Hearing on Breach Notification
The House Energy and Commerce Subcommittee on Commerce, Manufacturing, and Trade held a hearing last Thursday that saw industry groups pushing for a federal data breach notification law. Bloomberg reports that the push aims to create one streamlined process to preempt the differing requirements in 46 states and the District of Columbia.
Corporate Counsel reports this is the fourth time in eight years the house has considered such a law. “The subcommittee called six witnesses representing technological and telecommunications trade groups, privacy software companies, and academia,” all of whom advocated for a federal standard, but differed on how it should read.
Hulu Argues No VPPA Violation
The online streaming company Hulu is facing a potential class-action lawsuit for violating the Video Privacy Protection Act (VPPA) for disclosing its customers viewing habits. While the company admits to sharing the information, it argues in court papers that because the data is associated with an ID number and not personal information there is no violation.
“The consumers alleged in their lawsuit that third parties could figure out people's identities from their User IDs, given that Hulu included the User ID in the Web page addresses of users' profile pages,” MediaPost reports. Hulu claims in the court papers to have stopped this practice two years ago.
Judge Orders Google To Reveal Blogger
A Manhattan judge says there is compelling enough evidence to unveil the identity of an anonymous blogger who has created blogs titled frederickschulmancrookedattorney.com and stopfrederickschulman.blogspot.com, reports The Wall Street Journal. “The web blogs…are causing actual, pecuniary injury to Mr. Schulman’s reputation as a zealous advocate for consumers against debt collection companies,” states Schulman’s court petition. Google questioned the necessity of revealing the bloggers identity, but the judge has ordered them to do so, though Schulman has yet to even file a defamation suit. The blogger has an opportunity to challenge the discovery, according to the report. Unless that happens, Google has two weeks to comply. (Registration may be required to access this story.)
Congressmen Introduce Bill To Curb ID Theft of Deceased
Reps. Sam Johnson (R-TX) and Xavier Becerra (D-CA) have introduced HR 2720 to address the privacy of recently deceased individuals. “The bill would mandate that, starting January 2014, only death information older than three years would be made publicly available through the (Social Security Administration’s Death Master File), which will prevent criminals from filing fraudulent tax returns before the legitimate family files its return,” states the press release.
Bill To Spur EHR integration Between DoD and VA
Sen. Bill Nelson (D-FL) introduced The Servicemembers' Electronic Health Record Act of 2013 (S. 1296), to set a one-year timeline for the integration of electronic health records between the Department of Defense and the Department of Veterans’ Affairs, among other things, reports FierceEMR.
The bill would amend the Wounded Warrior's Act and requires the agencies to create standard forms and methods for data sharing, including giving consideration to storing data in the cloud.
According to the report, a similar bill has been proposed in the Senate (H 2590), which has 44 co-sponsors and has been referred to the House Armed Services and Veteran's Affairs Committees.
Judge Allows Orgs To Seek Dismissal of Wyndham Lawsuit
In a closely watched case, a federal judge in New Jersey will allow the U.S. Chamber of Commerce and other organizations to seek dismissal of a lawsuit filed by the Federal Trade Commission (FTC) against Wyndham Worldwide Corp, Computerworld reports. TechFreedom’s Berin Szoka said, “The FTC has this broad authority to make what is known as common law for information security not unlike the common law where courts make a decision and others can study and understand that law.” As a consequence, companies do not have much by way of guidance from the FTC for what constitutes deceptive and unfair practices. University of California Berkeley Prof. Chris Hoofnagle said the dismissal is a “Hail Mary effort to stop the FTC from enforcing its unfairness power.”
Lawmakers Preparing Legislation in the Wake of NSA Surveillance
In light of NSA surveillance programs that have recently garnered the world’s attention, Sen. Al Franken (D-MN) is drafting legislation that he writes “will require the federal government to annually report how it uses key authorities under the Patriot Act and the Foreign Intelligence Surveillance Act, including the authorities underlying the phone metadata and the PRISM electronic surveillance programs that recently came to light.”
Rep. Mike Rogers (R-MI), chairman of the House Intelligence Committee, said on Wednesday that he would draft legislation in the coming months to add more privacy protections to government surveillance programs.
According to The Huffington Post, Rep. Adam Schiff (D-CA) is preparing legislation that would create a privacy advocate to appear in front of the Foreign Intelligence Surveillance Court. This newest draft is the third proposal in Schiff’s push to reform the FISA court. He has also drafted laws “to declassify and publish the court's opinions and to shift the power to choose its 11 judges from the Supreme Court's chief justice to the president,” the report states.
CA Ballot Initiative Could Establish "Very Different Set of Privacy Rules"
A former California state senator and a trial lawyer have filed a “potentially revolutionary draft ballot initiative” with the California Attorney General’s Office, writes DLA Piper’s Jim Halpert for Technology’s Legal Edge. The initiative would restrict business and government disclosures of a broad range of personally identifiable information, Halpert writes, which could only be disclosed in narrow circumstances. If voters approve the initiative, California’s constitution would be amended to include “a very broad opt-in privacy regime with narrow exceptions…bringing to California a very different set of privacy rules than apply anywhere in the United States.” It would result in major cost increases for both business and government operations, Halpert writes.
States Reviewing Policies Due to Anonymity Concerns
Some U.S. state are reviewing their policies on the collection and sale of health information based on concerns around patient anonymity in publicly available databases of hospital records, Bloomberg reports. Washington, for example, has suspended distribution of such information and requires buyers to sign a confidentiality agreement, after it was revealed some patients of hospitals in the state could be identified by name and their conditions exposed. Tennessee, Nevada and Arizona have begun privacy audits, and California, Illinois, New Jersey, Massachusetts, Connecticut, Nebraska and Alaska already have reviews under way. While health care providers are forbidden from releasing patient information under HIPAA, states are exempt from the law.
UK ICO Says License-Plate Cameras Broke Law
The Hertfordshire Constabulary’s use of seven cameras to monitor traffic coming and going from the town is against the law, reports BBC. The force failed to carry out a privacy impact assessment, and according to Stephen Eckersley, head of enforcement at the Information Commissioner’s Office, "The use of ANPR (automatic number plate recognition) cameras and other forms of surveillance must be proportionate to the problem it is trying to address. After detailed inquiries…we found that this simply wasn't the case in Royston." The police have been ordered to remove the cameras unless they can justify the use.
ASIA AND THE MIDDLE EAST
Chinese Ministry Issues Telecom, ISP Privacy Rule
The Ministry of Industry and Information Technology of the People’s Republic of China has issued a new rule entitled Provisions on the Protection of Personal Information of Telecommunications and Internet Users, reports Hunton & Williams’ Privacy and Information Security Law Blog. The rule aims to implement the requirements of last December’s Decision on Strengthening Protection of Online Information, and is in keeping with the nation’s push toward protecting personal information.
The rule imposes requirements on the collection and use of personal information by telecommunications and Internet service providers including collection limitations, use limitations, access and correction rights and breach notification.
Federal Law in UAE: Photo and Video Without Consent Is Illegal
After the arrest of an official for assault, the official’s family has filed a case against the person who videoed the attack on the grounds of privacy invasion, reports Emirates 24/7. The cameraman has been arrested under Article 378 of the penal code, which makes publishing by any means material of an individual’s private life against the law.
“It is not allowed for anyone to film others without the permission of the public prosecutor, or with the written permission of the person(s) who appear in the pictures. In this case it will be considered a violation of privacy,” said Major General Khamis Mattar Al Muzinah, acting chief of Dubai Police, adding, “At modern times in my view this law is highly significant in protecting a person’s private/family affair.”