Recently enacted privacy legislation in California reminds us that it is not new for that state to lead the charge in developing privacy and data security standards in the United States. California was one of the first states to provide an express right of privacy in its constitution. In 2002, California became the first state to enact breach-notification legislation; 45 states, the District of...
This week, read about California’s continued push towards privacy protections including Gov. Jerry Brown signing into law an amendment to the California Online Privacy Protection Act that requires websites to disclose in privacy policies how they react to Do-Not-Track signals, the passing of the “eraser law” and movement on a bill that would extend the employee social media law to public agencies. Meanwhile, a Minnesota court has determined the state is not responsible for an employee’s alleged inappropriate accessing of driver’s license records, and the Fourth U.S. Circuit Court of Appeals has ruled in favor of a former Virginia deputy sheriff saying his Facebook “Like” is protected by the First Amendment. Plus, read about legislative activity in the EU, Singapore, Australia and South Africa.
U.S. Courts and states have been taking things into their own hands in terms of privacy law these days, and this week is no exception. While recent cases have mainly tackled the Stored Communications Act, this week’s news highlights a court decision upending the way the Telephone Consumer Protection Act has been interpreted. California continues to push forward privacy bills, with the “eraser law” that would allow youths to erase misguided posts, and while industry and regulators clash on the EU data protection law’s timeline, France is pushing the EU to adopt a plan that would see non-EU tech firms regulated and taxed based on where their websites are used.
A U.S. District Court cited the Stored Communications Act as protecting “friend-only” posts on Facebook; one expert questions whether the False Light Tort is still relevant, and Apple’s new fingerprint authentication could bring up interesting questions about invoking the Fifth Amendment when it comes to accessing biometrically protected data and devices. Plus, more on HIPAA, California’s leading role in privacy legislation, breach notification in the EU and Brazil’s struggle to pass a privacy law.
Find out about Google’s push to get its e-mail scanning case dismissed, changes to the HIPAA final rule, the latest FTC settlement, updates on proposals in California and new laws in New Jersey and Illinois—and those are just the U.S. developments. In Europe, one MEP has expressed “major concern” regarding two data breach notification schemes proposed under the draft Network and Information Security Directive and the planned General Data Protection Regulation.
Last week saw a new law in South Africa, new guidelines from the Australian privacy commissioner, a new breach notification requirement in effect in the EU and U.S. states tackling big issues like e-mail and location privacy in the absence of forward motion on a federal level. Also, a series of cases in Minnesota questions the liability of government agencies when an employee violates the Driver’s Privacy Protection Act.
Having first been tabled in August 2009, the Protection of Personal Information Bill (POPI) has taken just over four years to get to the point where it was passed by the South African National Assembly on 20 August. All that stands in the way of POPI becoming law is its translation into Afrikaans and the signature of South African President Jacob Zuma.
The California state Senate passed a bill that would require require certain website operators and online service providers to disclose whether they honor users’ “do not track” requests; a bill proposed to the Michigan Assembly could mean fines and jail time for law enforcement officers who track suspects using GPS without a warrant; Wisconsin is poised to be the ninth state this year to pass an employee social media privacy law, and, in Brazil, work is ongoing towards the nation’s first set of data protection and Internet governance laws—including a new amendment requiring data to be stored locally, which is raising concerns among U.S. tech companies.
The privacy news seems to have stirred up more legal questions than answers this week. With effective dates coming up for HIPAA in the U.S. and FOIA reforms in the UK, privacy pros are figuring out the new lay of the land. Court cases in the U.S. and France bring up e-mail privacy questions, both in and out of the workplace, and in the UK one court ruling may reveal a need for stronger data destruction policies. Lastly, an article from The New York Times questions the new trend of class-actions leaving plaintiffs empty-handed.
The lasting legacy of California’s SB 1386, more about the court case that has some questioning BYOD policies and congressional delays to reforming the Electronic Communications Privacy Act. Plus, read about key changes included in amendments to the Ukrainian privacy law and a contentious New Jersey bill that would allow warrantless cellphone searches.