Over the past couple years, many predicted that new state laws would follow the lead of states like Nevada and Massachusetts, and some anticipated we could see a situation where 50 different privacy/security laws across the country. Now it looks like we are beginning to see some renewed activity on the state level. In Hawaii we have a proposed bill that would require breached entities to provide credit monitoring and call center services to impacted individuals. In my home state, Colorado, a legislator (Dan Pabon) has proposed a novel bill that takes a new approach to incentivizing companies to implement good security. In this post, we take a look at the highlights of the Colorado bill.
We recently published the first part of our FAQ series on Congressman Bobby Rush's new data privacy bill known as "Building Effective Strategies to Promote Responsibility Accountability Choice Transparency Innovation Consumer Expectations and Safeguards Act (a.k.a. "BEST PRACTICES Act" or "Act"). In Part One we looked at some of the key definitions and requirements concerning transparency, notice and individual choice, mandates around accuracy, access and dispute resolution, and finally data security and data minimization requirements under the Act. Part Two will focus on the "Safe Harbor" outlined in the Act, various exemptions for de-identified information and application and enforcement.
Congressman Bobby Rush has introduced a new data privacy bill to Congress known as the "Building Effective Strategies to Promote Responsibility Accountability Choice Transparency Innovation Consumer Expectations and Safeguards" Act (a.k.a. "BEST PRACTICES Act" or "Act").We have put together a summary of the Act in "FAQ" format. In Part One we look at some of the key definitions, requirements concerning transparency, notice and individual choice, mandates around accuracy, access and dispute resolution, and finally data security and data minimization requirements under the Act. Part Two will focus on the "Safe Harbor" outlined in the Act, various exemptions for deidentified information, and provisions concerning the application and enforcement of the Act.
In early May, Reps. Rick Boucher (D-Va.) and Cliff Stearns (R-Fla.) introduced a long anticipated "discussion draft" of a bill "[t]o require notice to and consent of an individual prior to the collection and disclosure of certain personal information relating to that individual." You have probably heard that industry and consumer groups alike are not happy with the discussion draft. What exactly is the Boucher Bill and what would it mean for almost every company engaged in the collection, use or disclosure of personal information (not just companies engaged in online behavioral advertising)? Following is a FAQ. Comments on the draft legislation are due June 4 (mark your calendars).