Privacy Commissioner Timothy Pilgrim has voiced support for mandatory breach legislation, CSO reports. Attorney-General Mark Dreyfus has announced the government will introduce legislation to take effect in March that will require companies to disclose data breaches.
After unanimously passing both houses of the Texas state legislature, HB 2268 has landed on Gov. Rick Perry’s desk for enactment, Ars Technica reports. If signed, Texas would host the nation’s strongest e-mail privacy bill.
Schnucks Markets claims a potential class-action lawsuit filed against it in an Illinois state court belongs in federal court because of the case’s scope and damages involved, Computerworld reports. The St. Louis-based grocer has filed a motion for removal.
Over the past two weeks, several states have enacted or initiated privacy legislation. California has moved forward on a security breach notification law, and Maine has considered a 911 privacy bill. Topping state legislative action, however, are social media privacy laws. From Utah to New Jersey, states are clamping down on the employer practice of requiring employees and applicants to disclose social media passwords. In this roundup, we take a look at these initiatives and some concerns that these social media laws could conflict with the Financial Industry Regulatory Authority.
Washington’s governor has signed a law prohibiting employers from asking potential employees for passwords to social media accounts, the Associated Press reports. The bill was sponsored by state Sen. Steve Hobbs (D-Lake Stevens), who said he was pleased the bill passed.
Singapore’s Personal Data Protection Act will come into effect on July 2, 2014, ZDNet reports, and “organizations will need to complete data inventory mapping, process audits, staff training and publication of various processes” by that date.
Research reports on calls to hold off on the proposed Application Privacy, Protection and Security (APPS) Act. The Marketing Research Association (MRA) is concerned the act would empower the Federal Trade Commission (FTC) “to define what the term ‘personal data’ meant, as the MRA had already seen in a previous act’s amendment debate that the FTC thought this meant that almost any piece of information could be personally identifiable,” the report states.
The Wall Street Journal reports on the current “high-stakes legal battle over whether a federal agency can use its consumer-protection powers to police cybersecurity practices at American companies.” Wyndham Worldwide Corp. has asked a federal judge to throw out the Federal Trade Commission’s (FTC) complaint, arguing there is no precedent for holding a company responsible for the actions of hackers.