On December 16, the District Court in the District of Columbia issued an opinion finding that the NSA program that has gotten significant attention due to the revelations of Edward Snowden was likely unconstitutional. In Klayman v. Obama, five plaintiffs sued a variety of government officials as well as private companies and sought preliminary injunctive relief based upon the assertion that the NSA program was unconstitutional and violated other statutes. In what ended up making big news, the court concluded there was a substantial likelihood the plaintiffs would prevail on their Fourth Amendment claims and issued an injunction. In this article, Andrew Serwin unpacks the court’s decision.
Last year, U.S. Senate Commerce Committee Chairman Jay Rockefeller asked the Government Accountability Office (GAO) to investigate privacy issues pertaining to companies that collect, aggregate and sell personal information about consumers. In late November, the GAO publicly released the resulting report, “Information Resellers: Consumer Privacy Framework Needs to Reflect Changes in Technology and the Marketplace.” What did the GAO examine, and, in the short term, how might Congress respond to the GAO’s findings and, when they are published, Senator Rockefeller’s own scheduled report?
France is receiving criticism for a new law expanding government agencies’ access to Internet data; a European Court of Justice advocate has deemed the data retention directive in violation of citizens’ fundamental privacy rights, and in the U.S., a petition to update the Electronic Communications Privacy Act has received more than 100,000 signatures. This week, Privacy Tracker reports on these developments as well as new administrative measures for Chinese credit reference agencies, U.S. states’ challenges to NSA surveillance and new fining powers for the Dutch data protection authority.
The Genetic Information Non-Discrimination Act of 2008 (GINA) regulates employers’ collection, use, safeguarding and disclosure of “genetic information,” making it a privacy statute—and one with which it is becoming increasingly difficult to comply, writes Philip Gordon. Social media posts celebrating a family member’s cancer remission or a son’s trip to the ER for asthma contain “genetic information” in the eyes of GINA, Gordon writes, adding, “Recent (Equal Employment Opportunity Commission) enforcement actions and private class-action filings as well as the increasing prevalence of personal social media in the workplace highlight the need for organizations to address, or revisit, their compliance with GINA.” Find out more about the EEOC’s implementing regulations and how to mitigate risk in your organization.
This week’s Privacy Tracker legislative roundup includes the IAPP’s coverage of the European Commission’s report critiquing the EU-U.S. Safe Harbor agreement and offering the U.S. 13 ways to save it, and insight from Eduardo Ustaran, CIPP/E, on the report. You’ll also find information on the United Nation’s approval of an unlawful surveillance resolution, why India may have to wait a little longer for a privacy law and South Africa’s new law. In the U.S., more regions are considering social media laws and DNA databases, and courts have decided cases relating to COPPA and consumer privacy.
In the U.S., FTC v. Wyndham will decide whether the company’s “failure to safeguard personal information caused substantial consumer injury” and whether the FTC even has the authority to regulate data security; the GAO is pushing for comprehensive federal law governing the collection, use and sale of personal data by businesses, and Sen. Franken is calling for regulation over biometric data before the horse leaves the barn. In the EU, the debate over Safe Harbor continues, with Albrecht and Reding saying EU residents need to be able take data privacy complaints to U.S. courts. The Office of the Australian Information Commissioner (OAIC) has released the final set of Australian Privacy Principles that cover access to and correction of personal information, and in Canada learn about Alberta’s need to create a new Privacy Act and why Bill C-30 is back in the news. All this and more, in this week’s Privacy Tracker legislative roundup.
Last month, California passed a new amendment to the California Online Privacy Protection Act (CalOPPA) that requires companies that collect personal information from Californians to address how they respond to Do-Not-Track (DNT) signals from browsers in their online privacy policies.According to Stephanie Sharron and Emily Tabatabai, CIPP/US, the legislation “may raise as many questions as it answers,” because due to the lack of consensus from the W3C, “companies are required to disclose how they respond to a browser’s DNT signals, when there is no consensus on what the DNT signal means in the first place.” So what are companies to do? Find out about the options in this Privacy Tracker blog post.
The Supreme Court of Canada, in a unanimous ruling, has determined that the Alberta privacy law is unconstitutional and has given the province one year to amend it; A federal judge in Vermont has ruled there can be no expectation of privacy when it comes to data exposed online via a peer-to-peer file-sharing network, and the New Zealand Parliament has voted down a bill that would have given the privacy commissioner increased powers. Meanwhile, the FTC has asserted its power over parental-consent methods, Brazil is calling for a crackdown on government surveillance and Italy’s data protection authority and intelligence department have entered into a cooperation protocol. This week’s Privacy Tracker roundup has these stories and more.
Death of the Box: Why the Criminal History Question on Job Applications Is Heading Towards Extinction
As privacy professionals know too well, organizations that handle personal information, especially personal information that can trigger security breach notification obligations, have an overwhelming need to screen out untrustworthy applicants from positions that permit access to such data. One tool that many organizations have used for years is straightforward enough—asking applicants to...