SB 1386 10 Years Later and the Path Forward
“Whether or not you view the passage of California's SB 1386 data privacy law in 2003 as a watershed moment in the information security world, few can argue that its enactment significantly changed the infosec playing field,” writes Randy Sabett for Search Security. Sabett predicts that the trend started by SB 1386 “of increasingly proactive and granular state data privacy laws will continue to evolve” by focusing on the obligations of stakeholders—mainly those that are collecting the data, and he also expects to see federal privacy legislation. “For now though, it seems that there are too many stakeholders with varied interests to get an ‘omnibus-style’ bill on the books.”
Ohio Case Demonstrates Danger in BYOD Policies
JDSupra Law News analyzes the recent case in the Northern District of Ohio demonstrating the tension between employer control and employee privacy when it comes to bring-your-own-device (BYOD) policies. In Lazette v. Kulmatycki, an employer read the personal e-mails of a former employee after she turned in her Blackberry device, thinking she’d deleted the account. The employer was found to be at fault, but prosecutors had to stretch a bit to convict him under existing laws. “At a macro level, this case should be a warning to employers to continue to be careful with personal information in a BYOD environment,” the report states. “The potential liability for employers could be significant.”
Vote Delayed on E-Mail Warrant Bill
The Hill reports on the delay in “a vote on legislation that would require police to obtain a warrant before accessing e-mails and other online messages.” Senate Judiciary Committee Chairman Patrick Leahy (D-VT) had pressed for a vote prior to the August recess, “but at least one Republican objected to the bill,” resulting in the delay, the report states. If passed, the legislation will limit law enforcement’s ability to access private online messages. Currently, the Electronic Communications Privacy Act of 1986 only requires a subpoena to require Internet companies to provide access to such communications if they have been opened or are more than 180 days old.
Will Congress Legislate Glass?
In a world where laws are constantly playing catch-up with technology, Google Glass offers a possibility for preemptive legislation.
Politico reports that four states have introduced laws to ban Google’s wearable computer Glass while driving; casinos and healthcare facilities are also beginning to ban it; it’s not allowed in the Speaker's Lobby of Congress, and now Congress is trying to figure out what to do about the privacy and legal issues surrounding the device. All before it’s even available for public consumption.
Judge Rules Apple Can't Dismiss Class-Action
A federal judge has ruled that Apple cannot dismiss a class-action alleging it let third parties upload user information from applications on their mobile devices, Courthouse News Service reports. The judge said lead plaintiff Maria Pirozzi was able to make a “causal connection” between statements Apple made about the iPhone and the safety of its apps and her loss, the report states. “Plaintiffs alleged loss is clear: Apple claimed that apps could not access data from other apps…in actuality they can and have.”
New Jersey Bill To Allow Warrantless Cellphone Searches Contested
Proving illegal cellphone use was the cause of a car crash can be difficult for law enforcement. So one New Jersey lawmaker aims to make the process easier by proposing legislation that would allow police to search through a driver’s cellphone after a crash without a warrant, South Jersey Times reports. Sen. James Holzapfel (R-Ocean) proposed the legislation in June, but privacy advocates have called it unconstitutional. “We’re entitled to have a zone of privacy, and just because technology threatens to pierce that zone of privacy…doesn’t mean we should give up our constitutional protections,” said a trial lawyer and privacy expert.
Ukraine Amends Personal Data Protection Law
On July 3, the Ukrainian Parlaiment amended its privacy law effective January 1, 2014, reports Lexology. The amendment will transfer the functions of the State Service of Ukraine on Personal Data Protection to the Ombudsmen, whom data controllers will be required to notify of the processing of “high risk” personal data. There have also been changes to notification periods and the definition of “consent” to data processing has been removed altogether.
According to Lexology, “It remains unclear whether previously registered databases will need to be notified to the Ombudsman.” (Registration may be required to access full story.)
If you want to comment on this post, you need to login.