In this week’s Privacy Tracker weekly roundup, read about Singapore’s draft Healthcare Services Bill, which would restrict the sharing of health data stored in the National Electronic Health Records database. In the U.K., an amendment has been added to the data protection bill to provide relief to security researchers, and the Information Commissioner’s Office recently issued fines for nuisance marketing, lax security and the use of private detectives by an insurance company. In the U.S., Congress extended Section 702 of the Foreign Intelligence Surveillance Amendments Act; two senators introduced the Data Breach Prevention and Compensation Act, which would set mandatory penalties for data breaches at credit reporting agencies; the Connecticut Supreme Court has established a right to medical privacy; and lots more.

LATEST NEWS

BNA reports, the Council of the European Union will open negotiations with the European Parliament on a new law to ease the flow of non-personal data in an effort to the region’s digital single market.
More

Telecompaper reports that the Dutch data protection authority has appointed four new directors.
More

Singapore’s draft Healthcare Services Bill would restrict the sharing of health data stored in the National Electronic Health Records, reports Straits Times.
More

The U.S. House has passed an act requiring the Department of Homeland Security to prepare a report outlining policies and procedures it has developed to coordinate cybersecurity disclosures, reports The National Law Review.
More

The Connecticut Supreme Court has established a right to medical privacy, allowing patients to sue health care providers that fail to keep their medical records safe, reports Courthouse News.
More

A bill is moving through Florida’s House aiming to eliminate fees for data breach victims who want to place a credit freeze on their credit reports, reports WLRN.
More

North Carolina’s attorney general and Sen. Josh Stein have introduced legislation requiring companies to report a data breach to the AG and consumers within 15 days, reports Healthcare IT News.
More

Oregon’s governor has appointed its first public records advocate, who will be responsible for resolving disputes over records requests and to lead its Public Records Advisory Council in examining policies and practices, reports KTVZ.
More

A Rhode Island state senator has introduced a bill that would require businesses to disclose the personal information they have collected on R.I. customers online, reports Warwick Post.
More

The Wisconsin Senate is considering a bill to exempt certain police body camera footage from open records request without the consent of the individuals involved in the footage, reports the Marquette Wire.
More

ICYMI

In this installment of the Privacy Tracker GDPR matchup series, Alex Wall, CIPP/E, CIPP/US, CIPM, compares the provisions of the GDPR with South Korea's Personal Information Protection Act.
More

Timothy Banks, CIPP/C, CIPM, writes for Privacy Tracker about two decisions out of Canada's Supreme Court helping to clarify privacy in text messaging, noting that they "also demonstrate that courts in Canada are still struggling with the implications of any privacy interests in text messages." 
More

In this quick-and-dirty special edition of The Privacy Advisor Podcast IAPP Westin Fellow Lee Matheson, CIPP/E, CIPP/US, talks to Angelique Carson, CIPP/US, on what privacy pros should know Thursday’s vote to renew Section 702 of the Foreign Intelligence Surveillance Amendments Act for six years.
More

The odds that the Federal Communication Commission's repeal of Obama-era net neutrality rules will be reversed look increasingly likely. In this exclusive for The Privacy Advisor, Angelique Carson, CIPP/US, looks at what a repeal of the rules would mean, and why the 9th Circuit decision on AT&T v. FTC complicates matters a bit. 
More

Diego Fernandez of Marval, O'Farrell & Mairal writes for Privacy Tracker about Argentina's new Agency of Access to Public Information.
More

The U.S. Federal Trade Commission has announced its first-ever enforcement action against a connected-toy manufacturer. After a two-year investigation in collaboration with the Office of the Privacy Commissioner of Canada, which in turn collaborated with Hong Kong's PCPD, the FTC found that VTech Electronics and its U.S. subsidiaries violated the Children's Online Privacy Protection Act and the FTC Act and will pay a $650,000 fine. IAPP Staff Writer Molly Hulefeld reports on the case, in this exclusive for The Privacy Advisor.
More

US

Sens. Elizabeth Warren, D-Mass., and Mark Warner, D-Va., have introduced the Data Breach Prevention and Compensation Act, which would set mandatory penalties for data breaches at credit reporting agencies, American Banker reports.
More

The U.S. House of Representatives voted Thursday morning to renew Section 702 of the Foreign Intelligence Surveillance Amendments Act, USA Today reports.
More

Maryland's General Assembly is set to discuss the state’s paid sick-leave bill when it convenes later this week, The Washington Post reports. Gov. Larry Hogan vetoed the bill in its current form, citing concern over a provision that would allow businesses to ask for verification if more than two consecutive days of paid leave were needed.
More

ASIA PACIFIC

India’s Supreme Court is set to re-examine a colonial-era law outlawing sex between men, known as Section 377, after referring it to a larger bench for examination before October, the Guardian reports.
More

CANADA

The Office of the Information and Privacy Commissioner of Alberta said last year saw a record 162 breaches that posed a risk of significant harm to affected individuals, more than double any previous year, CBC reports.
More

EUROPE

The European Commission's Directorate-General for Justice and Consumers has issued a "Notice to stakeholders: withdrawal of the United Kingdom and EU rules in the field of data protection."
More

An amendment has been added to the U.K. data protection bill to provide relief to security researchers, the Guardian reports.
More

The U.K. Information Commissioner’s Office has charged four companies a combined total of 600,000 GBP for their role in disturbing people with nuisance marketing.
More

The U.K. Information Commissioner’s Office has fined Carphone Warehouse 400,000 GBP after a security vulnerability left one of its computer systems compromised in a 2015 cyberattack.
More

Marking the first conviction from an inquiry by the U.K. Information Commissioner’s Office into a company’s use of private detectives, insurance company Woodgate and Clark Ltd, as well as two senior staff, received fines totaling more than 150,000 GBP for illegally obtaining banking records during an investigation, the Guardian reports.
More