Blog

Rights Protecting, an industry watchdog, is considering filing a complaint against Real World Bank, with the bank’s federal regulatory agency, for failing to store personal financial information in a secure manner. Under which of the following regulations might the regulatory agency be able to pursue legal action for this issue? 

You are reviewing the privacy policy of Prime Health Equipment, a medical equipment sales company. Prime Health Equipment wants to ensure they are not handling any PHI in their business arrangements with hospitals to avoid being classified as a covered business associate under HIPAA. You find an issue when reviewing Prime Health Equipment’s error-reporting protocols in the current policy. To address this issue, you recommend Prime Health Equipment ensure the crash diagnostic data:

Yvonne répond:

Wuhao Wuzhou, a federal law enforcement officer, was the victim of identity theft. Wuhao believes his ex-girlfriend Leslie Lex, an accountant, committed the crime using her laptop. Wuhao still had a key to Leslie’s house which he used to retrieve this potential evidence. Wuhao then took Leslie’s laptop to the local police station. Finding that this evidence was gathered in violation of the Fourth Amendment, the judge did not permit the laptop to be used as evidence in the criminal trial against Leslie for identity theft. This principle is known as:

Knowledge Plus, a university that opened in 2020, wants to make sure that people at the university have ready access to healthcare. Knowledge Plus has plans to open a healthcare clinic that can be used by both students and faculty. The President of Knowledge Plus asks you, as the privacy officer, what privacy requirements the healthcare clinic likely should follow:

World2U.com, a world-wide social media company, is based in San Francisco, California. World2U.com had worldwide revenues of $100 billion in 2024. After numerous meetings of top officials, World2U.com decides that the company should focus on the individual privacy rights of its users. Despite this decision, the CEO determines that data portability is not feasible for the company. What maximum fines could World2U.com face under the GDPR?

Chatter, a social media tech company based in Silicon Valley in the U.S., receives thousands of law enforcement requests each year for its customers communication data. This electronic data is requested to be used as evidence in criminal prosecutions outside the U.S. Under what circumstances can Chatter release the electronic data?

Finances for Graduates is a start-up financial services company focused on helping recent college graduates with financial needs by providing banking services, mortgage products, and investment planning. As a start-up, Finances for Graduates encourages its customer service representatives to use generative artificial intelligence (genAI) tools available online. According to the internal policies of Finances for Graduates, customers’ personal information is not to be used in interactions with these genAI tools. Finances for Graduates, however, does not train employees on these policies. Over a six-month timeframe, numerous customer service representatives inadvertently input client financial information into these genAI tools, which the genAI tools then store in an unsecured manner. As a result of this data breach, attackers have been able to access sensitive client information. Wanting to comply with legal requirements related to this breach, the management of Finances for Graduates immediately instructs its compliance team to adhere to the requirements of the various state data breach notification laws. What additional concerns are raised by the compliance team regarding the GLBA and the state comprehensive privacy laws?

Damir Datsyuk was diagnosed with cancer after taking Tummy Relief, a heartburn medication. Prior to the cancer diagnosis, Damir tested positive for Hepatitis C. Damir hired an attorney to sue the manufacturer of Tummy Relief. Because Damir did not want the Hepatitis C diagnosis to be discussed in public, his attorney obtained a qualified protective order from the court.  How does the qualified protective order affect the protected health information in the lawsuit?

High IQ, a start-up company that uses artificial intelligence to help businesses to gain a competitive edge, hopes to expand its market into Europe. High IQ’s attorney worries that the company will have difficulties complying with certain provisions of the GDPR. The problematic provisions include: