In this week’s Privacy Tracker roundup, read about a bill introduced in the U.S. House of Representatives by Reps. Randy Neugebauer (R-TX) and John Carney (D-DE) that “would require companies to notify customers following a breach and set nationwide data security standards.” Read the latest on several proposed state laws in the U.S. as well as Oman’s draft information protection law. In Australia, the Office of the Privacy Commissioner has made a ruling on metadata, and in Canada, a cyberbullying law continues to raise concerns. And read why one expert believes the EU needs a “digital regulator.”

LATEST NEWS

A new bipartisan data breach notification has been introduced in the U.S. House of Representatives “weeks after lawmakers were unable to get a floor vote for a previous effort,” The Hill reports. The bill, introduced by Reps. Randy Neugebauer (R-TX) and John Carney (D-DE) as companion legislation to a bill from Sens. Tom Carper (D-DE) and Roy Blunt (R-MO), “would require companies to notify customers following a breach and set nationwide data security standards.”

ADVERTISEMENT

Syrenis ad, a privacy professional's AI checkilist

The White House has given its support to a bill proposed by Reps. Luke Messer (R-IN) and Jared Polis (D-CO), The Hill reports. The Student Digital Privacy and Parental Rights Act “would bar school technology vendors from selling student information to third parties or from creating student profiles for noneducational purposes.”

Connecticut’s Supreme Court has heard oral arguments on an appeal that tests the scope of coverage afforded for a business’s data loss or theft events under its Commercial General Liability insurance’s ‘Personal Injury’ coverages,” Lexology reports.

An invasion of privacy bill has passed in Oregon’s House of Representatives to “increase the penalties for people who secretly record video of unsuspecting victims during private moments,” KGW reports.

Virginia Gov. Terry McAuliffe has vetoed legislation “that would have limited how long law enforcement may store data from license-plate readers and other surveillance technology,” The Washington Post reports. The American Civil Liberties Union of Virginia has questioned the veto and plans to “file suit to ensure compliance with Virginia’s current law regulating the collection and storage by government agencies of personal information about Virginians.”

Delaware Sen. Dave Sokola (D-Newark) has introduced a bill to “limit what private companies and contractors can do with student data and set up a governance structure for the state's management of student information,” NewsWorks reports.

The U.S. Department of Health and Human Services has announced Colorado-based Cornell Pharmacy has agreed to a $125,000 settlement “for violating federal privacy laws,” 9News reports.

Electronic Privacy and Information Center (EPIC) has sued the U.S. Drug Enforcement Administration (DEA). EPIC says the DEA is required to publish privacy impact assessments for its data collection programs but has failed to do so for several of its programs.

Australian Privacy Commissioner Timothy Pilgrim “has ruled that metadata is personal, finding that Telstra must hand over information it holds about a journalist, two years after he exercised his legal right to see his personal metadata,” ABC reports.

Oman’s draft information protection law seeks to “make it mandatory for government and private institutions to take necessary steps to protect data they collect about citizens and individuals for official and other purposes,” Times of Oman reports.

ICYMI

The Data Quality Campaign offers an update on U.S. federal and state student privacy bills in this Privacy Tracker post, including the updated Student Digital Privacy and Parental Rights Act of 2015 and new bills in North Dakota and Virginia.

Earlier this month, the National Association of Insurance Commissioner's (NAIC) Cybersecurity Task Force announced its Principles for Effective Cybersecurity Insurance Regulatory Guidance, Alexander White, CIPP/C, CIPP/E, CIPP/G, CIPP/US, CIPM, summarizes them for privacy pros in this Privacy Tracker post.

U.S.

A bill that would revise the controversial USA PATRIOT Act to curb bulk collection of U.S. citizens' phone and Internet records has overwhelmingly passed the House Judiciary Committee, The New York Times reports. Washington Examiner suggests “intense debate” is coming over cybersecurity legislation in the Senate.

The Supreme Court "agreed to hear Spokeo v. Robins, which could potentially make it easier for plaintiffs to bring class-action lawsuits against Internet companies for allegedly violating consumer data and privacy laws," The Wall Street Journal reports.

Among a slew of legislative proposals for a data breach notification bill, Sen. Patrick Leahy (D-VT) is set to introduce a breach proposal that would set a floor and not preempt stronger state laws, The Hill reports.

Tech companies and the U.S. Chamber of Congress are urging legislators "to extend American privacy protections to foreigners in Europe," The Hill reports.

In this exclusive for The Privacy Advisor, Jedidiah Bracy, CIPP/E, CIPP/US, reports on the Federal Communications Commission’s public workshop on consumer privacy in the broadband space and the tensions comprising this complex landscape.

Sen. Al Franken (D-MN) urged the Department of Transportation to further regulate airlines' use of "personalized pricing," which allows the industry to charge consumers different prices for airline tickets depending on their ZIP codes, StarTribune reports.

U.S. companies may not have to disclose certain cybersecurity breaches if proposed legislation introduced in Congress should pass, The Wall Street Journal reports, while Business Solutions considers how the proposed Protecting Cyber Networks Act will impact healthcare IT.

JD Supra takes a close look at Nevada’s data breach law.

ZDNet reports on two competing cybersecurity bills aimed at reforming computer misuse laws: the draft Data Breach Notification and Punishing Cyber Criminals Act and The Computer Fraud and Abuse Act.

CreditUnionTimes examines several legal cases involving bring-your-own-device.

CANADA

Two years after its passage, Nova Scotia’s Cyber Safety Act continues to be “criticized for being too broad and praised for being effective,” The Star reports.

EU

Maryland Law Prof. Frank Pasquale reacts to leaked documents from the office of EU Digital Commissioner Günther Oettinger in which the regulator called for "a central EU-wide body with the power to monitor platforms' use of data, and to resolve disputes between the operators and the businesses they serve." In this column for The Guardian, Pasquale writes, "This is far-sighted, important planning."