Local News Twitter The Life CenterThe Life Center has scheduled a Lunch & Learn fundraiser with Dr. David L. Cook, a sport psychologist, author and speaker, at 11:45 a.m. Thursday at the MCM Grandé Hotel FunDome, 6201 Business I-20.Sponsorships are available. The Life Center is a 501(c)(3) nonprofit organization. Your contribution is tax-deductible to the extent allowed by law. Facebook Facebook The Life Center logo WhatsApp Lunch & Learn fundraiser Twitter Previous articleAuthor donates books to UTPB libraryNext articleGUEST VIEW: David Hogg is a dangerous demagogue admin By admin – April 18, 2018 Pinterest Pinterest WhatsApp
Sign up for our COVID-19 newsletter to stay up-to-date on the latest coronavirus news throughout New York By Shari Claire LewisShari Claire LewisThe business news media has been abuzz with talk of the European Union General Data Protection Regulation (GDPR), a new data privacy rule that goes into effect on May 25, 2018.What, if anything, does the GDPR mean for U.S. businesses? What steps does a Long Island company need to take to comply with the rule, and what are the risks of failing to comply? The answers to these questions may surprise you.What is GDPR, and what led to its enactment?The GDPR’s purpose is to protect the personal data of EU residents wherever that data is located. Therefore, the GDPR regulates entities outside of the EU that have EU subsidiaries, provide goods and services to EU residents or who collect or process data concerning any EU resident.At this stage, it is difficult to know how robustly the GDPR will be enforced around the globe. Part of the purpose of enacting the GDPR was to respond to the crisis of cyber breach events and create a uniform approach if a data breach occurs.Which U.S. companies are covered by the GDPR?The threshold question a business must answer to determine if it is subject to the GDPR is whether, and to what extent, the company is conducting business in the EU or with EU residents. This also includes customers acquired through a company’s online presence.If a company determines that it does not receive, use or process any personal data on any EU residents, then the GDPR does not apply to it. However, in this day and age, many previously “local” companies provide goods and services beyond their immediate geographical area, whether as a result of their internet presence, globalization in trade or increased personal, international travel.What does the regulation say about data collection?The next step is to understand the regulation’s objective, which is to shift control over data collection practices from the entity that collects the data to the individual whose personal data is being collected. To accomplish this, the GDPR sets forth principles that a business must incorporate into its data collection practices:• Personal data must be “processed lawfully, fairly and in a transparent manner in relation to the data subject.” In other words, businesses must have a legal reason for collecting and using the data and, except where collection is legally required, a person’s express consent must be obtained on an “opt-in” basis. An entity that wants to collect personal data must solicit an opt-in using clear language to explain exactly what data is to be collected and its specific proposed use. This is different from the typical U.S. business practice of permitting collection by default unless someone “opts out.”• Once collected, the personal data may only be used for “specified, explicit and legitimate purposes” and may not be further “processed” in a manner that is incompatible with that purpose. Accordingly, under the GDPR, a company may no longer routinely collect personal data in hopes that it eventually may want to use that data for marketing purposes.• Data collection is restricted to what is “adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.” The personal data must be accurate and up to date, and “reasonable steps” must be taken to erase or rectify inaccurate personal data “without delay”. Similarly, personal data must be handled in a manner to protect is “integrity” and “confidentiality.”• Finally, personal data may be kept for only so long as it is needed for the purposes to which the individual consented.I think GDPR applies to my business. Now what?According to the regulation, your company must be responsible for complying with the GDPR collection principles outlined above and be able to demonstrate that compliance. That means documenting what personal data is held by your company, who has access to it and with whom that data is shared.Your company’s privacy notices must be updated to provide full disclosure about your company’s data collection practices to require customers to affirmatively opt in to have their data collected and explain how customers can change their consent or assess their data’s accuracy over time. Your company is also required to assess the security of the personal data it holds, including how it is collected, stored and accessed, and make necessary adjustments to address existing and emerging cyber security threats.Additional requirements exist for governmental bodies, public authorities and private entities whose “core activities” consist of “large scale” processing of personal information. A local business may be surprised that its possession of private data concerning employees, customers, prospective customers, business affiliates or others may, in the aggregate, be enough to qualify it as a large scale processor of personal data.If so, the business maybe required to meet the enhanced requirements of the GDPR, one of the most notable of which is the appointment of an in-house or outside “Designated Privacy Officer.”How will the GDPR be enforced?Initial GDPR enforcement efforts will likely focus on organizations that have a substantial EU presence or target EU citizens. If a company’s connection to EU residents involves more than mere random or sporadic contact, it is wise to take steps to comply with GDPR. Conversely, businesses should document the analysis that produced the conclusion that GDPR does not apply to them.The GDPR permits regulators to impose significant fines and penalties on companies that fail to comply with the rule. Maximum fines are separated into two tiers. The lower tier applies to a failure to comply where no real harm has occurred to EU residents. In this case, a fine of up to the greater of 2 percent of net profit in the prior year or 10 million euros may be assessed. When EU residents’ rights are violated, however, the maximum fine can be up to the greater of 4 percent of net profit or 20 million euros.How can I reduce my company’s risk of an enforcement action?The first step is to undertake a frank and full assessment of your company’s data practices. This includes policies for collection, storage, security and disposal of data, and whether the company is likely to fall within the GDPR’s purview.Next is to prioritize the steps that are most critically needed and feasibly achievable. High on this list may be revising the company’s privacy statements and practices, which are usually set forth on a company’s website, apps, social media pages and other interactive media.It is also important for a company to address its privacy framework, including who is in charge of privacy for the company and what the company’s and its vendors’ practices are regarding collecting, holding and processing personal data. Companies should create a proactive plan to improve its data practices moving forward to achieve GDPR compliance in the near future.Finally, companies are advised to create a rapid-response plan that will comply with GDPR requirements and applicable federal and state regulations. In every case, maintain documentation to demonstrate the company’s compliance efforts.The reality is that many, if not most US companies will not be in full compliance with GDPR by the May 25, 2018 deadline. However, company efforts, if undertaken in good faith, may mitigate against the risk of GDPR fines or penalties. Equally important, it makes good business sense to create a long-term, proactive data strategy to address the potentially catastrophic impact of a cyber security event regardless of what law is applied.For more information about the GDPR and for assistance in assessing whether it applies to your business, contact your attorney.Shari Claire Lewis is a partner in Rivkin Radler’s Privacy, Data & Cyber Law Practice Group.
The report grouped risks into three main areas: the low profitability of financial institutions in the low yield environment, increasing interconnectedness of bank and non-bank entities, and potential contagion from China and emerging markets.“The financial service industry struggles to offer adequate level of profitability and increasingly turns to a search-for-yield behaviour,” said Bernardino.“Therefore, it is crucial the supervisory community adopt a forward-looking perspective, challenging business model sustainability.”The report notes that the low-interest-rate environment was putting pressure on the investment fund industry, insurers and banks.If prolonged, it also poses “significant challenges” to the resilience of defined benefit occupational pension funds, it adds.This, it says, is shown by the results of EIOPA’s stress test of pension funds, as announced in January.It repeats EIOPA’s conclusion that the stress test show IORPs are generally more vulnerable to market stresses than increases in longevity, and reiterates the deficits revealed by the stress test: €78bn on a national balance sheet basis and €428bn using a “market-consistent approach”, when sponsor support and pension protection schemes are not taken into consideration.The report also highlights the risks posed by the increasing role played by non-bank and non-insurance financial institutions (NBNIFIs) in financing the economy.It flags a 65% growth of euro-area investment funds over the past five years and says the size of the financial system beyond banks and insurers is equivalent to 87% of the banking system in the euro-area.“The development of the marked-based funding is […] raising concerns regarding the interconnectedness between investment funds, banks and insurance companies,” according to the ESAs’ report.Asset managers, it says, are the group impacting on the performance of companies in the other two sectors.This is a reversal of the situation before 2012, when banks’ performance was most influential.“This evidence is consistent with the growing importance of the asset management sector in terms of interconnectivity,” the report says.Referencing a graph showing interconnections among banks, insurers and asset managers, the report notes that the active role recently played by asset managers “calls for further investigation, also with regard to their potential systemic relevance”.Only banks and insurers are designated systemically relevant under current regulations, but NBNIFIs, despite their valuable role, “also increase the potential for spill-over effects and add to complexity”, according to the report.“In this context,” it says, “negotiations around the finalisation of criteria for the definition of systemically important NBNIFIs are pending at the international level.”The ESAs called on regulators to continue to support market-based funding measures – for example, by developing regulation for non-bank loan origination models.They should, however, pay close attention to “ancillary, intrinsic risks”, such as concentration risks, cross-border exposures and regulatory arbitrage. A report from the joint committee of the European Supervisory Authorities (ESAs) has reiterated the risk posed to defined benefit occupational pension funds from sustained low interest rates, as revealed by EIOPA’s stress test, and warned of the implications of the rise of non-bank lending.The report, released yesterday, is on “risks and vulnerabilities in the EU financial system”.The joint committee is chaired by Gabriel Bernardino, chairman of the European Insurance and Occupational Pensions Authority (EIOPA).The European Banking Authority (EBA) and the European Securities and Markets Authority (ESMA) are also represented on the committee.
SYDNEY Thunder spinner Chris Green has been cleared to return to competitive cricket after biomechanical testing in Brisbane deemed his bowling action to be legal.In January, Green was banned from bowling in all Cricket Australia competitions for three months after testing revealed his bowling elbow would bend beyond the allowable 15 degrees.It ruled him out of the remainder of last summer’s KFC BBL and also put his maiden Indian Premier League (IPL) stint in jeopardy, but the cricketing shutdown due to the COVID-19 pandemic has meant he hasn’t missed any more matches.Green was tested again at the Bupa National Cricket Centre in Brisbane last week and the Thunder announced today that the results showed the off-spinner’s action “performed significantly below the allowable 15 degrees of elbow extension”, clearing him to return.“I feel like I’m in peak physical condition, my batting is going really well and now I’m really excited to get back bowling competitively again,” Green said.“I just can’t wait to play again. I’m so excited to get back out on the field and repay the faith that has been shown in me the best way I know how – by putting out my best effort.”Green’s off-spin and faster ball were the deliveries under review at the NCC and he was tested by University of Queensland biomechanics expert Dr Luke Kelly, who is a consultant for Cricket Australia.Just when Green will return to competitive action is yet to be determined. He was purchased by the Kolkata Knight Riders to play in the IPL, which may reportedly be held in October after it was postponed earlier this year due to the global health crisis.The 26-year-old has also played in domestic T20 leagues in England, the Caribbean, Pakistan and Canada.Last year, he signed a six-year deal with the Thunder in the Big Bash, the longest in tournament history.