Blogs

Back
What You Need to Consider in Regulatory Compliance of Learning Platforms for Business
October 27, 2020

Running afoul of any regulatory requirement puts a business in a precarious position. Noncompliance in protecting personal data in a business, for instance, can stain a company‘s reputation and cost a company a hefty fine.

There is much to consider: HIPAA, FERPA, GDPR and more — a veritable alphabet soup of potentially serious compliance considerations for any business.

The European Union’s General Data Protection Regulation (GDPR) snagged some big companies in high-profile infractions since its 2018 inception, including British Airways (25.6M) [1] and H&M Germany ($41.3M) [2]. The rule also applies to companies around the world, including the United States. Ireland’s Data Protection Commissioner put Instagram in the hot seat with an investigation for potential violations surrounding children’s personal data on the social media platform. [3]

Companies need to heighten internal vigilance to ensure regulatory compliance, but they also may incur data breaches and exposure to risk via vendors and other business associates. A hospital system's business associate agreed to cough up a $2,300,000 fine to the Office for Civil Rights (OCR) to settle on a data breach that jeopardized the personal health information (PHI) of some six million people. [4]

CHSPSC LLC's potential violations of HIPAA’s Privacy and Security Rules involved PHI such as names, sex, dates of birth, phone numbers, Social Security numbers, emails, ethnicity, and emergency contact information. The FBI notified CHSPSC about its being hit by a cyber-hacking group. Much of the problem with CHSPSC stemmed apparently from ongoing and widespread noncompliance, as well as its failure to act even after the FBI’s notification of the data breach. [5]

MUCH TO CONSIDER FOR YOUR BUSINESS WHEN IT COMES TO COMPLIANCE 

British Airways might consider itself lucky to have been fined only $25,850,000 — a 90 percent reduction thanks to mitigating factors, including the airlines’ offer of financial compensation to affected individuals. [6] But such mitigating factors aren’t always so protective when facing disciplinary actions from regulators. Compliance is a many-headed beast. Sometimes there is much to be interpreted. For instance, the GDPR requires that companies exercise a “reasonable” [7] level of protection of someone’s personal data. But how do you define reasonable? Such nebulous language renders regulatory compliance an aspect of business not to be taken lightly or taken on by anyone but those with specific expertise.

What of other regulatory areas, such as FERPA and HIPAA? Well, along with GDPR, FERPA (Family Educational Rights and Privacy Act) and HIPAA (Health Insurance Portability and Accountability Act) considerations could come into play when, for instance, you offer online team training and education.

Here are a few facts to bear in mind regarding regulatory compliance:

  • During these times of COVID-19 and work-from-home arrangements, online training of employees may necessitate new vigor related to compliance, such as maintaining FERPA and HIPAA privacy protections. [8]
  • When a business protects its data and aces regulatory compliance, one main payoff is keeping employees on board, as employees feel more secure with a company that’s aggressive on data security. [9]
  • While so many compliance requirements seem daunting, they can actually strengthen businesses and protect employees and customers. [10]

HOW AMESITE MAKES COMPLIANCE SIMPLE

Amesite will stand beside you as your Chief Learning Partner, not only scaling our online learning and training platform to your bespoke needs, but also ensuring your business’ and employees’ data are paramount for protection. We shield your business from regulatory headaches and the financial strain of punishing fines, not to mention public embarrassment, as we work alongside your Learning & Development team to develop top-notch upskilling programs.

Amesite has the strictest and most protective data policy in software. We don’t sell data to third parties, and we don’t allow third parties to look at it. Our customers’ data is used for one purpose: to improve the way the world learns. We also take many other technical and business steps to ensure our customers’ compliance, including:

  • Maintaining a best-in-class security and data policy
  • Employing cutting-edge technology, including cloud-based, high security and privacy-oriented tools
  • Using data only in full compliance with regulations
  • Developing sophisticated coding that we adapt as the regulatory landscape and business needs evolve

Aside from shielding our client partners from the disruption and exposure of data breaches, Amesite offers other competitive advantages, including speed, low operating costs and customization. Our clients trust us and that’s something we also strive daily to protect. We work with businesses in many industries, K12 schools and colleges. They leave the complexity to us and we deliver ease of use right out of the box.

Whether you’re a company of 10 or 10,000, we scale to meet you where you are.


[1] The National Law Review. "ICO Fines British Airways £20 Million for Security Breach" https://www.google.com/amp/s/www.natlawreview.com/article/ico-fines-british-airways-20-million-security-breach%3famp Accessed 21 October 2020

[2] Compliance Week. “H&M Germany fined $41.3M in one of largest GDPR penalties" https://www.complianceweek.com/data-privacy/handm-germany-fined-413m-in-one-of-largest-gdpr-penalties/29556.article Accessed 21 October 2020

[3] BBC. “EU Investigates Instagram Over Handling of Children’s Data” https://www.google.com/amp/s/www.bbc.co.uk/news/amp/business-54594825 Accessed 21 October 2020

[4] The National Law Review. “HIPAA Business Associate Pays $2.3 Million Settlement After Hackers Target PHI of Over 6 Million Individuals" https://www.google.com/amp/s/www.natlawreview.com/article/hipaa-business-associate-pays-23-million-settlement-after-hackers-target-phi-over-6%3famp Accessed 21 October 2020

[5] The National Law Review. "HIPAA Business Associate Pays $2.3 Million Settlement After Hackers Target PHI of Over 6 Million Individuals" https://www.google.com/amp/s/www.natlawreview.com/article/hipaa-business-associate-pays-23-million-settlement-after-hackers-target-phi-over-6%3famp Accessed 21 October 2020

[6] The National Law Review. "ICO Fines British Airways £20 Million for Security Breach" https://www.google.com/amp/s/www.natlawreview.com/article/ico-fines-british-airways-20-million-security-breach%3famp Accessed 21 October 2020

[7] CSO. “General Data Protection Regulation (GDPR): What you need to know to stay compliant” https://www.google.com/amp/s/www.csoonline.com/article/3202771/general-data-protection-regulation-gdpr-requirements-deadlines-and-facts.amp.html Accessed 21 October 2020

[8] Ed Tech Magazine. “Working Remotely? Here’s How to Maintain FERPA Compliance” https://edtechmagazine.com/k12/article/2020/08/working-remotely-heres-how-maintain-ferpa-compliance Accessed 21 October 2020

[9] Houston Chronicle. “Importance of Compliance in Business” https://smallbusiness.chron.com/importance-compliance-business-71173.html Accessed 21 October 2020

[10] Houston Chronicle. “Importance of Compliance in Business” https://smallbusiness.chron.com/importance-compliance-business-71173.html Accessed 21 October 2020