Data Privacy Monitor

Data Privacy Monitor

Commentary on Data Privacy & Information Security Subjects

Category Archives: Federal Legislation

Subscribe to Federal Legislation RSS Feed

Privacy Law in a Nutshell

Posted in Cybersecurity, Federal Legislation, Information Security, International Privacy Law, Marketing, Privacy
BakerHostetler Privacy and Data Protection Partner Erica Gann Kitaev is a co-author of the recently published Privacy Law in a Nutshell, Second Edition, through West Academic Publishing. Legal issues related to privacy are exploding in the U.S., and virtually all businesses face privacy considerations, particularly as technology and the law evolves.  The Privacy Nutshell is … Continue Reading

Is the 5th Time the Charm? – Nationalizing Data Breach Notification

Posted in Breach Notification, Data Breach Notification Laws, Federal Legislation
Once the smoke and dust clears from the latest enormous data breach, the fried servers are hauled away and the ritual IT department purge takes place, the focus seems to turn to the lack of any comprehensive national data breach law. Although certain sector specific breach notification laws are in place, such as HIPAA/HITECH in … Continue Reading

NICS and HIPAA: Where Mental Health Privacy and Gun Control Overlap; HHS Releases Notice of Proposed Rulemaking

Posted in Federal Legislation, HIPAA/HITECH, Medical Privacy
On January 7, 2014, the U.S. Department of Health and Human Services (HHS) issued a notice of proposed rulemaking (NPRM) for the purpose of modifying the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to expressly permit certain HIPAA covered entities to disclose to the National Instant Criminal Background Check System (NICS) the identities … Continue Reading

Careful! Your Company May Be a Defacto Data Broker: Are Privacy Regulators Going for Broke(rs) as part of the 2014 Legislative and Privacy Enforcement Agenda?

Posted in Enforcement, Federal Legislation, Privacy
Concerns about privacy practices in the data broker industry, and the privacy implications about the lack of transparency “behind-the-scenes,” will remain a topic of intense regulatory and legislative focus in 2014.   The Federal Trade Commission has defined “data brokers” as companies that collect personal information about consumers from a variety of public and non-public sources … Continue Reading

The HIPAA/HITECH Final Rule Has Been Released

Posted in Breach Notification, Data Breach Notification Laws, Data Breaches, Enforcement, Federal Legislation, HIPAA/HITECH, Identity Theft, Medical Privacy, Privacy
The long awaited HIPAA/HITECH Final Rule is out.  The final rule is effective March 26, 2013, but covered entities (CEs) and business associates (BAs) will have 180 days beyond the effective date to come into compliance. While we are still conducting a comprehensive review of this 563-page document, below are a few of the changes we have found so far: … Continue Reading

Cybersecurity Bill Fails Again In Senate

Posted in Cybersecurity, Federal Legislation
Yesterday evening, the Senate again failed to move forward on the Cybersecurity Act of 2012, voting 51-47 not to end debate on the measure (60 votes required). Opponents picked up one additional ‘no’ vote by Sen. Rubio (R-FL), who did not vote on it in August.  Majority Leader Reid faulted the minority and the Chamber … Continue Reading

Rockefeller Questions Fortune 500 on Cybersecurity Act / Data Security Practices

Posted in Cybersecurity, Federal Legislation
Senate Commerce Committee Chairman John D. Rockefeller (D-WV) yesterday blanketed the entire FORTUNE 500 list of companies with a pointed letter inquiring about business opposition to cybersecurity issues and seeking a response by October 19. (Press release here) The letter asks for information on companies’ cybersecurity practices and companies’ concerns about the federal government’s role … Continue Reading

Senate Takes Up Cybersecurity Bill: Can National Security Trump Politics This Close to the Election? Part 3 – The End?

Posted in Cybersecurity, Federal Legislation
This morning, the Senate failed to conclude debate on the cybersecurity bill by a vote of 52 to 46 (60 votes required), likely sounding the death knell for the legislation this year. Five Republicans voted in favor of moving ahead, while five Democrats voted against, but the vote otherwise followed party lines. In other words, … Continue Reading

Senate Takes Up Cybersecurity Bill: Can National Security Trump Politics This Close to the Election? Part 2

Posted in Cybersecurity, Federal Legislation
Yesterday we asked: Can National Security Trump Politics This Close to the Election? The answer is looking more and more like “no”. Having failed to reach agreement with his Republican counterpart on limiting debate and consideration of amendments (of which there are now 167) to the bill, last night Majority Leader Harry Reid (D-NV) filed … Continue Reading

Senate Takes Up Cybersecurity Bill: Can National Security Trump Politics This Close to the Election?

Posted in Cybersecurity, Federal Legislation
That is the $64,000 question. This being Washington, DC, it’s more likely a multi-million dollar question, and the answer is unclear. The Senate voted 84-11 last Thursday to end debate on a procedural motion that allows a revised bill, S. 3414, sponsored by Homeland Security and Government Affairs Committee Chairman Joe Lieberman (D-CT) to be … Continue Reading

Lessons Learned from the Second Circuit’s Reinstatement of Copyright Suit Against YouTube

Posted in Federal Legislation, Litigation
The Social Media revolution is built on two legal foundations – the Digital Millennium Copyright Act (“DMCA”) which generally protects websites that host user generated content from copyright claims, and the Communications Decency Act, which generally protects such websites from claims based on the publication of defamatory or other illegal content. The Second Circuit sent … Continue Reading

FTC Issues Final Report with Guidance on Companies’ Online Privacy Practices

Posted in COPPA, Enforcement, Federal Legislation, Online Privacy, Privacy
Fifteen months after releasing its preliminary report, the Federal Trade Commission released its final Report, “Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Business and Policymakers.”  The much anticipated final report went further than the preliminary report by now calling for Congress to enact general privacy, data security and breach … Continue Reading

Republican Alternative Cybersecurity Bill Introduced In Senate

Posted in Federal Legislation, Information Security
Today eight Republican Senators – all Ranking Members of various committees – introduced the SECURE IT Act, S. 2151, their alternative cybersecurity bill to the bipartisan Cybersecurity Act, S. 2105, introduced two weeks ago.  In remarks on the Senate floor this afternoon, Sen. Kay Bailey Hutchison, Ranking Member of the Senate Committee on Commerce, Science, and Transportation, … Continue Reading

White House Releases Consumer Online “Privacy Bill of Rights”

Posted in Federal Legislation, Online Privacy, Privacy
The Obama Administration today unveiled a report entitled Consumer Data Privacy in a Networked World:  A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy.  A central component of the report, which is directed at improving online privacy protections, is a “Consumer Privacy Bill of Rights.”  The Consumer Privacy Bill of Rights … Continue Reading

The Cybersecurity Act of 2012–What Does It Mean?

Posted in Federal Legislation, Miscellaneous
Yesterday, Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman (ID-Conn.), Ranking Member Susan Collins (R-Maine), Commerce Committee Chairman Jay Rockefeller (D-W.Va.), and Select Intelligence Committee Chairman Dianne Feinstein, D-Ca. introduced The Cybersecurity Act of 2012.  The press release can be found here. We are seeing an increasing number of attacks targeting government secrets, trade … Continue Reading

Bipartisan Senate Cybersecurity Bill Introduced Amid Partisan Opposition

Posted in Federal Legislation, Information Security
The Cybersecurity Act of 2012, S. 2105, was introduced yesterday by Senators Joe Lieberman (I-VT), Susan Collins (R-ME), Diane Feinstein (D-CA), and John Rockefeller (D-WV). Here are links to the: Bill Summary of the Cybersecurity Act of 2012 Section-by-Section Description of the Cybersecurity Act of 2012 It immediately drew opposition from seven Republican Ranking Members, who … Continue Reading

Senate Cyber Security Bill Due Out This Week; Floor Action Not Likely Until March

Posted in Cybersecurity, Federal Legislation, Information Security
Odds are good that legislation to address online threats to the nation’s critical infrastructure assets will finally be released this week, but real action on it won’t take place until March: The Homeland Security and Government Affairs Committee, chaired by Joe Lieberman (I-CT), has scheduled a hearing on the ‘Cybersecurity Act of 2012’ for Thursday … Continue Reading

Senate Judiciary Chairman Wants to Move Data Privacy Legislation

Posted in Federal Legislation
Earlier this week, U.S. Senate Judiciary Committee Chairman Patrick Leahy (D-VT) expressed support for Senate action on “comprehensive data privacy legislation that will better protect Americans’ sensitive personal data and reduce the risk of data security breaches.” Leahy’s Personal Data Privacy and Security Act, S. 1151, was approved by the Committee last September, but with … Continue Reading

Online Privacy and Data Security Legislation Update — 2011 Year in Review

Posted in COPPA, Cybersecurity, Federal Legislation, Online Privacy, Privacy
The end of 2010 featured the Department of Commerce citing the need for a Privacy Bill of Rights in its green paper and the FTC's preliminary online privacy report discussing the need for a Do Not Track mechanism. The momentum generated by these reports led to the introduction of multiple versions of Do Not Track and comprehensive privacy rights bills in early 2011. By mid-2011, at least five different data security and breach notification proposals were circulating in the wake of high profile data breaches. Reports about location based tracking led to the introduction of geolocation privacy and surveillance bills. Proposed amendments to the Children's Online Privacy Protection Act, Electronic Communications Privacy Act, and Video Privacy Protection Act were also made. And by the end of 2011, several cybersecurity bills designed to protect critical infrastructure had been introduced. Even though Congress held hearings on privacy issues, subcommittees approved several bills, and there was support from the Obama administration for comprehensive privacy legislation, as many expected, however, none of these bills were enacted when the first session of the 112th Congress adjourned December 18. The safe prediction for 2012 is more of the same--a lot of proposals but no consensus. It is certainly possible that another high profile data breach or cyberattack against a utility or government contractor could create enough urgency to force a consensus. However, numerous high profile breaches (Epsilon, Sony, Citi, RSA, Lockheed Martin and several health care providers), hactivist attacks against government security contractors (IRC Federal and HBGary), and reports about how the "weaponized" Stuxnet virus caused centrifuges in an Iranian nuclear facility to spin wildly out of control were not enough in 2011. We certainly expect to see data breach notification, comprehensive privacy, and cybersecurity bills addressed again in 2012. We may also see narrower bills aimed at online and location based tracking as well as Children's privacy. Emerging technology, including mobile payments and facial recognition, may also garner legislative attention. Below is a round-up of the 2011 privacy and data security legislative proposals, including links to more detailed analysis from our blog posts during the year… Continue Reading

PRECISE Act Introduced in House to Boost Critical Infrastructure Cybersecurity

Posted in Cybersecurity, Federal Legislation
There has been no shortage of cybersecurity bills introduced in Congress in 2011.  The Obama Administration even issued a cybersecurity legislative proposal in May 2011 that would require the Department of Homeland Security (DHS) “to work with industry to identify the core critical-infrastructure operators and to prioritize the most important cyber threats and vulnerabilities for … Continue Reading

Will Industry Self-Regulation Emerge for Facial Recognition?

Posted in Federal Legislation, Miscellaneous, Privacy
The FTC held its first ever workshop to explore the privacy and security implications of facial recognition technology on December 8.  Facial detection (identifying certain traits from a person’s face, such as age and gender) and facial recognition (identifying a specific person) technology is no longer futuristic technology found only in movies like the Minority … Continue Reading