A recent article in The Economist questions whether it is safe and
secure to trust a company's computer network to a Chinese
company. The specific concern in that The Economist
article related to "a Chinese company with
connections to the Chinese government and the People's
Liberation Army (PLA)" that would be providing
services inside the corporate firewall. An unnamed
former member of the U.S. Joint Chief of Staffs minced no words
about this: "We'd be crazy to let
[that Chinese company] on our networks, just
Assuming that these fears are justified, what do you do if you
can't avoid (or don't know if you can avoid) working with
Chinese companies on sensitive matters? Not all of us (or our
businesses) can "travel light" everywhere, all the
time. But in an increasingly inter-networked world, how can
you rely on your business partners to do the same level of
diligence that you would? in the short term, your contracts
are a good place to start: check for clauses providing
indemnification and permitting auditing, and engage in serious
discussions about security all around.
In the longer term, we may have to hope that enlightened
self-interest yields more emphasis on business integrity from
China, as this article suggests is happening.
This may be just a hope, as similar hopes have existed for
respect for improving protection for human rights and intellectual
To view Foley Hoag's Security, Privacy and The Law
Blog please click
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
The 2010 theft of an unencrypted laptop containing confidential health care information made front-page news in 2013, not because a huge number of patients were affected, but for the exact opposite reason.
Any company that collects personal data from consumers should take proactive steps to have appropriate legal counsel review its data security practices, as well as its terms of service or privacy practices, to identify any potential problem areas.
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published on its website a series of factsheets designed to educate consumers unfamiliar with their rights under the Health Insurance Portability and Accountability Act’s (HIPAA) Privacy and Security Rules.