Hearing on Breach Notification
The House Energy and Commerce Subcommittee on Commerce, Manufacturing, and Trade held a hearing last Thursday that saw industry groups pushing for a federal data breach notification law. Bloomberg reports that the push aims to create one streamlined process to preempt the differing requirements in 46 states and the District of Columbia.

Corporate Counsel reports this is the fourth time in eight years the house has considered such a law. “The subcommittee called six witnesses representing technological and telecommunications trade groups, privacy software companies, and academia,” all of whom advocated for a federal standard, but differed on how it should read.

Hulu Argues No VPPA Violation
The online streaming company Hulu is facing a potential class-action lawsuit for violating the Video Privacy Protection Act (VPPA) for disclosing its customers viewing habits. While the company admits to sharing the information, it argues in court papers that because the data is associated with an ID number and not personal information there is no violation.

“The consumers alleged in their lawsuit that third parties could figure out people's identities from their User IDs, given that Hulu included the User ID in the Web page addresses of users' profile pages,” MediaPost reports. Hulu claims in the court papers to have stopped this practice two years ago.

Judge Orders Google To Reveal Blogger
A Manhattan judge says there is compelling enough evidence to unveil the identity of an anonymous blogger who has created blogs titled frederickschulmancrookedattorney.com and stopfrederickschulman.blogspot.com, reports The Wall Street Journal. “The web blogs…are causing actual, pecuniary injury to Mr. Schulman’s reputation as a zealous advocate for consumers against debt collection companies,” states Schulman’s court petition. Google questioned the necessity of revealing the bloggers identity, but the judge has ordered them to do so, though Schulman has yet to even file a defamation suit. The blogger has an opportunity to challenge the discovery, according to the report. Unless that happens, Google has two weeks to comply. (Registration may be required to access this story.)
Full Story

Congressmen Introduce Bill To Curb ID Theft of Deceased
Reps. Sam Johnson (R-TX) and Xavier Becerra (D-CA) have introduced HR 2720 to address the privacy of recently deceased individuals. “The bill would mandate that, starting January 2014, only death information older than three years would be made publicly available through the (Social Security Administration’s Death Master File), which will prevent criminals from filing fraudulent tax returns before the legitimate family files its return,” states the press release.

Bill To Spur EHR integration Between DoD and VA
Sen. Bill Nelson (D-FL) introduced The Servicemembers' Electronic Health Record Act of 2013 (S. 1296), to set a one-year timeline for the integration of electronic health records between the Department of Defense and the Department of Veterans’ Affairs, among other things, reports FierceEMR.

The bill would amend the Wounded Warrior's Act and requires the agencies to create standard forms and methods for data sharing, including giving consideration to storing data in the cloud.

According to the report, a similar bill has been proposed in the Senate (H 2590), which has 44 co-sponsors and has been referred to the House Armed Services and Veteran's Affairs Committees.

Judge Allows Orgs To Seek Dismissal of Wyndham Lawsuit
In a closely watched case, a federal judge in New Jersey will allow the U.S. Chamber of Commerce and other organizations to seek dismissal of a lawsuit filed by the Federal Trade Commission (FTC) against Wyndham Worldwide Corp, Computerworld reports. TechFreedom’s Berin Szoka said, “The FTC has this broad authority to make what is known as common law for information security not unlike the common law where courts make a decision and others can study and understand that law.” As a consequence, companies do not have much by way of guidance from the FTC for what constitutes deceptive and unfair practices. University of California Berkeley Prof. Chris Hoofnagle said the dismissal is a “Hail Mary effort to stop the FTC from enforcing its unfairness power.”
Full Story

Lawmakers Preparing Legislation in the Wake of NSA Surveillance
In light of NSA surveillance programs that have recently garnered the world’s attention, Sen. Al Franken (D-MN) is drafting legislation that he writeswill require the federal government to annually report how it uses key authorities under the Patriot Act and the Foreign Intelligence Surveillance Act, including the authorities underlying the phone metadata and the PRISM electronic surveillance programs that recently came to light.”

Rep. Mike Rogers (R-MI), chairman of the House Intelligence Committee, said on Wednesday that he would draft legislation in the coming months to add more privacy protections to government surveillance programs.

According to The Huffington Post, Rep. Adam Schiff (D-CA) is preparing legislation that would create a privacy advocate to appear in front of the Foreign Intelligence Surveillance Court. This newest draft is the third proposal in Schiff’s push to reform the FISA court. He has also drafted laws “to declassify and publish the court's opinions and to shift the power to choose its 11 judges from the Supreme Court's chief justice to the president,” the report states.

CA Ballot Initiative Could Establish "Very Different Set of Privacy Rules"
A former California state senator and a trial lawyer have filed a “potentially revolutionary draft ballot initiative” with the California Attorney General’s Office, writes DLA Piper’s Jim Halpert for Technology’s Legal Edge. The initiative would restrict business and government disclosures of a broad range of personally identifiable information, Halpert writes, which could only be disclosed in narrow circumstances. If voters approve the initiative, California’s constitution would be amended to include “a very broad opt-in privacy regime with narrow exceptions…bringing to California a very different set of privacy rules than apply anywhere in the United States.” It would result in major cost increases for both business and government operations, Halpert writes.
Full Story

States Reviewing Policies Due to Anonymity Concerns
Some U.S. state are reviewing their policies on the collection and sale of health information based on concerns around patient anonymity in publicly available databases of hospital records, Bloomberg reports. Washington, for example, has suspended distribution of such information and requires buyers to sign a confidentiality agreement, after it was revealed some patients of hospitals in the state could be identified by name and their conditions exposed. Tennessee, Nevada and Arizona have begun privacy audits, and California, Illinois, New Jersey, Massachusetts, Connecticut, Nebraska and Alaska already have reviews under way. While health care providers are forbidden from releasing patient information under HIPAA, states are exempt from the law.
Full Story


UK ICO Says License-Plate Cameras Broke Law
The Hertfordshire Constabulary’s use of seven cameras to monitor traffic coming and going from the town is against the law, reports BBC. The force failed to carry out a privacy impact assessment, and according to Stephen Eckersley, head of enforcement at the Information Commissioner’s Office, "The use of ANPR (automatic number plate recognition) cameras and other forms of surveillance must be proportionate to the problem it is trying to address. After detailed inquiries…we found that this simply wasn't the case in Royston." The police have been ordered to remove the cameras unless they can justify the use.


Chinese Ministry Issues Telecom, ISP Privacy Rule
The Ministry of Industry and Information Technology of the People’s Republic of China has issued a new rule entitled Provisions on the Protection of Personal Information of Telecommunications and Internet Users, reports Hunton & Williams’ Privacy and Information Security Law Blog. The rule aims to implement the requirements of last December’s Decision on Strengthening Protection of Online Information, and is in keeping with the nation’s push toward protecting personal information.

The rule imposes requirements on the collection and use of personal information by telecommunications and Internet service providers including collection limitations, use limitations, access and correction rights and breach notification.

Federal Law in UAE: Photo and Video Without Consent Is Illegal
After the arrest of an official for assault, the official’s family has filed a case against the person who videoed the attack on the grounds of privacy invasion, reports Emirates 24/7. The cameraman has been arrested under Article 378 of the penal code, which makes publishing by any means material of an individual’s private life against the law.

“It is not allowed for anyone to film others without the permission of the public prosecutor, or with the written permission of the person(s) who appear in the pictures. In this case it will be considered a violation of privacy,” said Major General Khamis Mattar Al Muzinah, acting chief of Dubai Police, adding, “At modern times in my view this law is highly significant in protecting a person’s private/family affair.”

Written By

Emily Leach, CIPP/US


If you want to comment on this post, you need to login.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Advertise in IAPP Publications

Find out how to get your message in front the people you want to reach. Download a media kit now.

Get more News »

Find a KnowledgeNet Chapter Near You

Network and talk privacy at IAPP KnowledgeNet meetings, taking place worldwide.

Women Leading Privacy

Events, volunteer opportunities and more designed to help you give and get career support and expand your network.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

The Training Post—Can’t-Miss Training Updates

Subscribe now to get the latest alerts on training opportunities around the world.

New Web Conferences Added!

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Staff

Get your team up to speed on privacy by bringing IAPP training to your organization.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

Learn more about IAPP certification »

Get Close-up

Looking for tools and info on a hot topic? Our close-up pages organize it for you in one easy-to-find place.

Where's Your DPA?

Our interactive DPA locator helps you find data protection authorities and summary of law by country.

IAPP Westin Research Center

See the latest original research from the IAPP Westin fellows.

Looking for Certification Study Resources?

Find out what you need to prepare for your exams

More Resources »

GDPR Comprehensive: Registration Open

New! Intensive two-day GDPR training led by the sharpest minds in the field. It's a can't-miss event.

The Congress Is Cancelled

The IAPP Europe Data Protection Congress 2015 is cancelled. Click through to learn more.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

Exhibit at an Event

Put your brand in front of the largest gatherings of privacy pros in the world. Learn more.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»