Big Data Archives - Page 7 of 12 - OF DIGITAL INTEREST

Big Data

UPCOMING WEBINAR | Digital Health: The New Dynamics — Big Data Part I: Data-Driven Life Sciences Innovation, Personalized Medicine and Research

by McDermott Will & Emery | Dec 1, 2014 | Big Data

Health care and life sciences companies increasingly operate in a digital environment. McDermott Will & Emery is hosting a complimentary four-part webinar series to explore the practical business considerations and to simplify the regulatory complexity of digital health, including health information technology (IT), big data, mobile health and telehealth.

WEBINAR TWO

Big Data Part I: Data-Driven Life Sciences Innovation, Personalized Medicine and Research

Date: Tuesday, December 9
Time: 12:00 – 1:30 pm EST
REGISTER HERE

Data-driven solutions are a powerful tool for the life sciences sector and research community. This program will explore how life sciences companies, research institutions, providers and informatics businesses can successfully navigate the regulatory landscape for big data to develop, introduce and differentiate products. The following key questions, among others, will be addressed:

Overview of Regulatory Framework — How can big data initiatives be structured to comply with key federal laws?
Data Registry Creation and Management — What are the data stewardship and data governance considerations?
Emerging Partnerships — What is the role of the government and industry for data initiatives in the life sciences?
Personalized Medicine — How is data used to deliver personalized medicine at the bedside?
Biospecimens — How does the introduction of annotated biospecimens affect the big data landscape?
Genomic Age – What does it mean to engage in big data initiatives in an age of genomic medicine?

SPEAKERS

Amy Hooper Kearbey, Partner, McDermott Will & Emery LLP

Matthew Hawryluk, Ph.D., Senior Director, Corporate & Business Development, Foundation Medicine, Inc.

Jennifer C. King, Ph.D., Director of Data Governance for CancerLinQ, American Society of Clinical Oncologists

Sari Heller Ratican, Chief Privacy Officer, Amgen

MODERATOR

Jennifer S. Geetter, Partner, McDermott Will & Emery LLP

MARK YOUR CALENDARS FOR THESE UPCOMING WEBINARS!

WEBINAR THREE: Big Data Part 2: Data-Driven Changes to Payment Models, January 13, 2015
WEBINAR FOUR: Mobile Health & Telehealth: Mobile and Telehealth Technology Create New Business Opportunities, February 10, 2015

Click here to view WEBINAR ONE: Health IT: Collection, analysis and sharing of health information

For more information, please contact McDermott Events.

Don’t Forget: You Can Watch Monday’s FTC Big Data Workshop LIVE Online

by McDermott Will & Emery | Sep 12, 2014 | Big Data

On Monday, September 15, 2014, the Federal Trade Commission (FTC) will host a workshop in Washington, D.C., that is free and open to the public, exploring the use of big data and its impact on American consumers. Don’t have your plane ticket reserved? Not a problem! The workshop starts at 9:00 am EST and those who are unable to attend the workshop in person can attend via webcast.

The workshop, entitled “Big Data: A Tool for Inclusion or Exclusion?”, will include presentations and panel discussions featuring academics, business and industry representatives, and consumer advocates. It will address the following issues:

How are organizations using big data to categorize customers?
What benefits do consumers gain from these practices? Do these practices raise consumer protection concerns?
What benefits do organizations gain from these practices? What are the social and economic impacts, both positive and negative, from the use of big data to categorize consumers?
How do existing laws apply to such practices? Are there gaps in the legal framework?
Are companies appropriately assessing the impact of big data practices on low income and underserved populations? Should additional measures be considered?

Processing Personal Data in Russia? Consider These Changes to Russian Law and How They May Impact Your Business

by Maria Ostashenko, Of Counsel, ALRUD Law Firm (Moscow, Russia) | Sep 8, 2014 | Big Data, Cloud, Consumer Protection, Cybersecurity, Data Privacy, Data Transfers/Safe Harbor/Privacy Shield, Ecommerce, Email/Spam, General Interest, Social Media, Text Messaging

Changes Impacting Businesses that Process Personal Data in Russia

On July 21, 2014, a new law Federal Law № 242-FZ was adopted in Russia (Database Law) introducing amendments to the existing Federal Law “On personal data” and to the existing Federal Law “On information, information technologies and protection of information.” The new Database Law requires companies to store and process personal data of Russian nationals in databases located in Russia. At a minimum, the practical effect of this new Database Law is that companies operating in Russia that collect, receive, store or transmit (“process”) personal data of natural persons in Russia will be required to place servers in Russia if they plan to continue doing business in that market. This would include, for example, retailers, restaurants, cloud service providers, social networks and those companies operating in the transportation, banking and health care spheres. Importantly, while Database Law is not scheduled to come into force until September 1, 2016, a new bill was just introduced on September 1, 2014 to move up that date to January 1, 2015. The transition period is designed to give companies time to adjust to the new Database Law and decide whether to build up local infrastructure in Russia, find a partner having such infrastructure in Russia, or cease processing information of Russian nationals. If the bill filed on September 1 becomes law, however, that transition period will be substantially shortened and businesses operating in Russia will need to act fast to comply by January 1.

Some mass media in Russia have interpreted provisions of the Database Law as banning the processing of Russian nationals’ personal data abroad. However, this is not written explicitly into the law and until such opinion is confirmed by the competent Russian authorities, this will continue to be an open question. There is hope that the lawmakers’ intent was to give a much needed boost to the Russian IT and telecom industry, rather than to prohibit the processing of personal data abroad. If this hope is confirmed, then so long as companies operating in Russia ensure that they process personal data of Russian nationals in databases physically located in Russia, they also should be able to process this information abroad, subject to compliance with cross-border transfer requirements.

The other novelty of this new Database Law is that it grants the Russian data protection authority (DPA) the power to block access to information resources that are processing information in breach of Russian laws. Importantly, the Database Law provides that the blocking authority applies irrespective of the location of the offending company or whether they are registered in Russia. However, the DPA can initiate the procedure to block access only if there is a respective court judgment. Based on the court judgment the DPA then will be able to require a hosting provider to undertake steps to eliminate the infringements. For example, the hosting provider must inform the owner of the information resource that it must eliminate the infringement, or the hosting [...]

Continue Reading

New Data Disposal Law in Delaware Requires Action by Impacted Businesses

by McDermott Will & Emery | Aug 27, 2014 | Big Data, Consumer Protection, Cybersecurity, Data Privacy, General Interest

While the federal government continues its inaction on data security bills pending in Congress, some U.S. states have been busy at work on this issue over the summer. A new Delaware law H.B. 295, signed into law on July 1, 2014 and effective January 1, 2015, provides for a private right of action in which a court may order up to triple damages in the event a business improperly destroys personal identifying information at the end of its life cycle. In addition to this private right of action, the Delaware Attorney General may file suit or bring an administrative enforcement proceeding against the offending business if it is in the public interest.

Under the law, personal identifying information is defined as:

A consumer’s first name or first initial and last name in combination with any one of the following data elements that relate to the consumer, when either the name or the data elements are not encrypted:

his or her signature,
full date of birth,
social security number,
passport number, driver’s license or state identification card number,
insurance policy number,
financial services account number, bank account number,
credit card number, debit card number,
any other financial information or
confidential health care information including all information relating to a patient’s health care history, diagnosis condition, treatment or evaluation obtained from a health care provider who has treated the patient, which explicitly or by implication identifies a particular patient.

Interestingly, this new law exempts from its coverage: banks and financial institutions that are merely subject to the Gramm-Leach-Bliley Act, but the law only exempts health insurers and health care facilities if they are subject to and in compliance with the Health Insurance Portability and Accountability Act (HIPAA), as well as credit reporting agencies if they are subject to and in compliance with the Fair Credit Reporting Act (FCRA).

Given how broadly the HIPAA and FCRA exemptions are drafted, we expect plaintiffs’ attorneys to argue for the private right of action and triple damages in every case where a HIPAA- or FCRA-covered entity fails to properly dispose of personal identifying information, arguing that such failure evidences noncompliance with HIPAA or FCRA, thus canceling the exemption. Note, however, that some courts have refused to allow state law claims of improper data disposal to proceed where they were preempted by federal law. See, e.g., Willey v. JP Morgan Chase, Case No. 09-1397, 2009 U.S. Dist. LEXIS 57826 (S.D.N.Y. July 7, 2009) (dismissing individual and class claims alleging improper data disposal based on state law, finding they were pre-empted by the FCRA).

The takeaway? Companies that collect, receive, store or transmit personal identifying information of residents of the state of Delaware (or any of the 30+ states in the U.S. that now have data disposal laws on the books) should examine their data disposal policies and practices to ensure compliance with these legal requirements. In the event a business is alleged to have violated one of [...]

Continue Reading

Incorporating Risk Analysis Into Your HIPAA Strategy

by Edward G. Zacharias | May 14, 2014 | Big Data, Cloud, Consumer Protection, Cybersecurity, Data Privacy, General Interest

In building a stout privacy and security compliance program that would stand up well to federal HIPAA audits, proactive healthcare organizations are generally rewarded when it comes to data breach avoidance and remediation. But an important piece of that equation is performing consistent risk analyses.

McDermott partner, Edward Zacharias, was interviewed by HealthITSecurity to discuss these topics and more.

Read the full interview.

The New Normal: Big Data Comes of Age

by Daniel F. Gottlieb, Jennifer S. Geetter, Karen S. Sealander, Stephen W. Bernstein and Scott Weinstein | May 13, 2014 | Advertising & Marketing, Big Data, Cloud, Consumer Protection, Data Privacy, Data Transfers/Safe Harbor/Privacy Shield, General Interest, Mobile Apps

On May 1, 2014, the White House released two reports addressing the public policy implications of the proliferation of big data. Rather than trying to slow the accumulation of data or place barriers on its use in analytic endeavors, the reports assert that big data is the “new normal” and encourages the development of policy initiatives and legal frameworks that foster innovation, promote the exchange of information and support public policy goals, while at the same time limiting harm to individuals and society. This Special Report provides an overview of the two reports, puts into context their conclusions and recommendations, and extracts key takeaways for businesses grappling with understanding what these reports—and this “new normal”—mean for them.

Read the full article.

Thinking Outside the HIPAA Box

by Jennifer S. Geetter | May 9, 2014 | Big Data, Consumer Protection, Data Privacy, Mobile Apps

On Wednesday, May 7, the Federal Trade Commission (FTC) held the third of its Spring Seminars on emerging consumer privacy issues. This session focused on consumer-generated health information (CHI). CHI is data generated by consumers’ use of the Internet and mobile apps that relates to an individual’s health. The “H” in CHI defies easy definition but likely includes, at minimum, data generated from internet or mobile app activity related to seeking information about specific conditions, disease/ medical condition management tools, support and shared experiences through online communities or tools for tracking diet, exercise or other lifestyle data.

In the United States, many consumers (mistakenly) believe that all of their health-related information is protected, at the federal level, by the Health Information Portability and Accountability Act (HIPAA). HIPAA does offer broad privacy protections to health-related information, but only to identifiable health information received by or on behalf of a “covered entity” or a third party working for a covered entity. Covered entities are, essentially, health plans and health care providers who engage in reimbursement transactions with health plans (referred to as “Protected Health Information” or “PHI”). When HIPAA was enacted in 1996, PHI was the primary type of health information, but CHI, which is generally not also PHI, has changed that. As FTC Commissioner Julie Brill noted her in her opening remarks, CHI is “health data stored outside the HIPAA silo.”

Without the limitations imposed by HIPAA, online service providers and mobile apps generally (except where state law requires differently) can treat CHI like other digital non-health data that they collect from consumers. As a result, the FTC expressed concerned that CHI may be aggregated, shared and linked in ways that consumers did not foresee and may not understand.

The panelists at the FTC discussed the difficulty in defining CHI, and whether and how it is different from other kinds of data collected from consumers. One panelist noted that whether a consumer considers his or her CHI sensitive is highly individualized. For example, are the heart rate and exercise data collected by mobile fitness apps sensitive? Would the answer to this question change if these data points were linked with other data points that began to suggest other health or wellness indicators, just as weight? Would the answer change if that linked data was used to predict socioeconomic status that is often linked to certain health, wellness and lifestyle indicators or used to inform risk rating or direct to consumer targeted advertising?

Panelists also discussed the larger and more general question of how to define privacy in a digital economy and how to balance privacy with the recognized benefits of data aggregation and data sharing. These questions are compounded by the difficulty of describing data as being anonymized or de-identified – foundational principles in most privacy frameworks – because the quality of being “identifiable” in the digital economy may depend on the proximity of a piece of data to other pieces of data.

Though the “how” and “what” of additional [...]

Continue Reading

Privacy and Data Protection: 2013 Year in Review

by Daniel F. Gottlieb | Dec 10, 2013 | Advertising & Marketing, Big Data, Cloud, Consumer Protection, Cybersecurity, Data Privacy, Data Transfers/Safe Harbor/Privacy Shield, Ecommerce, Email/Spam, General Interest, Mobile Apps, Social Media, Text Messaging

Privacy and data protection continue to be an exploding area of focus for regulators in the United States and beyond. This report gives in-house counsel and others responsible for privacy and data protection an overview of some of the major developments in this area in 2013 around the globe, as well as a prediction of what is to come in 2014.

Read the full report here.

Welcome to McDermott’s Of Digital Interest Blog

by McDermott Will & Emery | Nov 19, 2013 | Advertising & Marketing, Big Data, Consumer Protection, Data Privacy, Social Media

Welcome to McDermott’s Of Digital Interest blog!

The global digital economy continues to rapidly expand and we can only imagine where technological innovation will take us next. Every day companies are developing new and exciting ways to leverage the Internet and digital connectivity to make businesses more efficient, improve individual outcomes, facilitate customer engagement and maximize the power and value of data.

At the same time, privacy, data security, digital advertising and online consumer protection continue to be among the fastest growing areas of the law around the globe. In the digital realm, jurisdictional lines can be crossed in nanoseconds, and this compounds compliance challenges. With more than 50 attorneys in our group around the world, McDermott’s international, multi-disciplinary team of lawyers work hard to keep abreast of important developments and trends so we can help our clients meet those challenges.

This blog is the natural extension of those efforts and it is designed to provide legal professionals and risk managers with practical insights into regulatory developments, industry trends and current issues impacting the digital environment. From major developments in privacy and data security, to new strategies for legitimizing cross-border data transfers, to coverage of hot topics like user tracking and geolocation, and the latest trends in the specialized field of online advertising, internet promotions and beyond, we expect that this blog will serve as a trusted resource for professionals who are responsible for managing data and compliance in the digital age.

We hope you find Of Digital Interest to be both interesting and helpful and we welcome your feedback. If you have questions or topic suggestions, please let us know via the “Contact Us” form or feel free to reach out to one of the editors directly.

Heather Egan Sussman and Rohan Massey
Co-chairs, McDermott’s Privacy and Data Protection Practice

Consumer Data Privacy Update for Marketers, Part 1: Children’s Online Privacy Protection Act Amendments

by McDermott Will & Emery | Nov 19, 2013 | Advertising & Marketing, Big Data, Consumer Protection, Data Privacy, Email/Spam, Mobile Apps, Social Media

New technologies enable marketers to collect and analyze more — and more specific— data than ever before. Marketers can track consumers across the internet and mobile applications, and can deliver advertising based on consumers’ interests inferred from the collected data. In theory, consumer tracking enables marketers to present advertising to consumers who are predisposed to a specific product or service, producing a higher purchase rate and transaction price, and a greater return on investment in marketing activities.

While these new technologies make advertising and marketing more targeted and efficient, they also present new challenges for marketers. Although a majority of consumers understand the “pay with data” model through which websites, mobile applications and other digital services are made available at no cost, they do not want advertisers to track them or to aggregate the tracking data into so-called “big data” databases. Consequently, consumer digital privacy has been the subject of many recent news articles – from lawsuits filed by consumers against email service providers and social media platforms for undisclosed data mining to senatorial requests to data brokers for transparency.

In this four-part series, we will highlight of some recent developments in consumer data privacy law and suggested steps for marketers on how to address them.

Children’s Online Privacy Protection Act Amendments

The Children’s Online Privacy Protection Act (COPPA) is a federal statute enacted in 1998 that requires operators of commercial digital services to provide parental notification and obtain verifiable parental consent prior to collecting personal information from children under 13. To implement COPPA, the Federal Trade Commission (FTC) issued a set of regulations known as the Children’s Online Privacy Protection Rule (COPPA Rule). On December 19, 2012, the FTC released amendments to the COPPA Rule which became effective July 1, 2013.

The amended COPPA Rule enhances online privacy protection for children and makes digital services’ operators more accountable for data collection activities involving children under age 13. Notable for marketers is a new liability standard for third-party service providers. Specifically, effective July 1, 2013:

The operator of “children-directed” (i.e., intended for children under age 13) online or mobile websites and services is strictly liable for actions of independent third parties – including social media plug-ins – on/through its website and mobile services if the third party is acting as its agent or service provider or if the operator benefits by allowing the third party information collection; and
A software plug-in, ad network or similar party that collects information on or through a third-party’s online or mobile website or service now is liable under COPPA if that party has actual knowledge it is collecting personal information on a children-directed platform.

The amended COPPA Rule makes several other key changes to the original COPPA Rule, including:

An expanded definition of personal information to include geo-location information, a child’s photo or audio or video file, screen or user names, and persistent identifiers, such as information held in a cookie, an IP address, a mobile device [...]

Continue Reading

« Newer Posts

BLOG EDITORS

Amanda Enyeart

Marshall E. Jackson, Jr.

BLOG EDITORS

STAY CONNECTED

TOPICS

ARCHIVES

RECENT POSTS