# Data privacy
<a name="data-privacy"></a>


|  LSSEC02: How do you determine and enforce data privacy requirements?  | 
| --- | 
|   | 

 Data privacy requirements vary across the globe. For example, in the US, the handling of protected health information (PHI) is governed by [HIPAA](https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html). In the EU, [GDPR](https://gdpr.eu/), [Clinical Trial Regulations](https://www.ema.europa.eu/en/human-regulatory/research-development/clinical-trials/clinical-trials-regulation), and others may apply. 

**Topics**
+ [LSSEC02-BP01 Determine applicable regulatory frameworks and enforce data privacy requirements by implementing controls](lssec02-bp01.md)