天美影视传媒

Alabama Data Breach Protection Act of 2018, and the European Union's Global Data Protection Regulation (GDPR)

In May 2018, the University鈥檚 Data Protection Committee distributed a survey to campus and USA Health departments inquiring as to their collection and use of personal identifying information (PII). We received over 200 responses, which were greatly appreciated. In conjunction with this survey, the Committee reviewed the Alabama Data Breach Notification Act of 2018, in effect beginning June 1,2018, and the European Union鈥檚 General Data Protection Regulation 鈥 GDPR, in effect beginning May 25, 2018. 

We have determined the GDPR primarily only impacts the academic and administrative functions of the University, with limited applicability to USA Health. Steps are being taken to meet those requirements.

The University and USA Health鈥檚 existing processes for identifying, investigating and resolving patient and/or student privacy breaches are consistent with the requirements set forth by the Alabama Data Breach Notification Act.

, which defines what is considered 鈥渟ensitive PII鈥 under the law.

The Committee has identified additional steps that must be taken to strengthen our PII protection safeguards, including:

  1. In addition to our current focus on data breaches affecting patients and students, we must expand our scope to include potential breaches of sensitive PII of USA employees, contractors, vendors, visitors, agents, representatives, donors, etc.
  2. review current levels of access to personal information by employees and determine where we can apply the 鈥渕inimum necessary鈥 concept,
  3. compare our retention of  personal data to our data retention policy requirements to determine where we may be retaining personal data longer than necessary,
  4. review our contracts with 3rd parties to assure language is present making it clear to our business associates of their equal regulatory responsibilities, and
  5. implement and maintain reasonable security measures to protect sensitive PII against a breach.

For further information on these topics, please contact Chris Hansen, Chief Compliance Officer, at chansen@southalabama.edu, or (251) 460-7115.