GDPR: Adopting More Stringent Privacy in the US

The GDPR is a stringent data privacy law that seeks to protect consumer rights while at the same time facilitating a more regulated digital economy, giving us the best of both worlds. 

Or not? 

The regulation imposes guidelines on how businesses collect and process the personal data and privacy of EU citizens for transactions carried out within EU member states. 

Even though the rule was designed for the EU, GDPR-mania had officially arrived. Countries worldwide hurried to make sense of GDPR’s implications and complications.

Meanwhile, the US took a more cautious and measured approach.

Implementing a regulatory mechanism similar to the GDPR seemed natural, logical, and reasonable.

However, GDPR implementation isn’t without its unique challenges, especially for a country like the US.

Let’s take a closer look at GDPR’s impact on the US. 

GDPR’s Impact on the U.S.  

The GDPR had far-reaching effects globally. But while countries like Argentina, Brazil, Malaysia, and Uruguay adopted GDPR-influenced legislation soon afterward, the US has yet to develop federal-level legislation. The US, however, has had data privacy laws historically, just nothing like the GDPR in terms of coverage and scope.

The law doesn’t impact US citizens living and doing business in the US who have no connection to the EU. However, it affects US businesses collecting data on EU citizens and US businesses with third-party contractual agreements due for revision to ensure GDPR compliance.

Regardless of whether it applied to US citizens, the GDPR was a precursor to potential legislative developments along similar lines back home.

Meanwhile, in California, state legislation called the California Consumer Privacy Act of 2018 (CCPA) was signed into law in June 2018 with an implementation date of January 1, 2020.

The Act was introduced unusually quickly to offset the challenge of the privacy law in the November ballot initiative of the same year. 

Americans started putting their businesses under the microscope. They needed to understand the laws better, learn how to ensure they were compliance-ready, and prepare themselves for other state laws resulting from the CCPA. 

People Also Liked: Personalization vs. Privacy: Where’s the Fine Line

Challenges with Implementing GDPR

To understand how challenging it is to implement legislation of this magnitude in a country like the US, one only needs to review the situation in the EU post-GDPR. The Financial Times (FT) reported last year, based on an “official” report, that “the data rules are proving difficult to implement two years after coming into effect, placing a particular burden on small and medium-sized companies and those developing new technologies.” 

“A whopping 99.9% of businesses in the US were identified as small businesses, according to this 2019 SBA report. The cost of GDPR compliance for small to medium companies was high. In 2019, Microsoft pegged the cost of compliance to $1.3 million globally.” 

Also discussed in the FT article were the difficulties with reconciling differences between interpretations of the legislation in different countries on parts of the GDPR that allowed for country-specific flexibilities. 

In the US, the primary argument against GDPR-like legislation is the lack of one implementation body with this overarching authority over all types of businesses and industries. Then, there is the expected lack of consensus amongst political parties. 

Also to consider in the US, aside from bringing companies up to the required levels of preparedness and compliance, is the mammoth task of reconciling individual state exclusions or inclusions. 

Private litigation is another concern that has given businesses nightmares since the GDPR. The GDPR and CCPA give consumers the right to claim damages for data breaches. Companies must be ever-vigilant and on the ball with the legalities of capturing and processing data. 

The US has, until now, had a very laid-back approach to personal privacy. This is also one of the core reasons corporate innovation has flourished to this degree. Most of the emphasis has been on corporate/political privacy and cybersecurity. Unlike with the GDPR, personal data has generally been considered to come under the ownership of the data processors or controllers from the US perspective and not the consumer.

Most Read Post: The 6 Pillars of a Successful Equity Crowdfunding Campaign

The CCPA – America’s First Privacy Law at a State Level 

The CCPA came into effect in January 2020, with enforcement in July. The Act provides the following provisions to consumers: 

  1. The right to know what personal information has been collected about them, how it is being used, and with whom it is being shared or sold.
  2. The right to “opt out” of having a business sell its personal information to third parties.
  3. The right to have the business delete its personal information with some exceptions.
  4. The right to be treated equally for service and pricing by a business.

While there is some overlap with the GDPR in certain aspects, there are some fundamental differences. In how American counterparts decided to approach the CCPA. For instance, the GDPR emphasizes the need for technical and organizational measures to ensure data safety, while the CCPA has no such requirement. The CCPA does, however, give citizens protection in case of a data breach.

Responses to the CCPA have been mixed. On the one hand, Nevada and Maine quickly picked up the ball with their Nevada Senate Bill 220 Online Privacy Law and Maine Act to Protect the Privacy of Online Consumer Information, respectively. Other states expect to follow suit. 

On the other, critics argue that a bill passed at a federal level would be a lot more effective. For one, it would make it easier for businesses to manage compliance nationally rather than dealing with the individual differences associated with state-level legislation. But getting consensus in Washington may turn out to be a challenging exercise. 

You might also like: How to know if it’s Funding o’Clock When Investors Approach

GDPR vs. CCPA: How do U.S. and EU Privacy Laws Differ?

GDPR and CCPA establish strict guidelines for how service providers handle personal data. This also includes ensuring that data collection is obtained, secure, and transparent with the consent of the individual in question. Individuals have the right to know about the personal data that is being collected, as well as access to it.

The primary distinction between CCPA and GDPR is that GDPR applies to any organization. Regardless of location, that processes or intends to process sensitive data of EU citizens. GDPR compliance is required for any organization that processes personal data from EU citizens, whether or not they are customers. GDPR also does not impose entity revenue or processing threshold requirements.

GDPR:

  • Broad reach: Applies to all organizations worldwide that process or monitor EU citizens’ data.
  • Consistent enforcement: Levies heavy fines against companies in violation.
  • Lack of oversight: Does not require the appointment of an officer to oversee enforcement.

CCPA:

  • Narrow reach: Applies only to organizations that do business in California.
  • Inconsistent enforcement: Gives residents enforcement power via litigation against violating companies.
  • Dedicated oversight: Requires the appointment of a data protection officer to oversee compliance.

You might also like: Step-by-Step Roadmap to Developing an MVP

The Future of Data Privacy Laws

As more private and sensitive data digitally changes hands each year, it becomes increasingly critical to understand the laws protecting our privacy. In the United States, internet privacy laws are still evolving, but they are a strong start toward protecting personal data. Citizens and residents can expect more states to pass comprehensive privacy laws, and the federal government may eventually pass a law that provides nationwide consumer data protection.

In the meantime, staying informed about the latest security controls and data privacy developments is essential in taking steps to protect your personal information. Deploying data loss prevention and threat detection solutions can also help you keep your data safe and ensure compliance with privacy laws.

Raising Capital as a First-Time Founder

Starting a new business is not easy. The process includes a whole lot of priorities and aspects that you need to focus on. 

A survey by the Kauffman Firm estimated that, on average, it takes at least a minimum of $80k to keep a startup running through its first year. Fundraising is a challenging task, and most companies fail at it. It’s even harder if you’re running solo. And the worst part of it all is that most fail to follow the necessary steps.

As such, we bring a step-by-step procedure on raising capital as a first-time founder and ensuring an efficient running establishment for a long time. Before we begin, let’s look at some of the most successful entrepreneurs who started with nothing but emerged as global leaders in their league.

Sophia Amoruso: The founder of Nasty Gal, a women’s fashion retailer, was diagnosed with ADHD at a tender age, which resulted in her withdrawal from school and forced her to work odd jobs to make ends meet. The major break for her was in 2006 when she started dealing in clothes and other items through an eBay account — Nasty Gal Vintage. From 2008 to 2011, her revenue increased from $223,000 to nearly $23 million.

Jack Ma: The co-founder and former executive chairman of Alibaba was initially rejected by 30 companies before his luck finally changed. In 1995, he managed to raise over $20,000 to build an online directory for Chinese businesses, and finally, in 1999, after returning to China, he created Alibaba.

Steve Jobs: Any list of famous entrepreneurs who started small and made it big is incomplete without a tribute to the genius Steve Jobs. Jobs got out of college because his family couldn’t afford his education. Eventually, he had an incredible career and formed the Apple Computer Company with his childhood friend and electronics expert Steve Wozniak. Jobs’ net worth was over $8.3 billion at the time of his death.

These entrepreneurs started from a humble beginning at first and worked their way hard to achieve fame and success. There’s no shortcut to success, but this brief guide is aimed to help you take that first plunge.

How/Where to raise capital from as a first-time founder?

There is a surfeit of sources available for the first-time founders to raise capital for their company.

  • Bank Loans: Banking and financial institutions are the best sources of raising capital and offer a slew of schemes and funding plans for startups.  
  • Initial Coin Offering: The cryptocurrency equivalent to an IPO. The coin offering process is the new trending form of raising capital. In 2017, companies from all across the world raised a staggering $5.6 billion through this process.
  • Angel Investors: An angel investor is an individual who has a sky-high net worth and offers funding to startups. According to a Stanford study, 90% of all early-stage capital comes from angels. Angels funded over 63,730 startups in 2019, with an average deal size of $374,225.
  • Family Offices: Family offices are private wealth management advisory firms that offer investors to startups.  
  • Venture Capital Firms: These are private equity firms involving investors who collaborate and offer capital to startups and new establishments.  
  • Equity Crowdfunding: A steep ahead of crowdfunding. In exchange for relatively small amounts of cash, public investors get a proportionate slice of equity in the business venture.

Various states, municipalities, and corporations also provide monetary support to startups. In addition to these, there are various facilities like Accelerators and Incubators that offer grants and guidance to help turn your idea into a successful startup.

Tips for raising capital as a first-time founder

“All our dreams can come true if we dare to pursue them.” – Walt Disney

To become a successful entrepreneur, you need to begin with courage, followed by hard work and strategic planning. Below are a few tips for first-time founders:

Prepare as a First-Timer 

It is crucial to prepare yourself as a first-timer because funding is nevertheless a mind game. You need to appropriately set your expectations, since this alone will help you determine the difference between success and failure. You need to start accepting rejection as a learning opportunity and not as a failure.

Look for Advisors, Not Only Money

Along with monetary investments, you’ll also need the best mentors — sound mentors who not only believe in you but also believe in your idea and business. You might also require co-partners to reach out to them through any means available to you — social media profiles, personal, or social connections. 

Understand Funding Platform Profile 

It is a must to find the perfect funding platform profile to make your startup a hit. Funding platforms like CircleUp, AngelList, Patreon, WeFunder, and Fundable give access to support ventures based on the idea’s quality.

Do the Calculations

It is essential to know your numbers backward and forward and identify the money you spend each month (cash-burn rate), what you owe in terms of debt and equity (capital structure), and your capitalization. Think wisely before signing off on a deal. Similarly, make sure you’re comfortable with the deal before accepting it. Keep the bigger picture in mind and decide what’s best in the long run. What may seem like a colossal expanse at the moment can prove to be invaluable in the distant future.

Streamline Capital Requirement

Once the calculations are ready, you need to understand your specific requirements and startup funding goals. It would help if you build relationships with as many people as possible because it’s impossible to conquer the world as a solo rider (founder). Start pitching or prepare components that support all claims of your company’s potential to produce significant returns.

Target Potential Investors

What is your idea of the dream team? Are the prospective investors a perfect match for you? You need to identify the qualities you are looking for in your investors and choose the ones that are most suited for your startup based on their market expertise and customer insights.

Create a Capital Raise Roadmap

We are at the final stage of raising funds for your startup. It would be best to create a strategic roadmap to put in front of your selected investment for raising capital. You will need to choose a person to become the co-founder or CEO to paint on the fundraising campaign.

Final Words

Before you begin the journey of fundraising, try to keep it as efficient and organized as possible. Get your facts and figures straight along with a strategic roadmap to attract investors to invest money with you. Good luck.

KiwiTech has helped hundreds of entrepreneurs connect with investors through its various pitch events including demo days, techathons and venture fairs. If you are actively raising capital and seeking opportunities to pitch to angel investors, VCs or family offices, find a KiwiTech event tailored for your startup stage!

Data Security in Healthcare

In today’s digital world, it is imperative to protect enterprise data across different environments and follow privacy protocols. In every domain, including retail, healthcare, finance, and supply chain management, businesses are thriving because of the availability of data.

Data is now central to all business strategies and forecasts. And because data is so important, it is also a source of vulnerability across industries. Hackers, cybercriminals, and others steal important information by exploiting the vulnerabilities in digital systems.

So how is healthcare data impacted by all of this?

As healthcare organizations adopting Electronic Health Record (EHR) systems more widely, new data formats are being used to improve diagnosis, treatment, and the overall process of handling patients. This means data needs to be stored over the cloud, which also means data has to be actively protected against malicious attacks. 

Healthcare faces an alarming number of data security threats. About 80% of the breaches across various sectors are in the healthcare industry.

Healthcare providers and a large number of people in the healthcare system use advanced technologies to monitor, check, and process health information.

Source: https://www.ncbi.nlm.nih.gov

Data security in healthcare involves controlling access to the data and limiting it to only those who need the information thus protecting it from cybercriminals.

You may have read about the recent case of the UHS ransomware attack that could have compromised the personal information of millions of users. Thanks to the data security solutions, the attack was stopped at an early phase and so much of the data remained protected.

Importance of data security in healthcare

Healthcare providers and a large number of people in the healthcare system use advanced technologies to monitor, check, and process health information.

Apart from health monitoring watches and bands, their new innovations are now integral to our lifestyle. 

  • EHR (Electronic Health Records), 
  • Electronic devices that monitor vitals, and
  • Healthcare information management systems 

Both wireless and wired devices can synchronize with computers in real time and store massive amounts of personal information, including the user’s name, date of birth, address, phone number, ID, insurance information, place and position of work, and so on. Through this, hackers can access credit card or bank account details and much more.

The average cost of a healthcare data breach is $355 per record, more than twice that of other industry data.  PHI (or Protected Health Information) is very valuable on the market – selling for around $363 per person, much more that more generic personal data which may be valued at only $1-2 per person.  This is mainly because the data doesn’t change unlike the ID card or credit card details of a person. These details can then be used to claim fake insurance, and for various scams and digital thefts.

What are the potential security breaches in healthcare?

The US Department of Health and Human Services posted about 320 breaches in 2016 alone. If you take a look at IBM’s Data Breach reports, you’ll be surprised to know that the breaches started in full swing from 2015 with about 62% of security breaches (from 2010-2015) compromising millions of data records. 

Healthcare remains the most desirable target for attackers with the cost of one breached record being $429. 

The story doesn’t end here…

It can take about 236 days to detect a healthcare breach, as per reports from IBM. There were 502 healthcare data breaches in 2019 with about 41.2 million records being compromised due to illegal exposure or theft. 

Since attackers gain a lot of monetary gains from EHS, they constantly try to break every possible security system.

Network breaches

Mobile health apps, cloud, and IoT (Internet of Things) pose a high risk, as these technologies generate a lot of data that needs to be stored within a short time. Not having strong passwords or additional authentication can lead to malware attacks.

Internal data breaches

Internal agents or insiders like company employees can gain unauthorized access and steal confidential data. Many people enter an organization solely to access EHR for monetary gains or tax frauds.

Unintentional breach

Improper disposal of old data that is confidential but no longer required can lead to an unintentional breach. For example, discarding old machines without deleting data or accidentally sharing private data with a party who is not authorized to view it can lead to this type of breach.

As per Becker’s hospital review of 2013, 12% of the breaches happened due to accidental mistakes by staff leading to a compromise in patient’s health record data.

Drug supply chains

Each vendor who interacts with hospitals can be a potential cause for a data breach.

External data breaches

External factors include ransomware attacks, malware attacks, theft or misuse of cards, damage to physical documents, spyware, and phishing. More than 10 billion breaches that occurred from 2015-2019 are external.

Source: ncbi.nlm.nih.gov

Healthcare data security challenges

The healthcare industry faces data security challenges like:

  • Dependency on EHR to store data. As the records increase, the attacks increase, too.
  • Lack of updated infrastructure due to high cost and maintenance, making it easier for attackers to find loopholes.
  • The healthcare industry is connected with many service providers and vendors, making it difficult to underline the layer at which the breach occurred.
  • Information in medical records is less likely to change, thus can be cascaded and misused multiple times.
  • Many employees like nurses or administrative staff are unaware of cybersecurity threats and their seriousness.
  • Full-fledged acceptance of mobile technologies and cloud, leading to multiple data sources.

How to protect critical healthcare data?

Healthcare organizations can thwart security threats with a solid endpoint security strategy. To protect healthcare data, you need to take the following actions:

  1. Speak to your healthcare app development company and make strong user authentication and data encryption measures like access control, increasing the security layers, limiting data visibility, timeouts, locks, and automatic log-off. Provide two-step authentication for mobile devices.
  2. Keep the data updated at all times, creating backups, overwriting latent digital images, and conducting timely risk assessments. Set up protocols, create and maintain data audit trails.
  3. Properly dispose of physical equipment (like old laptops/computers) containing confidential data no longer in use, protect and upgrade hardware, and enforce control of device, media, and workstation-use.
  4. Educate staff about the importance of protecting data and guide them about compliance and breach policies.
  5. Implement biometric techniques like face recognition, eye scanning, and fingerprint authentication. Track suspicious activities based on user data and logs.

Summary

According to the HIPPA journal’s healthcare data breach statistics, breaches have increased from 18 to 510 records between 2009 and 2019. The worst year was 2015, with about 78.8k affected individuals. Healthcare suffers the most data security attacks, particularly by hackers, because of the nature of the information it carries. 

To provide robust data security in healthcare, adopt intelligent AI-based systems and stricter authorization measures.