Data Protection Laws


Data protection laws exist within the U.S. (federal and state) and in numerous other countries.  The purpose of the laws is to regulate the use and handling of data.  For Yale faculty, staff, and students, data protection laws pose two main challenges:

  • Privacy:  how to use and share data for legitimate research and other purposes, while protecting personally identifiable information.
  • Security:  how to secure personal data in order to prevent unintentional disclosures, access by unauthorized persons, or improper use by unauthorized persons.

Depending upon the specifics of your international work, including whether you transmit or transport data from one country to another, you may need to comply with the data protection laws of more than one jurisdiction.  Foreign data privacy and security laws, particularly in the European Union (EU), may be more comprehensive and rigorous than in the United States.  Consider the following example of how EU data protection laws differ from those in the U.S.: 

a researcher obtains the appropriate consents to collect personal data in an EU member state for Study A.  At the project’s conclusion, the data collected for Study A not only cannot be repurposed for another, unspecified study at a later date, but must be destroyed when Study A has been completed.

Previous  <<<<  >>>>  Next