Members of Parliament on the House of Commons Justice Select Committee have called for courts in the United Kingdom to be given greater powers to imprison and fine individuals who breach the Data Protection Act (“DPA”). The Committee stated in its October 18, 2011 report that the current penalties for unlawfully obtaining personal data (under Section 55 of the DPA) are an inadequate deterrent, and urged the government to exercise its power to introduce prison sentences without delay. Although currently a magistrates’ court can issue fines of up to £5,000 for breaches of Section 55 (and the Crown Court can impose unlimited fines), in practice, penalties often are limited to only a few hundred pounds.
On October 24, 2011, Israel’s Data Protection Authority, the Israeli Law, Information and Technology Authority in the Israeli Ministry of Justice (“ILITA”), announced significant developments in an information theft case affecting more than nine million Israeli citizens. In 2006, a contract worker hired by Israel’s Ministry of Welfare and Social Services downloaded a copy of Israel’s population registry to his home computer. The registry later fell into the hands of a software developer and a hacker before being disseminated on the Internet along with a program that allowed users to run searches and queries on the data. The stolen personal information included full names, identification numbers, addresses, dates of birth, dates of immigration to Israel, family status, names of siblings and other information.
As reported in the Hunton Employment & Labor Perspectives Blog:
California Governor Jerry Brown recently signed into law Senate Bill No. 559 (SB 559), which prohibits discrimination based on an individual’s genetic information. While SB 559 significantly expands the protections from genetic discrimination provided under the federal Genetic Information Nondiscrimination Act of 2008 (GINA), at this time, its impact on most California employers is thought to be limited to the potential for greater damages to be awarded under it than under its federal counterpart.
As reported in the Hunton Employment & Labor Perspectives Blog, on October 10, 2011, California became the seventh state to enact legislation restricting public and private employers alike from using consumer credit reports in making hiring and other personnel decisions. Assembly Bill No. 22 both adds a new provision to the California Labor Code -- Section 1024.5 -- and amends California’s Consumer Credit Reporting Agencies Act (“CCRAA”). Effective January 1, 2012, California employers will be prohibited from requesting a consumer credit report for employment purposes unless they meet one of the limited statutory exceptions, and those employers meeting an exception, will be subjected to increased disclosure requirements. Connecticut, Illinois, Hawaii, Oregon, Maryland and Washington already have similar laws on the books, and many other states, as well as the federal government, are contemplating similar legislation. This trend creates a potential “credit-centric” minefield for employers that do business in any one or more of these states. In light of the multiple laws affecting their use, employers who utilize consumer credit reports in making personnel decisions should proceed cautiously. Employers must evaluate the need for these reports in making personnel decisions, review and modify their policies to ensure compliance with the myriad of regulations in this area, and monitor any new developments to ensure continued compliance.
On October 20, 2011, Mexico’s Ministry of Economy made public an update to its proposed Regulations to the Federal Law for the Protection of Personal Data Held by Private Parties. The new draft regulations, which contain changes made in light of public comments on the prior version, will take effect if they receive final executive approval, which may happen later this year. The updates to the draft regulations include:
- Rules specific to cloud computing
- Clarification of notice requirements
- Clarification of consent requirements
- Exemptions for certain business contact ...
On October 13, 2011, the Securities and Exchange Commission Division of Corporation Finance issued disclosure guidance (“Guidance”) regarding cybersecurity matters and cyber incidents. While the Guidance does not change existing disclosure requirements, it does add specificity to existing requirements. In some respects, that specificity is helpful, but the Guidance fails to take into account the uncertainty that inevitably accompanies efforts to assess and disclose cybersecurity matters and incidents.
Read a detailed summary of the Guidance and analysis regarding ...
Last month, two New Jersey judges issued opposing decisions in class action lawsuits regarding merchants’ point-of-sale ZIP code collection practices. The conflicting orders leave unanswered the question of whether New Jersey retailers are prohibited from requiring and recording customers’ ZIP codes at the point of sale during credit card transactions.
On October 10-12, 2011, the Council of Europe’s Bureau of the Consultative Committee of the Convention for the Protection of Individuals with regard to the Automatic Processing of Personal Data (known as the “T-PD-Bureau”) met in Strasbourg, France, to discuss, among other things, amending the Council of Europe’s Convention 108 and Additional Protocol. Convention 108 (together with the Protocol), which underlies the European Union’s legal framework for data protection, is the only legally-binding international convention that addresses data protection. Amendment of the Convention is also closely linked to the current review of the EU data protection framework.
On October 17, 2011, the French Data Protection Authority (the “CNIL”) launched a public consultation on cloud computing (the “Consultation”). The Consultation seeks to gather opinions from stakeholders (clients, providers, consultants) regarding cloud computing services for businesses, to identify legal and technical solutions that address data protection concerns while taking into account the economic interests involved.
On October 10, 2011, the French Data Protection Authority (the “CNIL”) released a video of newly-elected Chairwoman Isabelle Falque-Pierrotin presenting her priorities and vision for the future of the CNIL. Ms. Falque-Pierrotin was elected as the new Chair of the CNIL on September 21, 2011.
Search
Recent Posts
Categories
- Behavioral Advertising
- Centre for Information Policy Leadership
- Children’s Privacy
- Cyber Insurance
- Cybersecurity
- Enforcement
- European Union
- Events
- FCRA
- Financial Privacy
- General
- Health Privacy
- Identity Theft
- Information Security
- International
- Marketing
- Multimedia Resources
- Online Privacy
- Security Breach
- U.S. Federal Law
- U.S. State Law
- Workplace Privacy
Tags
- Aaron Simpson
- Accountability
- Adequacy
- Advertisement
- Advertising
- American Privacy Rights Act
- Anna Pateraki
- Anonymization
- Anti-terrorism
- APEC
- Apple Inc.
- Argentina
- Arkansas
- Article 29 Working Party
- Artificial Intelligence
- Australia
- Austria
- Automated Decisionmaking
- Baltimore
- Bankruptcy
- Belgium
- Biden Administration
- Big Data
- Binding Corporate Rules
- Biometric Data
- Blockchain
- Bojana Bellamy
- Brazil
- Brexit
- British Columbia
- Brittany Bacon
- Brussels
- Business Associate Agreement
- BYOD
- California
- CAN-SPAM
- Canada
- Cayman Islands
- CCPA
- CCTV
- Chile
- China
- Chinese Taipei
- Christopher Graham
- CIPA
- Class Action
- Clinical Trial
- Cloud
- Cloud Computing
- CNIL
- Colombia
- Colorado
- Commodity Futures Trading Commission
- Compliance
- Computer Fraud and Abuse Act
- Congress
- Connecticut
- Consent
- Consent Order
- Consumer Protection
- Cookies
- COPPA
- Coronavirus/COVID-19
- Council of Europe
- Council of the European Union
- Court of Justice of the European Union
- CPPA
- CPRA
- Credit Monitoring
- Credit Report
- Criminal Law
- Critical Infrastructure
- Croatia
- Cross-Border Data Flow
- Cyber Attack
- Cybersecurity
- Cybersecurity and Infrastructure Security Agency
- Data Brokers
- Data Controller
- Data Localization
- Data Privacy Framework
- Data Processor
- Data Protection Act
- Data Protection Authority
- Data Protection Impact Assessment
- Data Transfer
- David Dumont
- David Vladeck
- Delaware
- Denmark
- Department of Commerce
- Department of Health and Human Services
- Department of Homeland Security
- Department of Justice
- Department of the Treasury
- Disclosure
- District of Columbia
- Do Not Call
- Do Not Track
- Dobbs
- Dodd-Frank Act
- DPIA
- E-Privacy
- E-Privacy Directive
- Ecuador
- Ed Tech
- Edith Ramirez
- Electronic Communications Privacy Act
- Electronic Privacy Information Center
- Elizabeth Denham
- Employee Monitoring
- Encryption
- ENISA
- EU Data Protection Directive
- EU Member States
- European Commission
- European Data Protection Board
- European Data Protection Supervisor
- European Parliament
- Facial Recognition
- Facial Recognition Technology
- FACTA
- Fair Information Practice Principles
- Federal Aviation Administration
- Federal Bureau of Investigation
- Federal Communications Commission
- Federal Data Protection Act
- Federal Trade Commission
- FERC
- FinTech
- Florida
- Food and Drug Administration
- Foreign Intelligence Surveillance Act
- France
- Franchise
- Fred Cate
- Freedom of Information Act
- Freedom of Speech
- Fundamental Rights
- GDPR
- Geofencing
- Geolocation
- Georgia
- Germany
- Global Privacy Assembly
- Global Privacy Enforcement Network
- Gramm Leach Bliley Act
- Hacker
- Hawaii
- Health Data
- Health Information
- HIPAA
- HIPPA
- HITECH Act
- Hong Kong
- House of Representatives
- Hungary
- Illinois
- India
- Indiana
- Indonesia
- Information Commissioners Office
- Information Sharing
- Insurance Provider
- Internal Revenue Service
- International Association of Privacy Professionals
- International Commissioners Office
- Internet
- Internet of Things
- IP Address
- Ireland
- Israel
- Italy
- Jacob Kohnstamm
- Japan
- Jason Beach
- Jay Rockefeller
- Jenna Rode
- Jennifer Stoddart
- Jersey
- Jessica Rich
- John Delionado
- John Edwards
- Kentucky
- Korea
- Latin America
- Laura Leonard
- Law Enforcement
- Lawrence Strickling
- Legislation
- Legislature
- Liability
- Lisa Sotto
- Litigation
- Location-Based Services
- London
- Madrid Resolution
- Maine
- Malaysia
- Markus Heyder
- Maryland
- Massachusetts
- Meta
- Mexico
- Microsoft
- Minnesota
- Mobile App
- Mobile Device
- Montana
- Morocco
- MySpace
- Natascha Gerlach
- National Institute of Standards and Technology
- National Labor Relations Board
- National Science and Technology Council
- National Security
- National Security Agency
- National Telecommunications and Information Administration
- Nebraska
- NEDPA
- Netherlands
- Nevada
- New Hampshire
- New Jersey
- New Mexico
- New York
- New Zealand
- Nigeria
- Ninth Circuit
- North Carolina
- Norway
- Obama Administration
- OECD
- Office for Civil Rights
- Office of Foreign Assets Control
- Ohio
- Online Behavioral Advertising
- Opt-In Consent
- Oregon
- Outsourcing
- Pakistan
- Parental Consent
- Paul Tiao
- Payment Card
- PCI DSS
- Penalty
- Pennsylvania
- Personal Data
- Personal Health Information
- Personal Information
- Personally Identifiable Information
- Peru
- Philippines
- Phyllis Marcus
- Poland
- PRISM
- Privacy By Design
- Privacy Policy
- Privacy Rights
- Privacy Rule
- Privacy Shield
- Protected Health Information
- Ransomware
- Record Retention
- Red Flags Rule
- Rhode Island
- Richard Thomas
- Right to Be Forgotten
- Right to Privacy
- Risk-Based Approach
- Rosemary Jay
- Russia
- Safe Harbor
- Sanctions
- Schrems
- Scott Kimpel
- Securities and Exchange Commission
- Security Rule
- Senate
- Serbia
- Service Provider
- Singapore
- Smart Grid
- Smart Metering
- Social Media
- Social Security Number
- South Africa
- South Carolina
- South Korea
- Spain
- Spyware
- Standard Contractual Clauses
- State Attorneys General
- Steven Haas
- Stick With Security Series
- Stored Communications Act
- Student Data
- Supreme Court
- Surveillance
- Sweden
- Switzerland
- Taiwan
- Targeted Advertising
- Telecommunications
- Telemarketing
- Telephone Consumer Protection Act
- Tennessee
- Terry McAuliffe
- Texas
- Text Message
- Thailand
- Transparency
- Transportation Security Administration
- Trump Administration
- United Arab Emirates
- United Kingdom
- United States
- Unmanned Aircraft Systems
- Uruguay
- Utah
- Vermont
- Video Privacy Protection Act
- Video Surveillance
- Virginia
- Viviane Reding
- Washington
- WeProtect Global Alliance
- Whistleblowing
- Wireless Network
- Wiretap
- ZIP Code