Managing risk is an integral part of conducting day-to-day business operations. When business leaders seek legal support, the in-house team should resist the temptation to reflexively say “no” when a course of action appears, at first glance, to pose significant risk. On the flip side, they also should avoid being a “yes-man/woman” to the C-suite. Instead, internal counsel can add significant value by looking beyond legal risk alone to identify, evaluate and manage the company’s total risk profile in a way that helps management achieve legitimate business objectives.

On May 24, 2019, the Office of Civil Rights (OCR) – the arm of the Department of Health and Human Services that enforces the Health Insurance Portability and Accountability Act (HIPAA) – issued a new fact sheet clarifying the specific instances in which a business associate can be found directly liable for violations of the HIPAA Privacy, Security, Breach Notification and Enforcement Rules (“HIPAA Rules”). As you may know, prior to the promulgation of the 2013 HIPAA Final Rule, liability of business associates could arise only under the terms of a business associate agreement.

U.S. State Department now requiring visa applicants to disclose social media information

Outside GC's Lakshmi Sarma Ramani regularly advises nonprofit organizations on a wide range of legal and business issues. In her latest ACC Docket article, Ramani reminds nonprofits to be mindful of their anticorruption responsibilities in the U.S and abroad, including those arising under the U.S. Foreign Corrupt Practices Act (FCPA).  

Despite the global angst preceding the GDRP’s effective date, there’s been seemingly little news about enforcement efforts against noncompliant businesses. But, the reality is that EU regulators have been very busy working behind the scenes. As of February, 2019, nearly 100,000 claims under the GDPR have been lodged with EU national data protection authorities (“DPAs”), many relating to telemarketing and promotional e-mails. Similarly, just over 40,000 data breaches were reported to the DPAs; and 255 investigations into EU cross-border processing activities were initiated, mostly as a result of complaints filed by individuals.

The EU’s sweeping data privacy law – GDPR (General Data Protection Regulation) – will celebrate its one year anniversary later this month. In this time, the GDPR is credited with, among other things, inspiring other jurisdictions, including the United States, to adopt similar legislation designed to protect the rights of individuals over their personal data and increase the transparency of data collection and processing activities.

In her latest ACC Docket article, Outside GC attorney Lakshmi Sarma Ramani reviews U.S. state fundraising regulations which apply to nonprofit organizations and their corporate partners.

The commercial real estate needs of life sciences companies (pharma, biotech, medical device) are both varied and complex. While start-ups tend to seek small generic lab space, more established enterprises typically require large build-to-suit spaces in which to house their state-of-the-art production facilities. Similarly diverse are life sciences landlords, who range in size from large REITs to real estate developers and even smaller building owners looking to convert their buildings into lab space in the low vacancy rate areas where such tenants tend to cluster.