What is, and which organizations have to appoint a DPO?
A Data Protection Officer (DPO) is a person in charge of verifying the compliance of personal data processing with the applicable law. The DPO communicates information on processing personal data such as its purposes: interconnections, types, categories of data subjects, length of retention and department(s) in charge of implementing processing. DPOs may be required by law or recommended.
Under United States law there is no specific requirement that data controllers, and even more specifically employers, appoint a data protection officer.
The Health Insurance Portability and Accountability Act (HIPAA) requires that employers designate an employee to have the overall responsibility for a company’s compliance with the HIPAA Privacy Rule. The HIPAA Privacy Rule sets the national standards to protect individuals’ personal health information, such as medical records.