Data Privacy Posts
At its meeting in Philadelphia on January 17 and 18, the ALI Council reviewed drafts for six projects. Drafts or portions of drafts for six projects received Council approval, subject to the meeting discussion and to the usual prerogative to make nonsubstantive editorial improvements.
Hours after announcing a data breach on Friday, two Oregon men sued international hotel chain Marriott for exposing their data. Their lawsuit was followed hours later by another one filed in the state of Maryland.
In the period of just a week, California passed a bold new privacy law — the California Consumer Privacy Act of 2018. This law was hurried through the legislative process to avoid a proposed ballot initiative with the same name. The ballot initiative was the creation of Alastair Mactaggart, a real estate developer who spent millions to bring the initiative to the ballot. Mactaggart indicated that he would withdraw the initiative if the legislature were to pass a similar law, and this is what prompted the rush to pass the new Act, as the deadline to withdraw the initiative was looming.
South Dakota passed the finish line right before Alabama, but both states have now joined the rest of the nation in enacting data breach notification laws for their citizens. Last month, South Dakota Governor Dennis Daugaard signed South Dakota § 22-40-19 et. seq., the South Dakota Data Breach Notification Law, into effect. Alabama Governor Kay Ivey’s signature on April 3, 2018, inked the final state data breach law into effect.
USA Today addresses the privacy concerns raised after Congress passed the CLOUD Act, a bill that would allow police in other countries to have access to emails and other electronic communications more easily from their own citizens as well as Americans.
Attorney General Becerra Announces $2 Million Settlement Involving Santa Barbara-based Cottage Health System Over Failure to Protect Patient Medical RecordsTaylor Carroll
California Attorney General Xavier Becerra today announced a $2 million settlement with Cottage Health System and its affiliated hospitals in California resolving allegations that they failed to implement basic, reasonable safeguards to protect patient medical information in violation of state and federal privacy laws.
This week, the U.S. Supreme Court heard oral arguments in Carpenter v. United States, where the question presented is whether the Fourth Amendment permits the warrantless seizure and search of a user’s cellphone location and movement information.
Democrats in the U.S. Senate introduced Wednesday a proposed Consumer Privacy Protection Act that among other aims would penalize companies if they do not notify consumers promptly of breaches in their payment card systems and other databases storing sensitive information.
Officials from across the United States Government, the European Commission, and EU data protection authorities gathered in Washington D.C. to conduct the first annual review of the EU-U.S. Privacy Shield in September 2017.
At its meeting in New York City on October 19 and 20, The American Law Institute’s Council reviewed drafts for eight projects, with the following outcomes: