Legislative and Regulatory Update. Diane Bowers, CASRO President CASRO Data Collection Conference November 19, 2009

Similar documents
Analysis of Privacy and Data Protection Laws and Directives Around the World

Pan-Canadian Trust Framework Overview

Privacy Policy SOP-031

Privacy Procedure SOP-031. Version: 04.01

A Guide for Structuring and Implementing PIAs

Data Anonymization Related Laws in the US and the EU. CS and Law Project Presentation Jaspal Singh

Privacy Values and Privacy by Design Annie I. Antón

Protection of Privacy Policy

Innovation and Technology Law Curriculum

FUNDING DUE DILIGENCE WHAT YOUR INVESTORS NEED YOU TO KNOW ABOUT COMPLIANCE. May 26, 2010

Global Trade and Personal Data Flows Are the Rules of Engagement Incompatible with Privacy?

Whatever Happened to the. Fair Information Practices?

Global citizenship at HP. Corporate accountability and governance. Overarching message

Nymity Demonstrating Compliance Manual: A Structured Approach to Privacy Management Accountability

Licensing Procedure for Wireless Broadband Services (WBS) in the Frequency Band MHz

Operational Objectives Outcomes Indicators

First Components Ltd, Savigny Oddie Ltd, & Datum Engineering Ltd. is pleased to provide the following

Artificial Intelligence, Business, and the Law

COMMISSION RECOMMENDATION. of on access to and preservation of scientific information. {SWD(2012) 221 final} {SWD(2012) 222 final}

Standards and privacy engineering ISO, OASIS, PRIPARE and Other Important Developments

Malcolm Crompton. Future trends in consumer credit and privacy. Cockle Bay Wharf Sydney

EXPLORATION DEVELOPMENT OPERATION CLOSURE

Ten Principles for a Revised US Privacy Framework

Our position. ICDPPC declaration on ethics and data protection in artificial intelligence

Privacy by Design with or without information security? Kirsten Bock CPDP

SMA Europe Code of Practice on Relationships with the Pharmaceutical Industry

ITAC RESPONSE: Modernizing Consent and Privacy in PIPEDA

Session 1, Part 2: Emerging issues in e-commerce Australian experiences of privacy and consumer protection regulation

Illinois Board of Examiners (ILBOE) Meeting Board Minutes-October 1, :00 AM 1120 E Diehl Road, Room 165 Naperville, IL 60563

Bloomberg BNA Professional Learning Legal Course Catalog OnDemand Programs

March 27, The Information Technology Industry Council (ITI) appreciates this opportunity

LAW ON TECHNOLOGY TRANSFER 1998

GDPR Awareness. Kevin Styles. Certified Information Privacy Professional - Europe Member of International Association of Privacy professionals

ITI Comment Submission to USTR Negotiating Objectives for a U.S.-Japan Trade Agreement

Toronto Real Estate Board Submission to Office of the Privacy Commissioner of Canada. July 2016

Student Data Privacy Consortium (SDPC) Privacy Contract Framework Getting Started Toolkit Track 1

Responsible Data Use Policy Framework

GUITAR PRO SOFTWARE END-USER LICENSE AGREEMENT (EULA)

[Definitions of terms that are underlined are found at the end of this document.]

Ocean Energy Europe Privacy Policy

THE LABORATORY ANIMAL BREEDERS ASSOCIATION OF GREAT BRITAIN

British Columbia s Environmental Assessment Process

This policy sets out how Legacy Foresight and its Associates will seek to ensure compliance with the legislation.

About the Office of the Australian Information Commissioner

EU regulatory system for robots

Should privacy impact assessments be mandatory? David Wright Trilateral Research & Consulting 17 Sept 2009

Scotian Basin Exploration Drilling Project: Timeline

Radiocommunication Facility Review Protocol

Checklist. Please read Circular No (CR) before completing the checklist.

The Information Commissioner s response to the Draft AI Ethics Guidelines of the High-Level Expert Group on Artificial Intelligence

COMMUNICATIONS POLICY

RECOMMENDATIONS. COMMISSION RECOMMENDATION (EU) 2018/790 of 25 April 2018 on access to and preservation of scientific information

Personal. Identity. Information

Ethical and social aspects of management information systems

Danielle Vanderzanden

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Privacy framework

This Privacy Policy describes the types of personal information SF Express Co., Ltd. and

GAMING POLICY FRAMEWORK

Kryptonite Authorized Reseller Program

Building TRUST Literally & Practically. Philippe Desmeth World Federation for Culture Collections

RESEARCH DATA MANAGEMENT PROCEDURES 2015

Robert Bond Partner, Commercial/IP/IT

Primary IVF Conditions for Registration For Assisted Reproductive Treatment Providers under the Assisted Reproductive Treatment Act 2008

Fiscal 2007 Environmental Technology Verification Pilot Program Implementation Guidelines

Batya F. Forsyth Partner

EDUCATION. Our Clients

IAB Europe Guidance THE DEFINITION OF PERSONAL DATA. IAB Europe GDPR Implementation Working Group WHITE PAPER

Ethics Guideline for the Intelligent Information Society

What We Heard Report Inspection Modernization: The Case for Change Consultation from June 1 to July 31, 2012

What does the revision of the OECD Privacy Guidelines mean for businesses?

Risky Business: New Compliance Challenges for FDA-Regulated Industry

The 2020 Census A New Design for the 21 st Century

Applications of Professional Skepticism. CPA Ibrahim Muhumed. 8 th March 2018

Healthcare Privacy Regulatory Compliance in the U.S. Market Survey Report Nearly One Year after ARRA HITECH

LESSONS LEARNED. Mr. Gianfranco Scipione, M.Sc., J.D./M.B.A. Manager, Research Integrity UHN Research

Towards a Magna Carta for Data

ITU/ITSO Workshop on Satellite Communications, AFRALTI, Nairobi Kenya, 17-21, July, Policy and Regulatory Guidelines for Satellite Services

Privacy Management in Global Organisations

CDT Annual Dinner. Center for Democracy and Technology, Washington. 10 March 2015

RBI Working Group report on FinTech: Key themes

The Canadian Navigable Waters Act

How did it come about? What was the motivation to actually put GDPR itself... for that to be the vehicle to do that?

Privacy-Preserving Learning Analytics

Standard VAR Voltage and Reactive Control

Violent Intent Modeling System

Comments of the ELECTRONIC PRIVACY INFORMATION CENTER EUROPEAN DATA PROTECTION BOARD

Thomson Reuters Legal

Standards in. International Trade & Nuclear Safety. The Role of IAEA

IPRs and Public Health: Lessons Learned Current Challenges The Way Forward

European Charter for Access to Research Infrastructures - DRAFT

Human Biological Material Collection, Storage and Use

Brief to the. Senate Standing Committee on Social Affairs, Science and Technology. Dr. Eliot A. Phillipson President and CEO

APIs global business developments

Comments from CEN CENELEC on COM(2010) 245 of 19 May 2010 on "A Digital Agenda for Europe"

Standard VAR-002-2b(X) Generator Operation for Maintaining Network Voltage Schedules. 45-day Formal Comment Period with Initial Ballot June July 2014

Medical Education Activities

Data Protection and Privacy in a M2M world. Yiannis Theodorou, Regulatory Policy Manager GSMA Latam Plenary Peru, November 2013

BioTrade and the Implementation of the Nagoya Protocol

Standard VAR-002-2b(X) Generator Operation for Maintaining Network Voltage Schedules

Medical Technology Association of NZ. Proposed European Union/New Zealand Free Trade Agreement. Submission to Ministry of Foreign Affairs & Trade

Transcription:

Legislative and Regulatory Update Diane Bowers, CASRO President CASRO Data Collection Conference November 19, 2009

2009 Pharma market research state and Federal Massachusetts Vermont Minnesota Proposed Federal Sunshine Act incorporated into Health Care reform bills HITECH Act (revision of privacy and security requirements under HIPAA) HHS Rule (effective 9/23/09; enforced 2/22/10) Applies to HIPAA-covered entities and their Business Associates FTC Rule (effective 9/17/09; enforced 2/16/10) Applies to those vendors of Personal Health Records and third-parties that are not covered by HIPAA

HHS Rule 2009 Expands requirements re disclosure and reporting of security breaches of protected health information Applicable to both covered entities and Business Associates Recommendation: Business Associate agreements must be modified (CASRO 3P) FTC Rule Establishes requirements re disclosure and reporting of security breaches of personal health records (PHR) by nonprofit organizations and their third parties that collect, sell, or use PHR Recommendation: Non-profit PHR vendors and third parties must establish policies/procedures to ensure compliance

FTC Sears Settlement 2009 Inadequate disclosure of software program that tracked and collected information on consumers online browsing and transactions Digital Fingerprinting Technology DF deploys an algorithm that analyzes a large number of technical characteristics and settings to generate a unique identifier that can identify a specific computer (a Machine ID or Device Id) Has emerged as an effective solution to address duplication and fraud, and to improve quality control Algorithm components not PII (exception may be IP address in Europe) Canada working to ensure that research use of DF does not violate Canadian privacy law

Digital Fingerprinting CASRO Position and Guideline DF is an effective quality control that maintains the integrity of web based research. Like any other computing technology, DF must be employed responsibly and transparently consistent with personal and data privacy laws and in accordance with ethical and professional standards. The use of DF pursuant to standards and guidelines that appropriately protect respondent privacy rights is an ethical practice Such use of DF is consistent with US privacy and data protection laws Gather more data, research, etc. to determine whether the use of DF complies with the privacy regulations in other jurisdictions

Digital Fingerprinting Establish practices that protect respondents, practitioners, clients, and the industry Conspicuously address in privacy policy (also consider notification at survey start or other points where Machine ID is generated) Include privacy framework requirements in research agreements, MSAs, subcontractor agreements, etc. Store only essential information for only as long as necessary Privacy training for staff, including how data can be used, shared and who can access. Revise Code of Standards as appropriate

2010 Legislative/Regulatory Issues Health Care and pharma Computing technologies Data and personal privacy Mobile communications US Safe Harbor re EU data protection

Challenges Maintaining Self-Regulation Questions about research quality Declining response rates; Online and panel research Research use of new technology Internet, mobile communications, networking Differences in national and international privacy laws Differences in research practices and protocols Across research sectors: academic, government, businesses Across national boundaries: US, EU, rest of globe More demand for proof of professionalism and quality

Maintaining Self-Regulation Solutions Establishment of quality measures and credentials Online panel research guidelines and metrics ISO process standard for market, opinion, and social research (20252) certification ISO process standard for access panels (26362) certification Enforcement of mandatory Codes Assurance of US Safe Harbor compliance with EU data and personal privacy directive Focus on research integrity Review, reassess research principles Differentiation from marketing, sales, advertising More collaboration among research associations and research sectors

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback