In recent years research data protection and compliance in healthcare market research has become more important than ever, and 2022 is no different. Here’s a roundup of the latest updates and changes in our industry, and what the implications are going forward.
- CCPA to CPRA
- New ICO Commissioner
- Standard Contractual Clauses (SCCs)
- Hybrid working and more use of tech
In January 2020, California brought in their updated data privacy law, California Consumer Privacy Act (CCPA). January 2022 saw an addendum to this law introduced, known as the California Privacy Rights Act (CPRA) however it does not take affect for businesses until Jan 2023. The CPRA builds on the CCPA, introducing some new ‘rights’ for Consumers and updating the scope of what businesses need to comply with the new law.
The UK’s Information Commissioners Office (ICO) has appointed a new Commissioner, John Edwards who succeeds Elizabeth Denham. John spent the past eight years as New Zealand Privacy Commissioner, and before that worked as a barrister. John Edwards’ appointment comes at the start of a busy year for information rights in the UK. The ICO will be actively engaging with the government over the proposed reforms to the Data Protection Act and introduction of the Online Safety Bill, as well as strengthening links with other digital regulators.
During 2021 the EU introduced new SCCs for safeguarding personal data from the EU to a ‘third country’. These new SCCs are modular and can be used by both Controllers and Processors. The UK are currently working on their own version of the SCCs and an addendum to the EU version for use by data exporters in the UK.
With the continuation of COVID-19, many businesses have staff working from home or using a hybrid model for office and home working. A recent report predicted that 47% of workers will work remotely in 2022, compared to 27% pre-pandemic. The rise in hybrid working has intensified the cyber security concerns faced by organisations, as there are new demands to manage more data with more endpoint devices residing in different locations. In addition, the shift to hybrid working is also driving up the volume of conversations over text, phone, video, social platforms, or chat, with workers using a variety of different tools to communicate among themselves. However, what is driven by convenience for workers, may mean some data management complexities for companies with more tech solutions being used and a unified approach needed to ensure personal data is kept secure and limited to transfers using approved platforms.
If you have any questions about data protection or compliance, please get in touch.