Access Control

The GDPR mandates that data controllers must demonstrate a legal basis for data processing. The six legal bases for processing listed in the law are: consent, necessity, contract requirement, legal obligation, protection of data subject, public interest, or legitimate interest of the controller.

A data breach is a security incident during which sensitive, protected, or confidential data has been accessed or exposed to unauthorized entities. These incidents may expose protected or personal health information (PHI), personally identifiable information (PII), intellectual property, classified information, or other confidential data.

A Federal Trade Commission rule requiring vendors of personal health records to notify consumers following a breach involving unsecured information. And if a service provider to such a vendor is breached, they must notify the vendor. The rule also stipulates an exact timeline and method by which these public notifications must be made.