Cross-Border Data Privacy & Cyber Breaches: False Claims Act (FCA) Liability, Cyber Breach Security and China’s New PIPL Measures-and the Interplay with Anti-Corruption

May 10, 2024 10:45am

Gina Nese
Vice President, Associate General Counsel Compliance and Privacy Officer
Align Technology

Marcus A. Asner
Arnold & Porter

With the vast amounts of data stored on servers and in the cloud, and the ever-increasing sophistication of threat actors, life science organizations must contend with a complex multinational regime of data protection laws. The sheer number of them — and the differences in definitions, standards and exceptions between them — presents a challenge for an organization when a data breach occurs.

  • Complying with the GDPR’s breach notification obligations
  • US: Navigating a handful of federal laws, including breach notification provisions
  • UK Data Protection Act
  • Brazil’s data protection regime (LGPD)
  • Navigating China’s 2023 update of its Personal Information Protection Law (PIPL)
  • DOJ’s Civil Cyber Fraud Initiative: Using the FCA to enforce cyber requirements
  • Cyber breach security and prevention, particularly for medical device companies:
    • Reviewing remote access protocols
    • Segmenting data into different networks
    • Understanding ransomware demands and reporting