New Articles

5 Tips for Keeping Your Business Data Secure


5 Tips for Keeping Your Business Data Secure

As a business, you can keep track of data for many customers and from some of the work you have done yourself. Whether it is research or surveys or from other locations, this data is integral to helping you get ahead of the competition. 

It can also be personal information from your customers and keeping this secure and safe from hackers who may like to get ahold of the data is so important. But how are you going to keep the data somewhere you can use it while ensuring that it will stay safe?

The good news is that businesses do have options when it comes to keeping their business data as secure as possible. Some of the steps that you can take to keep your business data secure include:

Come Up With Your Strategy

It is never good to have a vague idea of your procedures and policy. You need to have a formally written IT strategy that has all of the details about your plan. This plan needs to lay out how you plan to protect your resources and data along with steps that everyone must take if something goes wrong. 

Writing the plan is just the first step. You will need to keep it updated and nearby at all times. When something changes along with your business, you need to bring out that plan and make some of the necessary problems as well. 

You may need to sit down with a cybersecurity specialist to help you figure out what steps should be in the plan. This will ensure that nothing is left out of the plan and can help you discover some more of the vulnerabilities that may be present in your network. 

Protect Your Network Against Malware

With a plan in place, you are able to take the necessary steps to keep all of the bad stuff out. Come up with a plan that will ward off malware and any other malicious software that could take your data. 

Always assume that a hacker is trying to get to your data and be proactive. Some of the ways that you can do this include:

-Apply a firewall: While this is not enough to do on its own, your router’s firewall is going to provide a good line of defense so keep it turned on. 

-PC protection: This can include anti-malware and anti-virus protection on your system. You may also need some protection to help protect you against identity theft, suspect websites, and more. 

-Clean out the emails: This is often the job of anti-spam software. This can keep the unwanted, unsecured emails out and protects from accidentally hitting one that can cause issues. 

Encrypt the Wireless Network

If you are using a wireless network at all, then you need to have some special precautions in place. Encryption is a good place to start, but if it is not done well, hackers are still able to get around it all and can cause trouble. You need to make sure that your router has the right amount of strength to keep others out. 

One way is to use encryption here. Another is to turn off the broadcasting function on the router. This will help make your network invisible. When a hacker is not able to see your wireless network, it is a lot harder for them to hack right through it. 

Watch the Passwords

Even your password can be strengthened to help safeguard all of the data in your system. This can be a hassle to remember, but the more complexity that you get with the password, the easier it is to protect your data and everything on the system. 

There are a few steps that you can take to help safeguard your password. Make sure that it is a minimum of eight characters long and add non-standard characters and numbers as well. This makes it harder for anyone to figure out what the passwords are. 

You should also consider changing up the passwords on occasion to make it harder to guess. Using different credentials that are not words and passwords that are random letters and numbers and special characters can be a good option as well.

You may find in this situation that a password manager is going to come in handy. This makes it easier to keep track of these random passwords so you do not need to write them down and risk them being stolen. 

For your business, make sure that everyone is on the same page when it comes to passwords. Enforce that these passwords need to be strong to help protect the data by setting up rules that everyone must follow. 

Set Up Software Updates

This should be something that is automatic. When you do not complete some of the necessary updates with your software, it makes it much easier for hackers to find some of the vulnerabilities in the system and do what they want inside. 

Hackers are more than happy to scan a network or a website to see which version of the software is running at that time. They can then take a look at which vulnerabilities are present for them to explore in some of the older versions. 

You should take the time to update your device security settings, any operating system you need, and other software to the newest versions and do any other updates as necessary as you use the system. 

You can also set it up so any patches and improvements that come out are going to update for you automatically in the background. This takes out the guesswork on when it needs to be done while protecting your whole network from any potential threats. 

Keeping Your Data Safe

As a business, it is your responsibility to keep all of the data that you use as safe as possible. There are different ways to do this but with the help of some of the steps above, you can keep hackers off and keep all of that data as safe as possible. 

industries cybersecurity

Top Booming Industries of 2021

One positive effect of the pandemic on the job market is the new opportunities for people to bring their unique capabilities to the table. Digitalization and automation have affected all aspects of our lives. With the world urging a more virtual way of doing daily things, we have seen many companies adjust to this new reality. Some of them still fight to survive, while others have adopted the latest technologies and made considerable earnings in specific niches. Let us look at some industries that are booming in 2021.

Cybersecurity Industry

Cybersecurity has always been a big industry, but the increase in how we rely on digital tools such as virtual meeting applications means that our data is more vulnerable to hacking and other cyber vulnerabilities than ever before. Coronavirus is one of the biggest cybersecurity threats, as fraudsters have taken advantage of the disease’s uncertainty. Spam email issues have been viral: in the UK, hacking attacks on targeted people working from home were up by 12 percent before the first lockdown. Still, that number increased by 60% just six weeks later. Several attackers use the names and logos of trusted organizations and businesses, such as the World Health Organization (WHO), to trick users into clicking on dangerous links.

PPE Industry

Personal protective equipment (PPE) is one of the most talked-about and sought-after resources of this pandemic. Demand has been increasing rapidly, and countries that depend on imports from other countries such as China have been short of this vital equipment. Because of the coronavirus’s adverse effect, hospitals have the responsibility to have stockpiled in place if there is a similar case or occurrence in the future. Most PPEs have expiry dates, and because of this, steady supplies of new equipment will be in constant need, which means that manufacturers will always be busy trying to meet the new demand.

Cannabis Industry

Cannabis is the world’s most used drug. Owing to restrictions on the cultivation of cannabis in some parts of the world, cannabis has gathered interest from investors and researchers pushing for legalization to grow cannabis globally. More than 50% of Americans believe that the government should legalize cannabis. Thanks to a substance found in the cannabis plant known as Cannabidiol or CBD, many patients who suffer from medical problems like chronic pain and seizures have seen a significant improvement in their medical condition after using the CBD. However, to be successful in this industry, you must seek the service of cannabis consulting firms. The service is essential because the industry is relatively new and heavily regulated. Cannabis consulting companies know the dos and don’ts of starting and operating a cannabis business successfully.

Online Conferencing Industry

Virtual meetings have helped us make our work-from-home lives seem a bit normal. One of the corporations leading the industry, Zoom, has boomed during the pandemic and saw its stock price increase significantly over 100% in just two months. Google has made the premium features of its platform Google Hangouts free for users until September. The daily users of its Microsoft software, Team’s,  jumped from 32 million to 44 million during March.

Online Dating Industry

Dating apps are not the popular way of finding a partner, but there was a global downshift in app downloads as it came to be the norm. There was a 32.5percent growth in dating app users in 2016, but this reduced to just a 5.3% increase in 2019. However, as the COVID-19 outbreak restricted nearly all face-to-face meet-ups, there was a new rise in downloads and exchanges through the likes of Tinder, Bumble, and Hinge. On 29 March alone, Tinder users globally swiped through three billion possible matches, which is more than any other day, setting a record. eMarketer, a research company that provides information on digital marketing, media, and commerce, revealed that the number of people who dated through in the US alone hit 26.6 million, an 18.4% boost in 2019.

Final word

The pandemic will always be looked at as a negative occurrence that halted or reduced sales for many businesses. However, few industries had an exponential increase in demand for their goods or services. 2021 is still young, but we are positive from indications that the sectors discussed in this article will get the best out of it compared to other industries. The cannabis industry might come as a surprise, but with the stigma associated with rapidly shedding marijuana, the sky is only a starting point.


Why DDoS Attacks Are the Biggest Threat to Your Business in 2021

In the 21st century, it’s hard to imagine functioning without technology. Just think of how many times a day you look at your phone or switch on your computer. When you need an answer, you turn to Google; when you want to relax, Netflix is there. In fact, it seems that the internet can take care of your every need — be it social, financial or recreational.

Unfortunately, though, technology isn’t just useful to you but also to those who want to harm you. As technology grows more advanced, hackers and cybercriminals obtain new and sophisticated tools to launch their DDoS attacks, threatening your safety. But what is a DDoS attack, and why is it so dangerous? Keep reading, and you’ll find out!

What Are DDoS Attacks?

DDoS stands for distributed denial of service, and it’s one of the most common tactics hackers use to bring down a server. To put it simply, they flood a network with so much traffic at once in order to overwhelm the server, and it crashes. To do this, hackers use a large group of compromised computers called a botnet.

Now, the problem is that anyone can become a part of a botnet without even realizing it. If your antivirus program isn’t up to date, or you visit unsafe sites, your computer can become infected by malware. Contrary to popular belief, malware doesn’t just corrupt your files or damage your device. In fact, hackers often use it to covertly gain control over your computer and use it for their malicious purposes.

An infected device works as usual, but you’re no longer in charge. The actual owner, the hacker, can order your device to start sending requests to a server of their choice, along with hundreds of other devices. Ultimately, that leads to a crash.

Of course, servers can crash when they gain a lot of traffic naturally. But that’s not a DDoS attack — DDoS always comes with malicious intent. The hacker who’s launching it rarely does so just for fun – they usually have rather serious motives.

Why Do Hackers Perform DDoS Attacks?

If you’re new to the world of cyberattacks and criminals, it might not be obvious what the purpose of DDoS is. What could a hacker gain from disrupting a server? Sadly, there’s no easy answer — the motives behind these attacks vary. Here are some of the most common reasons.

Financial Gain

Hackers often use DDoS attacks to target corporations and large businesses, knowing that they have high profits. Once they bring their servers down, they send a message asking for a ransom. The network stays under their control until they receive the sum they asked for, after which everything goes back to normal.


Political and ideological wars are no longer waged out in the battlefield. These days, the real frontlines are in cyberspace. Whether it’s rebellious groups using hackers to protest against oppressive governments or those governments targeting protesters, DDoS attacks are commonly used in this type of warfare.

Gathering Information

If a large business handles lots of private information, it can easily become the target of a DDoS attack. In such a case, the attack serves as a distraction. While everyone is busy trying to resolve the problem, the hacker gains access to classified records and finds the information they need. The most sophisticated hackers leave very little trace, and no one even knows they were there.

Why Are DDoS Attacks Detrimental to Businesses?

Whatever the hackers’ motives may be, the most common DDoS attack targets are businesses. Large or small, they all face a similar danger as long as they are online. But how can a DDoS attack hurt your business, exactly?

Just imagine that a hacker attacks your company’s servers and brings them down for a few hours. The customers that would typically visit and purchase your products suddenly don’t have access to your site. New clients may be trying to visit your site too, but when they see that your website isn’t functional, they’re unlikely to return. In short, you can lose hundreds, if not thousands, of dollars as well as potential new clientele.

The longer your servers are down, the worse it gets. Soon enough, you’ll need to hire a team of experts to deal with your problem, which obviously won’t come cheap. On top of that, the hacker might ask for ransom, and after a few hours of losses, you’ll probably be more than willing to pay it.

But the worst damage you’ll suffer isn’t financial — it’s reputational. If your clients find out that your servers were hacked, they might have trouble trusting you with their personal information. No matter how loyal they were in the past, no one wants to believe their personal information is vulnerable. Soon enough, your pristine reputation will be tarnished, and not even by your own fault!

The only way to avoid this worst-case scenario is to put in place measures against DDoS attacks. That means you’ll need firewalls, antivirus software and perhaps even a special IT department to monitor your servers. It will surely cost you more, but in the long-run, you’ll be glad to have some peace of mind.

Protect Yourself Against DDoS Attacks

DDoS attacks are not child’s play — in fact, they have become the biggest threat to businesses in 2021. If anything, this threat will only get worse as our world becomes more digital. Don’t let yourself become a target; start looking into DDoS protection today. It’s the only way to ensure your customers’ safety and your company’s rise to success.


MJ Shoer is SVP, Executive Director, CompTIA ISAO, at CompTIA, the Computing Technology Industry Association. CompTIA is the world’s leading tech association. Its mission is to advance the global technology industry. The CompTIA ISAO is an Information Sharing and Analysis Organization whose mission is to raise the cybersecurity resilience of the global tech industry. MJ has over 30 years’ experience in the IT industry, having founded and run an MSP for nearly 20 years before it was acquired as well as consulting with MSPs, SMBs and channel organizations.


Data Center Infrastructure Market is Projected to Reach USD 100 Billion by 2027

According to a recent study from market research firm Global Market Insights, The need for data center infrastructure market management among organizations to offer higher energy-efficiencies will be positively driven by the influx of cloud computing, Big Data, and AI solutions. The surge in internet infrastructure activities has led to the generation of large quantities of data by individuals and connected devices.

The rising levels of data traffic have placed an immense power burden on data centers on account of the significant jump in the usage of IoT devices. This has in turn pushed data center operators to increasingly adopt efficient and cost-effective data center infrastructure solutions.

As per a report by Global Market Insights, Inc., the global data center infrastructure market could reach USD 100 billion in annual revenue by 2027.

Owing to the adoption of data analytics, cloud computing, and emerging technologies such as AI, machine learning, and IoT, hyperscale data centers have seen huge demand lately. Big tech giants like Facebook, Amazon, and Google are investing heavily in the construction of hyperscale data center facilities.

These data center infrastructures need high capability and modernized infrastructure for supporting critical IT equipment and offer enhanced data protection. High-density networking servers in these data centers demand security management, power and cooling combinations for enabling energy-efficient operation.

Increasing government initiatives regarding the safety of customer data are encouraging businesses to establish their own data center facilities in the Asia Pacific. For instance, China’s Cybersecurity Law states data localization requirements on Critical Information Infrastructure Operators (CIIOs). The Law guides network operators to analyze, store and process customer data within the country. With this, it is estimated that the Asia Pacific data center infrastructure market may speculate sturdy progress over the forecast period. Multiple initiatives such as Smart Cities, Made in China, and Digital India, may also boost the adoption of IoT and cloud computing in the region.

Mentioned below are some of the key trends driving data center infrastructure market expansion:

1) Growing demand for hyper-scale data centers

Expansion of hyperscale data centers owing to the usage of cloud computing, data analytics, and emerging technologies like IoT, AI, and machine learning are fueling industry outlook. Hyperscale data centers need high capability and modernized infrastructure to improve protection and support the critical IT equipment.

High-density networking servers in hyperscale data centers demand cooling, security management, and power solutions in order to facilitate energy-efficient operation. Major cloud service providers like Facebook Inc., Amazon, and Google LLC are making huge investments in the construction of hyperscale data center facilities.

2) Increasing adoption of data center services

The service segment is anticipated to account for a substantial market share on account of surging demand for scalable infrastructure for supporting high-end applications. Data center services such as monitoring, maintenance, consulting, and design help operators to better manage data centers and their equipment.

Enterprises often need professional, skilled, and managed service providers for the management of systems and optimization of data center infrastructure to obtain efficiencies. Professional service providers having the required technical knowledge and expertise in IT management and data center operations allow streamlining of business processes. These services help to significantly decrease the total cost of operations and maintenance of IT equipment.

3) Robust usage of cooling solutions

There is a proliferation of AI, driverless cars, and robots which are encouraging data center service providers to move strategic IT assets nearer to the network edge. These edge data centers are in turn rapidly shifting towards liquid cooling solutions to run real applications having full-featured hardware and lessen energy consumption for the high-density applications.

Key companies operating in the data center infrastructure market are Panduit Corporation, Hewlett Packard Enterprise Company, Black Box Corporation, Vertiv Group Co., ClimateWorx International, Eaton Corporation, Huawei Technologies Co., Ltd., Cisco Systems, Inc., ABB Ltd, Schneider Electric SE, Degree Controls, Inc., and Dell, Inc.



Top 4 Teleworking Vulnerabilities (and How to Mitigate Them)

Between social distancing guidelines and stay-at-home orders, it’s clear that we’ll all be spending a lot of time at home.

While many of us might normally work from home a day or two out of each week, few firms are used to having all their staff work from home for weeks at a time. 

This means that many companies have not implemented security measures that are most appropriate for a fully remote team.

To help you make the adjustment, here are some big-ticket vulnerabilities along with recommendations on how to best mitigate them.

1 – Using personal devices

The laptops and desktops your firm owns are secure. They have up-to-date patching and anti-malware. They have simple but important polices like an automatic screen lock. They’re backed up and might even have hard drive encryption and remote wipe capabilities.

Do the personal devices accessing your data even have anti-virus beyond Windows Defender? Are any running Windows 7, which has been out of support for months?

If a vulnerable machine is accessing your firm data, that data becomes vulnerable.

Best practice is to only allow your people to work from firm-owned equipment. If you try purchasing new equipment today, though, you will probably run into significant delays with manufacturing. Your second-best option is to roll out workstation management software to these personal devices. Your IT team can help with this.

2 – Heightened scam activity

Scammers are having a field day with this pandemic. We’re anxious, we’re distracted, we’re working with new and unfamiliar technologies, and we’re accessing confidential data outside of our secure office network.

In a span of just seven hours, cybersecurity company ESET detected 2,500 infections from malicious emails that played on COVID-19 themes. Phishing emails that appear to come from legitimate sources like the World Health Organization offer links or attachments with information about the spread, face masks, a vaccine—anything that will tempt recipients into clicking and infecting their machines with spyware, ransomware, or otherwise.

And the massive success of these scams means that hackers will double-down.

Fortunately, we can avoid these scams by practicing the same awareness tactics you’ve heard before:

-Don’t click links or download attachments you weren’t expecting.

-Watch for poor grammar and generic greetings (sir/ma’am)

-Don’t offer up personal information unless you can verify the request (by calling the sender, logging directly into your Facebook account, etc.)

Regarding coronavirus specifically, be sure to stick to official websites (WHO, CDC) for the latest news on the outbreak.

3 – Not using multi-factor authentication

Multi-factor authentication keeps you protected even if you make a mistake—which, as I mentioned above, is a lot more likely in today’s landscape.

Say you fall for a phishing scam and enter your Office 365 credentials onto a fake web page. But, your Office 365 account is set to send a verification code to your cell phone. Even with your email address and password in-hand, the hacker still can’t access your account unless they’ve also managed to steal your cell phone.

In January 1.2 million Microsoft accounts were compromised. Microsoft has said “multi-factor authentication would have prevented the vast majority of those one-million compromised accounts.”

Work with your IT team to (forcibly) enable multi-factor authentication on as many applications as you can. This is often not labor-intensive, and it can do wonders to keep your accounts locked down.

4 – Sharing devices with others

If you live with roommates or family members, you may find them asking to borrow your machine for anything from their distance learning assignments to streaming movies.

Whether this machine is personal device or owned by the firm, letting others onto the same equipment being used to store and access client data puts that data at risk. It only takes one wrong click to put your threat detection and response software—assuming any is installed—to the test.

And in some cases, someone just seeing an open document on your machine is a compliance violation.

Your firm policy may already have guidelines against sharing devices, but keep in mind that this is new territory for all of us, and that some may need help finding an alternative.


Heinan Landa, CEO and Founder of Optimal Networks, a globally-ranked IT services firm, and author of The Modern Law Firm: How to Thrive in an Era of Rapid Technological Change.

drugs biopharmaceutical


The political winds seem to be blowing in favor of a Congressional vote on the U.S.-Mexico-Canada Free Trade Agreement (USMCA) yet this fall. But before they vote, some Members of Congress want to talk over a few issues with the Trump administration’s negotiators. They are pressing the administration to lower intellectual property protections for the U.S. biopharmaceutical industry because they say the agreement’s provisions protecting original data generated by pharmaceutical inventors will drive up the price of prescription drugs.

Their arguments strike a political nerve but don’t offer a complete picture of this complex and evolving industry. The USMCA debate reflects a domestic difference in views. While the United States works to develop its regulatory framework for newer drugs, many other markets are further behind. As important as it is, the issue of data protection for biologic drugs is not well understood. We’ll try to cover the top lines.

Pieces of the Intellectual Property Puzzle

For American innovators of biopharmaceuticals, gaining access to overseas markets requires not only securing regulatory approvals; the policy environment must also be conducive to marketing their products, which includes a value-based approach to pricing, procurement, reimbursement policies – and intellectual property protections.

There are various facets to the intellectual property (IP) protections needed to incentivize massive investments in pharmaceutical innovation and to enable the recovery of those costs once a drug is commercialized. Patents are part of the package and so is the protection of proprietary data, the issue at the fore in discussions about USMCA.

These protections are particularly important to American companies. The intellectual property attached to 57 percent of the world’s new medicines was created in the United States. That’s no accident. Research and development activities flourish in countries where IP frameworks are well developed and enforced.

70% drug dev

What is Data Protection?

To achieve marketing approval from a regulatory oversight agency such as the U.S. Food and Drug Administration and its counterparts in other countries, innovator pharmaceutical companies submit data on the outcomes of their research and years of clinical trials demonstrating the drug is effective and safe. The cost and risks of developing the original data and product fall to the inventor.

When a generic producer or producer of a “biosimilar” seeks approval, they are often afforded the short cut of relying on the inventor’s data. To ensure a balance between incentivizing drug discovery and development while also providing opportunities for lower-cost copies to become available, the inventor’s data may be protected for a period of time against disclosure to generic or biosimilar producer. During this time, any competitor is free to undertake their own data and seek marketing approvals on that basis.

For How Long?

Provisions on data protection are not new in domestic regulations or in trade agreements. Since the Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS Agreement) in 1995, World Trade Organization (WTO) members have agreed not to disclose clinical data submitted to regulatory authorities to obtain marketing approval for pharmaceutical products, thereby protecting such data “against unfair commercial use”.

Negotiators of the TRIPS Agreement contemplated specifying that data protection should be no less than five years, but ultimately refrained from including a specific timeframe, leaving it to the discretion of WTO members in their national regulations. NAFTA, which took effect in 1994, provides a minimum of five years.

Enter a New Type of Drug

The timing of these provisions is relevant to the debate today. The TRIPs and NAFTA provisions apply to new “chemical entities,” meaning small molecule drugs – that is, most drugs on the market to date. These types of drugs are capable of being replicated through chemical synthesis to make generic drugs. For this reason, regulators tend to agree that requiring duplicate data from generics would be an inefficient use of resources and unnecessary testing of patients, as long as the generic product is proven “bioequivalent” to its reference product.

Biologics are newer medicines. They are large, complex molecules that are made from living cells to produce the required proteins. This manufacturing process is vastly more complex. A follow-on product is not identical, but rather structurally similar and thus called a “biosimilar”. An exact replica is not possible, and patients cannot automatically be switched from a biologic to its biosimilar without risk of adverse effects.

Given the differences between biologics and small molecule drugs, they are regulated differently, and the IP protections have been applied differently. Biologics are largely defined by their manufacturing processes and regulatory approval of biosimilars does not require identity with the reference product, so biologics must often rely only on process patents versus a product patent. Innovator companies argue a longer term of data protection is needed to bridge the differences in patent protection or to offset the lack of patent protections in some countries, while allowing them to recover the increased cost of generating the original data.

New Trade Provisions for Biologics

Given the longer innovation cycle and the increased cost and complexity of biologics, many governments have provided longer periods of data protection for biologics than for small molecule drugs.

In the United States, the Biologics Price Competition and Innovation Act signed into law by President Obama in 2016, provides for a 12-year period of regulatory data protection for biologics. American companies have sought the same standards from trading partners.

With new agreements in the WTO largely stalled, the focus of trade negotiations over the last decade has shifted to bilateral and regional trade agreements where provisions are often more detailed and tailored. In negotiations toward the Transpacific Partnership Agreement (TPP), the United States pushed for 12 years, but agreed to eight years for biologics from the date of first marketing approval and allowed flexibility in how data protections could be administered. When the United States withdrew from the TPP, the remaining members suspended the relevant provisions.

In the USMCA, American biopharmaceuticals again did not get everything they wanted. Canada and Mexico do not have to match the United States in providing 12 years but agreed to increase the duration of data protection to 10 years from the current standard of five years in Mexico and eight years in Canada.

10 years in USMCA

Why Push Trading Partners to Increase Data Protections?

Beyond North America, the so-called “pharmerging” markets (generally the large developing countries) are growing faster than the stable developed markets. China is by far the largest emerging market for pharmaceuticals. In many developing countries, patent systems are weak or poorly enforced. Regulatory data protection provides some buffer against IP exposure, making it viable and more attractive for companies to introduce their products in that market.

Less data protection and lack of enforcement diminish the potential for U.S. exports. It also leaves the door open for competitors to access unprotected U.S. data without the originator’s authorization. Trade agreement obligations help guard against the unfair commercial use of proprietary data and expand the degree of IP protections in global markets, which is a precursor to greater diffusion of innovative drugs to patients worldwide.

Back to the Core Concerns – Availability and Costs to Patients

Critics of USMCA’s provisions argue data protections keep the prices of biologics high by delaying the introduction of biosimilars. The first biosimilar product was approved in the U.S. market in March 2015. By March 2019, 18 had been approved. Many experts suggest biosimilars have lagged in the U.S. market due to slower changes to the U.S. regulatory system and patent litigation as the industry goes through the same growing pains it did with generic regulation.

As well, drug development is an inherently expensive and risky business, characterized by high failure rates. On average, the process of discovery and commercialization takes 10-15 years at a cost of $2.6 billion. Less than 12 percent of drug candidates make it all the way from lab to patient.

Because of the complexity and high fixed costs required to develop the capacity to manufacture biosimilars, it takes eight to 10 years for biosimilars to come to market, there are fewer entrants than is the case with generics, and the cost savings realized are 10 to 30 percent off the brand, versus an average of 80 percent achievable by generics. Considering the length of time normally required to achieve safe and reliable production of biosimilars, the data protection period in USMCA is unlikely to be a cause of undue delay in getting them to market. Data protection terms are also often less than the remaining patent term.

Your Loss is My Gain

The prominent healthcare research firm, IQVIA, forecasts the biopharmaceutical industry stands to lose $121 billion between 2019 and 2023 as periods of market exclusivity end. Eighty percent of that impact, or loss for innovators, will be in the U.S. market as nearly all of the top branded drugs will have generic or biosimilar competition.

IQVIA says competition among biosimilars is on a path to grow three-times larger in 2023 than it is today. If that’s so, savings over branded biologics could produce approximately $160 billion in lower spending just over the next five years, even as overall spending on biologic drugs grows.

This is part of the business cycle of the pharmaceutical industry and why the innovators maintain strong pipelines because they have limited exclusive time in the market before competitors arrive. That’s good for patients. The data protections in USMCA are not likely to materially impact this cycle or spending. When Canada and Japan lengthened their duration of data protection, drug spending as a percentage of GDP remained nearly flat.

ME losses

Reason for Optimism

Biologics are called the drug of tomorrow. They comprise nearly 70 percent of the innovation pipeline which includes some 4,500 drugs in development in the United States and another 8,000 globally.

Breakthrough products are expected for cancer treatments, autism and diabetes. This is great news, but specialty and niche products tend to come at a higher price so spending may increase as these new drugs enter the market. According to IQVIA, average spending on the brand versions will nonetheless decline from 8.2 percent of the U.S. market to 6.7 percent, a demonstration there’s a healthy market for originals and copies.

There would be no copies without the originals, which is why pharmaceutical regulatory and legal frameworks are full of public policy trade-offs to strike a balance that will support return on innovation while not impeding the availability of affordable drugs. As we make scientific progress, the systems that include IP protections must evolve to accommodate new types of drugs, new capabilities in data analytics and clinical practices, and even changing business models. Not doing so can imperil the pace of progress at precisely the moment when breakthroughs are on the horizon.


Andrea Durkin is the Editor-in-Chief of TradeVistas and Founder of Sparkplug, LLC. Ms. Durkin previously served as a U.S. Government trade negotiator and has proudly taught international trade policy and negotiations for the last fourteen years as an Adjunct Professor at Georgetown University’s Master of Science in Foreign Service program.

This article originally appeared on Republished with permission.

How to Survive the Coming Data Privacy Tsunami

Just as we have gotten used to the idea that the EU’s General Data Protection Regulation (GDPR) is a fact of life and have made modifications in our data collection procedures, the Brazil General Data Protection Law (LGDP), the California Consumer Privacy Act (CCPA), and waves of proposed new data privacy laws are swirling in the calm forewarning of a privacy tsunami heading our way. In the middle of such deep acronym swirls, it could be easy to be overwhelmed. However, all the privacy regulations share a number of commonalities and by addressing these now, you will be on high ground as the waves begin to pound.

The compliance life raft

While you will need to pay attention to the details of individual data regulations as they arise, whether already adopted, pending adoption, or only proposed, all the regulations share certain commonalities that you should consider addressing as part of ongoing operations.

1. Accountability and governance

At the heart of data privacy requirements is the aim to have organizations develop a plan to self-manage data in a way that respects end users. To address accountability and governance requirements in your organization, consider, have you:

-Reviewed the applicability and risk to the organization from data privacy issues, and considered alternatives, including insurance, in case you are fined?

-Mandated that data privacy become part of the policy program, including staff training, measurement, and compliance reporting?

-Clearly documented roles, responsibilities, and reporting lines to embed privacy compliance?

2. Consent and processing

A fundamental privacy regulation concept is that end users are aware when and why their data is collected, and what happens to it once it’s given. To address these requirements, ask yourself whether you have:

-Reviewed that the data being collected and used is necessary and for the benefit of completing a desired action by the user?

-Identified sensitive data and ensured it is treated as such through the use of special encryption or by validating vendor storage practices for sensitive data, etc.?

-Confirmed that user consent for data collection is clearly captured and documented, and that user data can be modified or erased?

3. Notifications and data rights

Gone are the days of legalese or simply taking data from users because we can. Data privacy regulations require transparency, user awareness, and forthright behavior by businesses. To ensure you get this right, ask yourself whether the organization has:

-Written user notices clearly so they can be easily understood—properly targeted to children where relevant—and are reflective of specific data collection and usage purposes?

-Updated the internal organization’s data privacy policy to clearly state the rights of prospects and customers regarding the collection and processing of their personal data?

-Created and tested processes to correct and delete all user data if needed?

Developed a solution to give users their data in a portable electronic format?

4. Privacy design

Organizations that treat privacy as a core design principle will always be in alignment with data privacy regulations. In my consulting experience, I see many self-disciplined organizations that have historically had good privacy practices and have little to address with each new law. To get to that state, ask whether you have:

-Created or updated the policy and associated process to embed privacy into all technology and digital projects, including those outsourced to vendors and partners?

5. Data breach notification

For many organizations, the question nowadays isn’t whether the organization will have a breach, but rather when will it happen and how will they respond. To address regulatory breach aspects, ask whether the organization has:

-Created (or reviewed and updated an existing) data breach policy and response plan to reflect detection, notification, and the actions to mitigate loss?

-Considered and obtained insurance for a possible data breach and regulatory penalties that the organization may face but not be able to handle on its own?

-Incorporated data breach terms and requirements into all vendor and third-party contracts?

6. Data localization

New data privacy regulations state where data physically must be stored, and if transferred to another country, what are the requirements for doing so. Your organization will be well positioned to meet this requirement if it can answer:

-Have we identified and updated all cross-border data flows from the country where the data is collected, and reviewed data export for on-premise and cloud solutions?

7. Children’s online privacy considerations

Data privacy regulations are concerned with end users, but  are even more strict about children and their online data protection and rights. It is best to get ahead of these issues by asking whether the organization has:

-Defined what data it collects from children, whether as a business practice or through efforts like “take your child to work day”?

-Are user notifications and online privacy statements written in a way that a child could understand them, and do they state that parental consent is required?

8. Contracting and procurement

Most businesses may struggle to understand exactly what personal user data is collected via websites, mobile applications, and other digital platforms, especially through third-party software solutions and vendors. To make sure that your organization isn’t caught out, ask whether you have:

-Reviewed and ensured that all vendors, customers, and third-party agreements reflect data regulatory requirements?

-Defined procurement processes such that privacy is integrated into all products and services the organization buys, including regarding data minimization, the visibility of onward data flows, and data ownership?

The bottom line

After years of collecting as much data as we could, we are starting to realize that all of that data has an evil twin: risk. In addition, consumers have become more aware that their data is a valuable resource, and they’re asking more questions about how it’s used and who has access to it. Governments, too, are starting to pay attention. Make sure that you get ahead of the coming data privacy regulatory waves before it becomes an unimaginable problem.

KRISTINA PODNAR is a digital policy innovator. For over two decades, she has worked with some of the most high-profile companies in the world and has helped them see policies as opportunities to free the organization from uncertainty, risk, and internal chaos. Podnar’s approach brings in marketing, human resources, IT, legal, compliance, security, and procurement to create digital policies and practices that comply with regulations, unlock opportunity, strengthen the brand and liberate employees.

Podnar speaks regularly at industry conferences, contributes articles to publications, and delivers masterclasses on digital policy. Podnar is the Principal of NativeTrust Consulting, LLC. She has a BA in international studies and an MBA in international business from the Dominican University of California and is certified as both a Change Management Practitioner (APMG International) and a Project Management Professional (Project Management Institute).

The Power of Digital Policy: A practical guide to minimizing risk and maximizing opportunity for your organization is available on Amazon and through other fine booksellers. For more information, visit Kristina @ and on LinkedIn and Twitter.