Cross-Border Data Privacy & Cyber Breaches: False Claims Act (FCA) Liability, Cyber Breach Security and China’s New PIPL Measures-and the Interplay with Anti-Corruption
Gina Nese
Vice President, Associate General Counsel Compliance and Privacy Officer
Align Technology
Marcus A. Asner
Partner
Arnold & Porter
Ericka Watson
Founder
Data Strategy Advisors
With the vast amounts of data stored on servers and in the cloud, and the ever-increasing sophistication of threat actors, life science organizations must contend with a complex multinational regime of data protection laws. The sheer number of them — and the differences in definitions, standards and exceptions between them — presents a challenge for an organization when a data breach occurs.
- Complying with the GDPR’s breach notification obligations
- US: Navigating a handful of federal laws, including breach notification provisions
- UK Data Protection Act
- Brazil’s data protection regime (LGPD)
- Navigating China’s 2023 update of its Personal Information Protection Law (PIPL)
- DOJ’s Civil Cyber Fraud Initiative: Using the FCA to enforce cyber requirements
- Cyber breach security and prevention, particularly for medical device companies:
- Reviewing remote access protocols
- Segmenting data into different networks
- Understanding ransomware demands and reporting