Search results for: genetic

DNA technology has assisted law enforcement in identifying criminals for decades.  The U.S. National DNA Database System stores the DNA data of millions of criminals, and allows law enforcement officers around the country to compare and match forensic evidence in this central repository.  This closed universe of DNA only contains data from individuals arrested or convicted of a crime.  Law enforcement officials who seek to use this information are subject to numerous rules, regulations and procedures governing how and when it can be used.

As we posted earlier, however, commercial DNA databases and civilian genetic genealogists also have become an attractive investigative tool for law enforcement.    Some commercial labs do not give law enforcement access to their database.  For example, 23andMe states on its website “23andMe chooses to use all practical legal and administrative resources to resist requests from law enforcement, and we do not share customer data with any public databases, or with entities that may increase the risk of law enforcement access.”  Other companies, such as Parabon NanoLabs, have focused their efforts on offering their genetic genealogy services to law enforcement.  Last year, Parabon identified William Earl Talbott, II as a suspect in the murders of Jay Cook and Tanya Van Cuylenborg.  Talbott’s trial, set to begin in July, will be one of the first to confront issues related to the use of these services.

Generally, courts have yet to address questions about the implications of the use of familial DNA.  As is typical, the law needs to catch up with science.  Lawmakers should take up this matter soon, as the use of this technology continues to grow and the pressure to allow the use of the DNA profiles increases.  Many interesting ethical and legal issues have already been raised, including questions about Fourth Amendment protections and the privacy rights of individuals.

The General Data Protection Regulation (GDPR) (EU) 2016/679 of 27 April 2016 which comes into force in May 2018, will introduce major changes to the law on the processing of personal data in the European Union. Over the next several months, several European Union law firms we work very closely with will join us in providing you with more information on the GDPR. Different themes will be tackled month by month to help you prepare for the GDPR deadline.

Part 3 of this GDPR Series is brought to you by the German law firm of Graf von Westphalen. Other blog entries in this series will be brought to you by the law firms of Mills & Reeve (UK), FIDAL (France) and VanBenthem & Keulen (Netherlands) as well as Robinson+Cole (United States).

 Consent as a lawful basis for data-processing

Every data processing activity requires a lawful basis. Such lawful basis may be provided directly by law, or by consent granted by the data subject, both according to the statutory requirements set out in the Directive 95/46/EC and, importantly, national data protection laws. This general principle remains unchanged under the GDPR, however, the new Regulation provides for new or additional requirements for such consent to be a lawful basis for processing and transfer of personal data. Continue Reading General Data Protection Regulation (GDPR) Series, Part #3: GDPR Consent and Fair Processing

The U.S. Equal Employment Opportunity Commission (EEOC) recently announced that it has entered into a settlement with BNV Home Care Agency, Inc. (BNV) for $125,000 for violations of the Genetic Information Non-Discrimination Act (GINA).

According to the EEOC, BNV violated GINA by engaging in the “unlawful practice of collecting employees’ and applicants’ genetic information by asking them questions about their family medical history on an employee health assessment form.”

In the announcement of the settlement, the EEOC stated “Forcing employees and applicants to provide genetic information in order to maintain or obtain their jobs is clearly against federal law and EEOC will continue to combat this form of discrimination…Employers should take heed of this settlement, because there are tangible consequences to unlawfully asking employees and applicants about their family medical history, which has been prohibited since the enactment of GINA in 2008.”

In addition to the fine, which will be paid to the class members of employees who were asked the prohibited questions, BNV is required to update its health assessment form to delete those questions and to provide anti-discrimination training to its employees.

This settlement is important guidance to companies to review their health assessment forms for compliance with GINA.

“The Internet has a dark side,” Deputy Treasury Secretary Sarah Bloom Raskin remarked while addressing senior level banking executives at this year’s Clearing House Annual Conference. Raskin focused her comments on malicious cyber activity, pointing out that weaknesses in the financial sector’s complex interconnected system attract bad actors like water “drawn to cracks in a foundation.”

While commending the recent adoption of cybersecurity norms by G-20 leaders, Raskin acknowledged that proactive efforts by financial executives is essential to strengthening the country’s financial infrastructure. She then offered a three-part cybersecurity checklist for in-house counsel, compliance officers, security personnel, and others looking to stave off cyber-attacks:

  1. Ensure that cybersecurity is part of the institution’s “genetic code” by embedding cybersecurity processes into governance, control, and risk management systems.
  2. Engage in basic essential security practices such as requiring multi-factor authentication, restricting high-level access to privileged users, and mandating regular patching of software. These and other essential practices can prevent up to 80% of all known incidents.
  3. Be prepared for the worst by creating a response and recovery playbook for serious cyber incidents. The playbook should direct the company’s response when a cyber-incident happens: who does what, when, and reports to whom, as well as guidelines addressing when to involve law enforcement and executive management, and when to inform clients and customers.

With the continuing if not accelerating impact of technology on the financial services sector, cybersecurity and resiliency become ever more critical to the well-being of our financial system. Treasury Secretary Raskin’s “cybersecurity checklist” offers some direction for financial institutions beginning their journey into this “new frontier.”

Treasury Secretary Raskin’s biography is available here.