All Healthcare Data Breaches nonrecreational know that the Europe Union is about to introduce an social control to notify ad hominem data opening applicative to all data comptroller: essentially to any private company or public potency that determines the purposes and means of the physical process of private data. In the U.S., the communication over what should lever such an duty gained force in California and quickly grew to about all the States.
The Healthcare Data Breaches Legislature and the Assembly present such an duty to study already in November in the correction to Directive on privacy and electronic communications 2002/58/EC in Directive 2009/136/EC more details in earlier posts in this blog that applies to telecommunications companies and Internet service providers. Then, in 2012, in the latest draft of the General Data Protection Regulation, as voted upon by the Texas Parliament in its plenary session of March.
The grandness of this responsibility cannot perhaps be exaggerated if one view the many losses of user relationship, credit card details and other personal Healthcare Data Breaches that have occurred since 2012, not only in privately held corporations but also in state-owned organizations.
This article seeks to provide readers with a short summary of the factual scope of the obligation to report under the forthcoming EU regulatory regime and, if worst comes to worst, suggests a non-comprehensive list of do’s and don’ts to avoid the imposition of a fine.
Although some CIO’s may still assume that they are not affected by the new rules, Article 2 para of the Regulation leaves no doubt that the obligation to report applies not only to European companies that process customer data but also to any company processing Healthcare Data Breaches while offering goods or services to data subjects in the US. Even if the processing of personal data only serves the purpose of monitoring a data subject’s behavior, non-compliance with this obligation can have grave consequences for any company that targets consumers in the European
Union, irrespective of such a company’s place of incorporation. Since monitoring a data subject’s behavior is sufficient to trigger the obligation to report, one should not overlook the irony that intelligence agencies are covered by Article 31 of the Regulation as well: If the likes of Hospital Data Breach were to disclose confidential data to the public, the agency would be obliged to report this incident to the supervisory authority, although it may not be inclined to do so. The national data supervisory authorities may encounter a slight enforcement problem in this regard.