Illinois Gov. Signs Student HIV Privacy Law
Illinois Governor Pat Quinn signed into law a bill to protect the privacy of students with HIV, reports Austin Weekly News. The law, introduced by state Rep. La Shawn Ford (D-Chicago) means that the state Department of Public Health and local health departments are no longer required to notify school principals of a student’s positive HIV status. Ford has been trying to get this bill passed since 2008, noting that it is “not only important for the privacy and confidentiality for students, but is also important for public health."
New Jersey 12th State To Pass Workplace Social Media Law
New Jersey Gov. Chris Christie has signed A2878, a law restricting employer access to the social media accounts of employees and perspective employees, making the state the 12th to pass such a law. According to a Mondaq report, the terms provide exceptions for certain law enforcement-related agencies and allow for employers to implement and enforce policies on company-issued devices accounts or services; conduct investigations, and comply with requirements of the law. Employers who violate the law may face civil penalties of as much as $1,000 for the first violation and $2,500 for each subsequent violation.
Google Wants "Precedent-Setting" Case Dismissed
Google has asked for a case against it, concerning its alleged electronic scanning of Gmail users’ e-mails for the purpose of sending targeted ads, to be dismissed, Associated Press reports. In a San Jose, CA, court on Thursday, Google said “all users of e-mail must necessarily expect that their e-mails will be subject to automated processing.” The suit was filed on behalf of 10 people and is expected to be certified as a class-action. It’s also predicted to be a “precedent-setting case for other e-mail providers,” the report states.
One-Hour Breach Reporting Provision Scrapped
A proposal that would require state health insurance exchanges to report data breaches to federal regulators within an hour of their discovery has been dropped from the final regulation, GovInfoSecurity reports. Instead the Department of Health and Human Services (HHS) will rely on the “strict” breach reporting provisions included in the HHS final rule, to be published in the Federal Register, slated to take effect by October 1.
FTC Reaches First "Internet of Things" Settlement
TRENDnet, a maker of Internet-connected home video cameras, has agreed to settle with the Federal Trade Commission (FTC) over charges “that its lax security practices exposed the private lives of hundreds of consumers to public viewing on the Internet,” an FTC press release states, adding, “This is the agency’s first action against a marketer of an everyday product with interconnectivity to the Internet and other mobile devices—commonly referred to as the ‘Internet of Things’ (IoT).” The FTC alleges the business failed to use “reasonable security to design and test its software, including a setting for the cameras’ password requirement.” Under terms in the settlement, TRENDnet must not misrepresent the security of its products and must create a comprehensive information security program and undergo a biannual third-party audit for the next 20 years. The FTC will host a roundtable in November exploring the privacy issues surrounding the IoT.
The Internet Has Grown Up, Why Hasn't the Law?
“The greatest threat to an American's reputation and online privacy is Section 230 of the Communications Decency Act,” writes Andrew Bolson, CIPP/US. It impacts the ability of individuals to prevent and stop cyber bullying, cyber harassment and cyber defamation. While the problems of Section 230 have achieved attention, there have been few solutions presented to challenge the status quo. In this exclusive for The Privacy Advisor, Bolson examines why the law hasn’t grown up alongside the Internet.
Looking Beyond the New HIPAA Rules
As HIPAA-covered entities and business associates scramble to revamp compliant HIPAA privacy and security policies and grapple with the new HITECH components of the HIPAA rules, the job may not be over, according to Wiley Rein Partner Kirk J. Nahra, CIPP/US. In this Privacy Perspectives post, Nahra observes “there is a wide range of other privacy and security practices, rules, laws and regulations that must be met—and the laundry list is evolving almost constantly,” adding, “It’s taken so long for the HITECH rules to become final that we’ve seen a whole new set of issues arise across the healthcare industry, resulting in a set of new challenges that must be addressed at the same time—and continuing beyond September’s HIPAA compliance date—for the healthcare industry and their service providers.”
California To Require Do-Not-Track Disclosures
The California Senate and Assembly passed an amendment to the California Online Privacy Protection Act, which the governor is expected to sign, that will require commercial websites and services that collect personal data to disclose how they respond to Do-Not-Track signals, AdWeek reports. California Assemblyman Al Muratsuchi (D-66th District) introduced the bill, which was also sponsored by Attorney General Kamala Harris—who’s been pushing for privacy protections and consumer privacy enforcement actions. The bill does not prohibit tracking but “does require websites to choose sides to either honor or ignore Do-Not-Track browser signals,” the report states.
California Suspends RFID Legislation
In the wake of concerns from privacy groups, California legislators have suspended SB 397, which would have allowed RFID chips to be embedded into driver’s licenses and state identification cards, Wired reports. California’s Assembly Appropriations Committee put the legislation on hold “despite it having been approved by the California Senate, where it likely will be reintroduced in the coming months,” the report states, noting, “Had the measure passed, it would have transformed the Sunshine State’s standard form of ID into one of the most sophisticated identification documents in the country, mirroring the four other states that have embraced the spy-friendly technology.”
Breach Notification Schemes Prompt "Major Concern"
Out-Law.com reports on a draft opinion from the European Parliament's Civil Liberties, Justice and Home Affairs Committee in which Swedish MEP Carl Schlyter cites a “major concern” regarding two data breach notification schemes proposed under the draft Network and Information Security Directive and the planned General Data Protection Regulation. “A major concern that remains regards the relationship of the proposed system to the notification system proposed under the General Data Protection Regulation, and their effective coexistence, which is one of the reasons we highlight the fact that any EU cybersecurity legislation should follow the adoption of the General Data Protection Regulation, not precede it," Schlyter writes.
If you want to comment on this post, you need to login.