fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " US "

Look Past GDPR Into Data Privacy Rules of US

While all 50 states have breach notification laws in place where you must be notified if your data is stolen by a hacker, only a handful, most prominently California, have enacted or even framed formal data privacy legislation.

But the trend line is clearly established at the state and local level. A number of cities, such as New York with its Stop Hacks and Improve Electronic Data Security Act (SHIELD), have also instituted strong data privacy laws. A few Silicon Valley leaders themselves are looking ahead (most prominently Apple CEO Tim Cook), coming on board and calling for federal data privacy legislation. You’d be wise to look into the details of state and city data privacy policies for where you’re based and where you do business.

Full article: Look Past GDPR Into Data Privacy Rules on a State-by-State Basis – Adweek

New US facial recognition bill would require consent before sharing data

A new bill introduced in the Senate today would prohibit commercial companies using facial recognition technology from collecting or sharing people’s data without their explicit consent.

Under the bill, users would need to be notified whenever their facial recognition data is used or collected. According to the lawmakers, it also would require third-party testing before the tech could be introduced into the market to ensure it is unbiased and doesn’t harm consumers.

Source: New facial recognition bill would require consent before sharing data – The Verge

The US Government Will Use Facial Recognition In Top Airports

US Customs and Border Protection is scrambling to implement “biometric entry-exit system,” with the goal of using facial recognition technology on travelers aboard 16,300 flights per week — or more than 100 million passengers traveling on international flights out of the United States — in as little as two years. This, despite questionable biometric confirmation rates and few, if any, legal guardrails.

Source: The US Government Will Use Facial Recognition In Top Airports

Legislation to improve cybersecurity of IoT devices introduced in Senate, House

Bipartisan legislation to improve the cybersecurity of Internet-connected devices will be introduced today in the Senate and the House of Representatives.

The Internet of Things (IoT) Cybersecurity Improvement Act of 2019 would require that devices purchased by the U.S. government meet certain minimum security requirements.

Source: Legislation to improve cybersecurity of Internet-of-Things devices introduced in Senate, House : Augusta Free Press

California Sets Forth Further Legislation Imposing New Obligations on Companies

Over the past few weeks, California Republican lawmakers have introduced a new package of legislation called “Your Data, Your Way,” which would expand and strengthen consumer privacy rights beyond what is required by the new California Consumer Privacy Act (CCPA).

The “Your Data, Your Way” package is comprised of bills that would impose new obligations on businesses, including providing consumers greater control over the use of their data, limiting companies’ storage and use of certain types of data, and notifying consumers within three days of discovering a data breach.

Source: California Sets Forth Further Legislation Imposing New Obligations on Companies

FTC Seeks Comment on Proposed Amendments to Safeguards and Privacy Rules

The Federal Trade Commission is seeking comment on proposed amendments to two rules that protect the privacy and security of customer information held by financial institutions.

The Safeguards Rule, which went into effect in 2003, requires a financial institution to develop, implement, and maintain a comprehensive information security program. The Privacy Rule, which went into effect in 2000, requires a financial institution to inform customers about its information-sharing practices and allow customers to opt out of having their information shared with certain third parties.

Source: FTC Seeks Comment on Proposed Amendments to Safeguards and Privacy Rules | Federal Trade Commission

UK consumers more likely to abandon a breached company

A study by the payment security firm PCI Pal found British folks are far less forgiving of a company that suffers a breach, with 41 percent saying they would stop frequenting that store brand forever. Only 21 percent of Americans felt the same way.

Source: UK consumers more likely to abandon a breached company | SC Media

How California’s Data Privacy Laws Could Change the Game for Tech Companies and Individuals

When California passed the nation’s first law giving consumers control over their personal data last year, legislators built in an unusual buffer: an extra year to change the law before it takes effect in 2020.

Lawmakers and lobbyists are now making use of the time, submitting at least 20 bills in recent weeks that would adjust, tweak—or perhaps ultimately gut—California’s unique privacy protections. Privacy advocates are fighting to make the law even broader, while businesses and tech companies want to see it narrowed.

Full article: How Possible Changes to California’s Data Privacy Laws Could Change the Game for Tech Companies and Individuals

Who should enforce a US federal privacy law?

Privacy advocates want it. Tech companies want it. Lawmakers – are considering it. But if federal privacy legislation does come to be, who should enforce it?

There are essentially three options here, and they are not all mutually exclusive: the U.S. Federal Trade Commission, which has some experience enforcing privacy; state attorneys general, who are already becoming increasingly active in the area; and some sort of new federal data protection agency.

Full article: Who should enforce a US federal privacy law?

EDPB Issues Statement on U.S. Foreign Account Tax Compliance Act

On February 25, 2019, the European Data Protection Board (the “EDPB”) issued a statement regarding the transfer of personal data from Europe to the U.S. Internal Revenue Service (the “IRS”) for purposes of the U.S. Foreign Account Tax Compliance Act (“FATCA”).

In its statement, the EDPB announced that it will consider European Parliament calls on the EDPB to investigate any infringement of EU data protection rules by EU Member States whose legislation permits the transfer of personal data to the U.S. for purposes of FATCA. The EDBP also noted that it is currently preparing guidelines on data transfer tools provided for by the EU General Data Protection Regulation (“GDPR”).

Source: EDPB Issues Statement on U.S. Foreign Account Tax Compliance Act

>