Greetings from IAPP headquarters in Portsmouth, NH!
Fall is here, and foliage season in full swing in New England with some unseasonably warm weather. It’s hard to believe that P.S.R. ended a week ago, but we’re ramping up for the IAPP Europe Data Protection Conference in Brussels early next month. If you’ll be attending, I’ll be there, so be sure to come say "hi." I’d love to chat.
As we near the end of the year, the fate of Section 702 of the Foreign Intelligence Surveillance Act, which is set to expire Dec. 31, is heating up. The Senate Intelligence Committee voted 12-3 to move forward with legislation to renew the internet surveillance program through Dec. 31, 2025. The panel also adopted a provision submitted by Sen. Mark Warner, D-Va., that would require the Federal Bureau of Investigation to send queries about U.S. data to the FISA Court.
Not everyone on the committee, however, is happy with the legislation. Sens. Ron Wyden, D-Ore., and Rand Paul, R-Ky., along with 12 other senators, have offered an alternative and more privacy-protective bill, called the USA Rights Act, which would essentially close a loophole that allows intelligence agencies from searching data on U.S. citizens without a warrant. The bill has received the support of the ACLU and 40 other civil society groups. Notably, it would expand the oversight jurisdiction of the Privacy and Civil Liberties Oversight Board. Since there is an impending expiration date on Section 702, it will be interesting to watch this area in the coming months.
Another controversial development came down the pike this week when U.S. Vice President Mike Pence broke a 50-50 tie in the U.S. Senate to repeal a Consumer Financial Protection Bureau rule that prohibited financial organizations from using mandatory pre-arbitration agreements and allowed consumers to file class-action lawsuits. Surely this will please the financial industry, but is a knock on law firms that file class-action lawsuits in this area.
Speaking of financial privacy law, we also featured the latest GDPR matchup this week. This one focuses on how several U.S. financial laws matchup with the EU General Data Protection Regulation. If you’re in this space, and are doing business in Europe, be sure to check this analysis out.
And how can we go a week without talking about Equifax? Yesterday, Motherboard reported that a security researcher warned the credit monitoring company months before the breach that individual data, including Social Security numbers, was accessible, and that he was able to take control of some of the organization’s servers. Hopefully this incident will serve as a turning point for better organization-wide data protection. For more details on how to take advantage of the Equifax data breach, be sure to listen to The Privacy Advisor Podcast interview with UnitedLex Chief Privacy Officer Jason Straight, CIPP/US. It’s a lively and valuable conversation from last week’s P.S.R.
Well, wishing you a relaxing weekend. I’ll be raking leaves, and watching some football. Go Patriots!
If you want to comment on this post, you need to login.