In the U.S., guidelines and court rulings have offered insight on everything from drone use to workplace audio recordings, while, internationally, questions still loom about the future of Safe Harbor and national leaders have presented an Internet privacy resolution to the UN. Kazakhstan’s privacy law is scheduled to come into effect this month, and Indonesia is looking into consolidating its sectoral coverage into an overarching law. Also in this week’s roundup is analysis of India’s privacy bill, California’s spate of privacy laws and insight from the FTC and the New Jersey Attorney General’s Office on how to avoid the wrath of regulators.
U.S. Courts and states have been taking things into their own hands in terms of privacy law these days, and this week is no exception. While recent cases have mainly tackled the Stored Communications Act, this week’s news highlights a court decision upending the way the Telephone Consumer Protection Act has been interpreted. California continues to push forward privacy bills, with the “eraser law” that would allow youths to erase misguided posts, and while industry and regulators clash on the EU data protection law’s timeline, France is pushing the EU to adopt a plan that would see non-EU tech firms regulated and taxed based on where their websites are used.
On September 3, the Fifth Circuit reversed and remanded a District Court ruling that dismissed a negligence claim based solely on economic losses in Lone Star National Bank v. Heartland Payment Systems, Inc. Though the Fifth Circuit stopped short of deciding any dispositive issues, the decision has important implications concerning the scope of liability for data breaches.
Schnucks Markets claims a potential class-action lawsuit filed against it in an Illinois state court belongs in federal court because of the case’s scope and damages involved, Computerworld reports. The St. Louis-based grocer has filed a motion for removal.
Over the past two weeks, several states have enacted or initiated privacy legislation. California has moved forward on a security breach notification law, and Maine has considered a 911 privacy bill. Topping state legislative action, however, are social media privacy laws. From Utah to New Jersey, states are clamping down on the employer practice of requiring employees and applicants to disclose social media passwords. In this roundup, we take a look at these initiatives and some concerns that these social media laws could conflict with the Financial Industry Regulatory Authority.
The Wall Street Journal reports on the current “high-stakes legal battle over whether a federal agency can use its consumer-protection powers to police cybersecurity practices at American companies.” Wyndham Worldwide Corp. has asked a federal judge to throw out the Federal Trade Commission’s (FTC) complaint, arguing there is no precedent for holding a company responsible for the actions of hackers.
A number of U.S. states have passed or are working on various types of privacy legislation—from employee privacy to breach notification. Most notably, California has pulled a bill that would have required businesses to disclose to consumers data they have collected on them. The Pennsylvania Senate has passed a law that would require state agencies to notify residents of a breach “as soon as possible.” And the Texas House has also “tentatively” approved similar social media legislation.