Samples, Tools and Templates    Healthcare/Pharma

Opt-In Laws in the U.S. and EU

This webpage from L-Soft includes a table that aims to give an overview of the basic e-mail requirements in the United States and Europe and checklists of legal requirements and best practices for e-mail.

Mobile Privacy Disclosures: Building Trust Through Transparency

Based on the FTC’s prior work in mobile privacy, panel discussions and written submissions, this report offers suggestions for the major participants in the mobile ecosystem as they work to improve mobile privacy disclosures.

Joint Guidance on the Application of FERPA and HIPAA to Student Health Records

The purpose of this guidance from the DOE and HHS is to explain the relationship between FERPA and the HIPAA Privacy Rule, and to address apparent confusion on the part of school administrators, health care professionals, and others as to how these two laws apply to records maintained on students.

Deleting Personal Data

This guidance from the UK Information Commissioner’s Office explains what organizations need to do to make sure they comply with the Data Protection Act when they archive or delete personal data.

Organizational Privacy Poll

A poll conducted on the IAPP Privacy List asked list subscribers where the data privacy office lies in their organizations and who owns the internal privacy policy within their organizations. This table represents the reponses to those questions.

Data Protection Regulatory Action Policy

This policy from the UK Information Commissioner’s Office outlines what the office will consider when deciding whether to initiate regulatory action. (August 2013)

Approved Binding Corporate Rules

Links to some of the approved Binding Corporate Rules, as published by Mehmet Munur, CIPP/US, of Tsibouris & Associates.

Law Enforcement & National Security Access to Medical Records

This Center for Democracy & Technology Policy Post explains how government access to identifiable health information is addressed by the PATRIOT Act, the HIPAA Privacy Rule, as well as the statutes and regulations protecting the confidentiality of patient information that is held by federally funded substance abuse treatment facilities and programs.

Data Protection Laws of the World

DLA Piper produced this handbook that sets out an overview of the applicable privacy and data protection laws and regulations across 63 different jurisdictions. (March 2013)

Social Networking and Online Forums–When Does the DPA Apply?

This is part of a series of guidance from the UK Information Commissioner’s Office that explains what organizations, and individuals who process personal data for purposes such as running a business, need to consider when they run, contribute to or download personal data from online forums such as social networking sites, message boards or blogs.

HIPAA Audit Toolkit

Davis Wright Tremaine is pleased to offer IAPP members complementary access to a section of its comprehensive HIPAA Audit Toolkit. This section assists healthcare providers with ensuring that they are providing individuals with access to their protected health information in compliance with HIPAA. This section is taken from the privacy assessment tool, one of several tools within the toolkit, which assists healthcare providers with ensuring that they maintain appropriate policies and procedures, training and documentation in compliance with the Standards for Privacy of Individually Identifiable Health Information.

U.S. State Data Disposal Laws

The National Conference of State Legislatures has posted a list of states that have enacted laws that require entities to destroy, dispose, or otherwise make personal information unreadable or undecipherable.

Security and Privacy Controls for Federal Information Systems and Organizations

Revision 4 of the NIST guidelines released in April of 2013. This publication provides a catalog of security and privacy controls for federal information systems and organizations and a process for selecting controls to protect organizational operations, organizational assets, individuals, other organizations and the nation from a diverse set of threats. The security and privacy controls are customizable and implemented as part of an organization-wide process that manages information security and privacy risk.

U.S. State Identity Theft Statutes

This chart from the National Conference of State Legistaltures summarizes the identity theft criminal penalties, restitution and identity theft passport laws.

ICO Cloud Computing Guidance

This guidance from the UK Information Commissioner’s Office offers a set of questions and approaches an organisation should consider, in conjunction with a prospective cloud provider, in order to ensure that the processing of personal data done in the cloud complies with the Data Protection Act.

Page 4 of 11 pages ‹ First  < 2 3 4 5 6 >  Last ›