Risks of Using Google Translate

When working with international markets, you will more than likely run into situations where you will need to translate contracts, marketing materials, manuals etc. into the local language. There is a vast difference between doing a straight translation vs. localization. In other words, be cautious of doing what is called a “Literal” translation.

One of the most traumatic mishaps of this was when a Dutch airline pilot collided into another plane during take-off killing 583 passengers. The Dutch pilot stated in the cockpit he was “now at takeoff”, meaning he was already taking off – not ready for takeoff. This unfortunate mishap could have been avoided if the proper translation was given.

Another example is when HSBC wanted to try to save face by spending $10 million on a new branding campaign to fix a catchphrase “Assume Nothing” which was interpreted as “Do Nothing”.

Even with advances in machine translations, I wouldn’t want to leave it up to my computer to translate safety instructions when operating dangerous equipment or converting a list of food formularies into another language.

If you are trying to expand your product/service offerings to other countries, they will see right through a simple translation vs. a localization too. If you’re going to invest in the time and effort to get your product to these locations, it’s well worth the effort of ensuring your message is tailored to their culture and piques their interest in the same way it does in this country.

If you want to learn more about what it takes to convert your business materials into another language, please reach out us

GDPR – Curse or Investment?

Since the GDPR has gone into practice has your organization labeled this a curse or an investment? It’s probably a combination of both. On the investment side, your customer want to know they can trust you and see that you’re handling their data in a way in a secure manner. The more transparent you are using processes to safeguard their information.
On the other hand, it probably required you to spend money on additional technology or employees to increase your ability to monitor your data. Some companies are appointing people to the position of DPO (Data Protection Officer).
Regardless of which view you stand on, the penalties and fines are quite real. For example, Marriott was fined the next day the law went into place for approximately $99 million for not protecting data for 339 million guest records. British Airways is getting fined for a proposed $183 million for a data breach of up to 500,00 customers!
SAS created a nice 5 step check-list to ensure you are compliant for GDPR
1. Access. The first step toward GDPR compliance is to access all your data sources. No matter what the technology – traditional data warehouses and Hadoop clusters, structured and unstructured data, data at rest and data in motion – you must investigate and audit what personal data is being stored and used across your data landscape. Seamless access to all data sources is a prerequisite for building an inventory of personal data so you can evaluate your privacy risk exposure and enforce enterprisewide privacy rules. To address GDPR compliance, you can’t rely on common knowledge or perception of where you think personal data might be. The regulation requires organizations to prove that they know where personal data is – and where it isn’t.
2. Identify. Once you’ve got access to all the data sources, the next step is to inspect them to identify what personal data can be found in each. Often, personal data is buried in semistructured fields. You’ll need to be able to parse those fields to extract, categorize and catalog personal data elements such as names, email addresses and social security numbers. Considering the volumes of data at hand, this cataloging process can’t be manual. And you not only need to parse and classify personal data – you also have to accommodate varying levels of data quality. Things like patterns recognition, data quality rules and standardization are vital elements of this process. Having the right tools for the job will make a big difference in your ability to maintain GDPR compliance.
3. Govern. Getting a grasp on personal data starts with being able to define what personal data means and then share this understanding across your organization. For GDPR compliance, privacy rules must be documented and shared across all lines of business. This is the way to make sure personal data can only be accessed by those with proper rights, based on the nature of the personal data, the rights associated with users groups and the usage context. To achieve this, roles and definitions must be established in a governance model. Then you can link business terms to physical data sources, and establish data lineage from the point of creation to the point of consumption. This provides you with the required level of control.
4. Protect. Once the personal data inventory and governance model are established, it’s time to set up the correct level of protection for the data. For GDPR compliance, you can use three techniques to protect data: encryption, pseudonymization and anonymization. You must apply the appropriate technique based on the user’s rights and the usage context – without compromising your growing needs for analysis, forecasting, querying and reporting. The easiest way to protect data privacy is actually to press the delete button, keeping only the data you need to run critical business processes and added-value analysis.
5. Audit. The fifth step in your journey to GDPR compliance involves auditing. At this stage, you’ll need to be able to produce reports to clearly show regulators that:
– You know what personal data you have and where it’s located, across your data landscape.
– You properly manage the process for getting consent from individuals who are involved.
– You can prove how personal data is used, who uses it, and for what purpose.
– You have the appropriate processes in place to manage things like the right to be forgotten,
data breach notifications and more.

Who is leading the charge of AI in Med Tech?

It’s no secret that AI is at the forefront of any conversations in healthcare right now. But beware of following the shiny object.

With the focus on patient outcomes for monitoring healthcare results, it stands to reason why there is such a race to get to the marketplace with an AI-enabled device. According to CB Insights spending on AI for healthcare in 2018 hit a record high.

By June 3, 2019, the FDA is requesting that stakeholders in medical device clinical decisions provide them with feedback on how to regulate AI-based software. Due to the nature of the adaptive technology, and continually optimizing their functionality should AI devices be placed into a different regulatory framework?

There certainly many examples that demonstrate the benefits of using AI-enabled devices such as IDx which detects diabetic retinopathy, the primary cause of blindness. Viz.ai the developer of the decision support software that can analyze  CT results.

According to Emerj.com, there are three primary applications that are gaining momentum in the AI space.

  1. Management of chronic diseases
  2. Medical imaging
  3. AI and Internet of Things (IoT)

One major challenge all companies are running into is the pool of talent that will help them build these AI solutions. At a recent event I attended in Chicago, the VP HR from Blue Cross Blue Shield of IL stated that when she posts a position for a Phd. Level Data Scientist, she may only get two resumes sent in compared to posting a Data Analyst position, she will get 100’s of resumes.

I don’t see any clear winners right now and the playing field has plenty of room for more players. It will be very interesting to watch how this will progress over time.

The Legal Gotchas of Employee GPS Tracking

GPS tracking of field staff is on the rise. Removing “gig” workers from this equation, there are now, according to T-Sheets, 1 in 10 employees are tracked 24 hours a day — this is illegal.

Of the GPS workers surveyed, 45% had suspicions that they were being tracked 24/7.

There are some benefits for allowing GPS tracking for both the employee and employer. For example, employees can be more accurately tracked for overtime pay and ensuring employees obey traffic laws are a win-win for both.

Each state’s laws do vary. First and foremost, the employee has to be made aware that this activity is being enforced. Most states are pretty clear when the company owns the vehicle and how they monitor employee activity. It becomes less clear when the employer wants to monitor a vehicle owned by the employee.

The laws get even muddier when it comes to using an employee’s own smart device.

Here is a list of best practices created by Greensfelder, Hemker & Gale PC

  • Become familiar with any laws applicable to privacy expectations and GPS tracking of vehicles and/or devices in the state where you wish to engage in GPS tracking.
  • Only use GPS tracking in employer-owned vehicles or devices. The case law and statutes show that generally, tracking an employee using company-owned property is permissible, especially when the employee is aware of the GPS monitoring. Tracking employees using their personally owned property is still a legal gray area.
  • Only monitor employees to the extent that it is justified by a business need. There are risks associated with tracking employees via GPS, namely that an employee will feel his or her privacy has been violated and commence litigation. Therefore, an employer should only consider engaging in monitoring to the extent that risk is offset by a business need.
  • Make sure you have a written GPS tracking policy. It should outline the business reasons for using GPS tracking, when and how employees should expect to be monitored and how the employer will use and safeguard data collected. If an employee will be disciplined for disabling a GPS device without the employer’s permission, the GPS tracking policy should also notify the employees of those consequences in advance. Be sure to communicate the policy to all employees, and ask that employees acknowledge their receipt and understanding of the policy.
  • Finally, be responsible and considerate. Only monitor employee activity during work hours, and only monitor the employees’ location for a specific business purpose in compliance with your GPS tracking policy. Finally, make sure that you store any GPS-related data securely.

How Your Legal Team Can Avoid a Congressional Hearing

Many of us have watched Mr. Zuckerberg in the hot seat during the Congressional hearing regarding Cambridge Analytica. Or how about big pharma companies who dramatically raise their prices placing undue financial burdens on people who face life and death situations.

Lesson 1

Security and customer privacy should be the responsibility of EVERYONE. What would happen if your credit card processing or a slip in your supply chain was the victim of cybersecurity – would you be hauled into court? Regardless it will do long-term damage to your customer’s trust and damage your brand. Ensure your “crown jewels” of data and information stay safe and secure.

Lesson 2

Get involved in establishing statutory standards for your industry. With the recent data breaches, California and now Ohio is placing statewide standards in place to ensure data breaches now face legal accountability. Are there similar types of standards being set for your industry – if so find out how you can get involved to help establish the statutes to get in front of it. There is already pushback from the California laws (which doesn’t go into effect until 2020).

Lesson 3

Reach out to those in the know. Do you have a direct line to your Senators and Congressperson? Do you have an ear to the ground on hot issues that may pull you in to testify? The better relationship you have the committees and rule-makers you will build and advocate vs. an enemy. But most of all just play by the rules.