Reps. Call for Delay of Death Master File
Reps. Sam Johnson (R-TX) and Xavier Becerra (D-CA) have introduced HR 2720, which would delay the publication of the Social Security Administration’s Death Master File. According to Allen American Star, if the bill passes, only death information released three years after a person’s death would be made available. The bill is an effort to combat the use of deceased individuals’ information for identity theft.
Minnesota Agencies See Spate of Data-Access Lawsuits
Five lawsuits have been filed against officials from the Minnesota Department of Natural Resources (DNR) and Department of Public Safety claiming one DNR official inappropriately accessed the information of 5,000-plus citizens. The employee has been fired and criminally charged in a separate case, but the officials say they are not liable for the man’s violations.
Main Justice reports the defendants claim that under the Driver’s Privacy Protection Act there are protections for government agencies intending to shield agency officials from being responsible for violations by others who have access to the database. While the defendants are distancing themselves from the man’s actions, they argue that the act allows states to make driver’s license data available to law enforcement and other agencies and does not impose data access or monitoring rules on states.
The former wife of a Duluth police officer has also filed a suit, claiming inappropriate access of her driver’s license data by the Duluth Police Department, St. Louis Country Sherriff’s Office and others.
In both situations, plaintiffs claim the driver’s license database offers access to more sensitive information, namely health data and Social Security numbers, but the DNR defendants’ filing rejects these claims, citing an audit of law enforcement use of state databases.
States Taking Lead in E-mail, Location Privacy
After delays in congressional efforts to update the Electronic Communications Privacy Act (ECPA), some states are taking matters into their own hands, reports The Washington Post. Texas and Montana have both passed e-mail privacy laws—and Montana went a step further, becoming the first in the nation to pass location-tracking legislation. Maine passed a law requiring a warrant for police to access text messages, and Massachusetts lawmakers are considering an e-mail and geolocation privacy bill for mobile device data. New York and Florida have also announced plans to tackle this issue in their next session. But, as the report states, “state-level laws cover only state-level authorities and can’t compel federal investigators. For that, there must be congressional action.” (Registration may be required to access this story.)
Oregon State Bill Would Track Drivers' Mileage
Oregon lawmakers have approved a bill that would tax drivers not on the amount of gas their cars burn but on the number of miles driven. The program, which would commence in 2015 with volunteers, would use technology to track drivers’ mileage, but that has raised concerns about government surveillance of driving habits. In response to such concerns, the legislation limits who can see the information reported by tracking devices and requires the state and private entities tracking the data to destroy location information from participating drivers within 30 days of using it for billing, Stateline reports.
OIPC: GPS Tracking of Employees Is OK
BC’s Office of the Information and Privacy Commissioner (OIPC) has ruled that two elevator companies in the province can continue to use GPS technology to keep tabs on their employees, The Canadian Press reports. The employees had filed complaints that the practice violated their privacy. The OIPC did rule, however, that one of the companies must temporarily suspend the practice until it provides better notice to workers about data collection and use. One privacy advocate says the case indicates the need for new discussions about tracking given advances in technology since legislation on the matter was crafted. Meanwhile, Postmedia News suggests appropriate privacy policies can help keep employers out of trouble.
New Data Breach Notification Requirement in Effect
SC Magazine reports on the new data breach reporting requirement in the EU. The requirement took hold last week and requires telecommunications and Internet service providers in the EU to report a data breach to authorities within 24 hours of the moment the breach is discovered. Meanwhile, in an exclusive for The Privacy Advisor, Laura Vivet Tañà, CIPP/US, CIPP/E, examines the proposed EU data protection regulation’s breach notification rule, including such key elements as what should be considered as a personal data breach, the notification requirement and consequences of a security breach.
Safe Harbor May Be Controversial in the European Union, But It Is Still the Law
Safe Harbor has become a target for retribution in light of revelations about the National Security Agency's PRISM program. It has come under fire from Rapporteur Jan Albrecht and the Article 29 Working Party, among others. While various officials have promised reviews and improvements to the framework, none have yet been released. In this exclusive for The Privacy Advisor, Damon Greer, who directed the EU-U.S. and Swiss Safe Harbor frameworks from 2006-2011, discusses Safe Harbor's fate.
OAIC Releases Draft Guidelines
The Office of the Australian Information Commissioner (OAIC) has released the draft Australian Privacy Principle (APP) guidelines for public feedback, Computerworld reports. The guidelines outline how the OAIC will interpret and apply the APPs, which go into effect in March of next year, the report states. Australian Privacy Commissioner Timothy Pilgrim said the new laws require government agencies and private-sector organisations to be more open and transparent on data handling. “This will give people a better understanding of how their information will be handled so that they can make an informed decision about interacting with the entities covered by the Privacy Act,” he said.
National Assembly Passes POPI
In this Privacy Tracker post, Eversheds’ Paula Barrett and Penelope Jarvis examine South Africa’s Protection of Personal Information Bill (POPI), passed by the South African National Assembly this month. “All that stands in the way of POPI becoming law is its translation into Afrikaans and the signature of South African President Jacob Zuma,” they write. Barrett and Jarvis examine the history of the legislation and detail what you need to know about POPI, including the conditions that must be met to process personal data legally and information on compliance and enforcement.
If you want to comment on this post, you need to login.