Yes. All privacy control frameworks require that at least one person is designated as a Privacy and Security Officer within your organization. This individual is accountable for compliance with privacy law and for executing your organization’s privacy management program. This individual should be an officer of the company with the authority to ensure your business takes the necessary actions to fulfill your organization’s privacy management program. 

Our team has privacy and security expertise in multiple countries and jurisdictions. We can help your business comply with privacy laws in North America (Canada, the United States, and Mexico), Europe (including the UK), Australia, New Zealand, China, and Japan.

CPRA applies to data sharing, rather than selling, making it more broadly applicable to businesses. Businesses who bought, sold, or shared for commercial purposes the personal information of 50,000 or more consumers, households, or devices must comply with CPRA.

PHIPA applies to health information custodians who are involved in the delivery of healthcare services as well as the agents, electronic service providers, and health information network providers who may provide services, manage data, or act on behalf of custodians.

No. Your cloud service provider can help you meet many of the physical and technical requirements of the HIPAA Security Rule, such as secure data centers and networks. However, your business is ultimately responsible for your HIPAA compliance. Your business is responsible for administrative safeguards mandated by HIPAA, such as policies and procedures, risk management, monitoring and audit, and for application security, such as access control. Your cloud service provider gives little or no support for the requirements outlined in the HIPAA Privacy Rules through the BAA. 

We can help ensure your business is HIPAA compliant. Get a free privacy assessment to find out if your business is HIPAA compliant.

HIPAA applies to healthcare providers, health plans, and healthcare clearinghouses for organizations that transmit healthcare data electronically. 

HIPAA stands for the Health Insurance Portability and Accountability Act. Passed in 1996, HIPAA was designed to modernize the US health insurance industry by promoting the use of information technology in healthcare. HIPAA was augmented in 2009 by the Health Information Technology for Economic and Clinical Health (HITECH) Act that further promoted the adoption and meaningful use of health information technology.

US lawmakers recognized that concerns about privacy and security would be significant barriers to the adoption of technology in the health sector. In response, they enacted Privacy and Security Rules as part of HIPAA’s Administrative Simplification Regulations. Under HITECH, the Privacy and Security Rules were strengthened and two new rules, Breach Notification and Enforcement were added.

The GDPR applies to any organization that targets or collects data related to people in the EU. The GDPR applies to both organizations within the EU and organizations located outside of the EU who process or collect personal data related to people who reside in the EU (regardless of the company’s location).

The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The regulation was put into effect on May 25, 2018. The GDPR will levy harsh fines against those who violate its privacy and security standards, with penalties reaching into the tens of millions of euros.

With the GDPR, Europe is signaling its firm stance on data privacy and security at a time when more people are entrusting their personal data with cloud services and breaches are a daily occurrence. The regulation itself is large, far-reaching, and fairly light on specifics, making GDPR compliance a daunting prospect, particularly for small and medium-sized enterprises (SMEs).

There are more than 30 different pieces of privacy legislation in effect across Canada covering the public, private, and health sectors.