In this Privacy Tracker weekly legislative roundup, read about the prospects of German advocacy groups getting the right to sue businesses, the status of the Philippines’ cybercrime law and proposals in the U.S. pushing for less data collection and more consumer protections. The Utah attorney general has stopped using administrative subpoenas for cellphone and Internet data, saying “writing yourself a note to go after that stuff without any check is too dangerous,” while the Senate looks at a bill that would mean law enforcement needs a judge’s order as well. Also, Orin Kerr has published an article supposing what a communication privacy act might look like if the U.S. scrapped ECPA and started from scratch, and there’s a handy interactive map outlining the status of social media privacy laws throughout the U.S.
In the U.S., guidelines and court rulings have offered insight on everything from drone use to workplace audio recordings, while, internationally, questions still loom about the future of Safe Harbor and national leaders have presented an Internet privacy resolution to the UN. Kazakhstan’s privacy law is scheduled to come into effect this month, and Indonesia is looking into consolidating its sectoral coverage into an overarching law. Also in this week’s roundup is analysis of India’s privacy bill, California’s spate of privacy laws and insight from the FTC and the New Jersey Attorney General’s Office on how to avoid the wrath of regulators.
In February of this year, President Obama issued an Executive Order on Improving Critical Infrastructure Cybersecurity. The Executive Order directed the National Institute of Standards and Technology (NIST) to develop a Cybersecurity Framework to assist owners and operators of critical infrastructure in addressing cybersecurity risks. On October 29, NIST published a preliminary version of the...
In February, President Obama signed an Executive Order that put into motion a number of initiatives aimed at improving the cybersecurity posture of the “critical infrastructure” of the United States. Among the Order’s most significant provisions is Section 7, which directs the Commerce Department via its National Institute of Standards and Technology (NIST) to develop a voluntary Cybersecurity...
Europe and Brazil are looking at possible changes to their data protection enforcement regimes. In the U.S., the Senate hearing discussing NSA surveillance practices indicated possible changes to the USA PATRIOT Act, California is considering a digital license plate bill, the New Jersey Supreme Court ruled warrants are needed for cell phone data and one report suggests the landscape for privacy class-actions may be changing.
Lawmakers recently released a draft of proposed legislation that would enact as law much of the Cybersecurity Framework from the National Institute of Standards and Technology.
Yesterday, Sen. Patrick Leahy (D-VT), with the co-sponsorship of Sens. Lee (R-UT), Udall (D-CO), Wyden (D-OR), Blumenthal (D-NY) and Tester (D-MT), proposed the FISA Accountability and Privacy Protection Act of 2013 to “strengthen privacy protections, accountability and oversight related to domestic surveillance conducted pursuant to the USA PATRIOT Act and the Foreign Intelligence Surveillance Act of 1978.” Privacy Tracker reports on the proposed changes, including allowing challenges to gag orders in court, expanding public reporting of national security letters and requiring a comprehensive review of the FISA Amendments Act by the inspector general of the intelligence community.
TechNewsDaily says that, as part of the fallout from the NSA leak, there has been a “surge in proposed privacy legislation concerning devices and their growing monitoring capabilities.” In addition to the Texas e-mail law and action in Maine to restrict drone use; federal lawmakers are working toward vehicle and TV consumer privacy bills, and others are working to restrict government collection of data. Whether due to the NSA revelations or not, anti-surveillance does seem to be the latest trend in privacy law.
Here’s something a bit unnerving: Life-saving and life-enhancing medical devices—pacemakers, patient monitors, and imaging scanners, for example—are vulnerable to hackers and malicious intrusions. Those vulnerabilities can, of course, have catastrophic impacts on patients who rely on those devices, but even patient fear of these vulnerabilities can have adverse repercussions.
The Wall Street Journal reports on the current “high-stakes legal battle over whether a federal agency can use its consumer-protection powers to police cybersecurity practices at American companies.” Wyndham Worldwide Corp. has asked a federal judge to throw out the Federal Trade Commission’s (FTC) complaint, arguing there is no precedent for holding a company responsible for the actions of hackers.