulated and outsourced by giving them to the third party companies and SOEs.

“9) We will implement the Healthy China Cloud Service Plan, build an integrated platform for healthcare services, provide remote consultation, remote imaging, remote pathology and remote ECG diagnosis services; and improve the mutual recognition and sharing the mechanism of inspection results. We will promote data resource sharing and collaboration between large hospitals and medical institutions, general practitioners and specialists …”

A literal translation of Article 9 says that the government will collect all the medical data coming from the smallest clinic in Guizhou to the biggest hospital in Shanghai; process it and make it useful within the cloud; and give access for this data to whoever and whenever necessary; to provide a smarter healthcare services ecosystem to the public.

Read more on EqualOcean.

Apr 302019
 April 30, 2019  Posted by  Non-U.S.

Hunton Andrews Kurth writes:

On April 25, 2019, the Belgian Data Protection Authority (the “Belgian DPA”) published its Annual Activity Report for 2018 (the “Annual Report”), highlighting the main developments and accomplishments of the past year.

New Authority

On May 25, 2018, the Belgian Privacy Commission became the Belgian DPA. The Belgian DPA is now composed of an Executive Committee and five bodies: the Knowledge Center, the Litigation Chamber, the Investigation Service, the General Secretariat and the Front Office.

Two new laws came into effect to create and reinforce the powers of the Belgian DPA as an investigation and sanctioning body: the Law of 3 December 2017, creating the Data Protection Authority, and the Law of 30 July 2018 on the Protection of Natural Persons with regard to the Processing of Personal Data, adapting the Belgian legal framework to the EU General Data Protection Regulation (the “GDPR”).

Read more on Privacy & Information Security Law Blog.