Today the White House issued a Cybersecurity Legislative Proposal. The proposed legislation focuses on protecting the American people, the nation’s critical infrastructure, and the federal government’s computers and networks. While legislation of this nature would simplify the breach reporting process for businesses, and overall streamline cybersecurity laws, a number of legislative attempts to do this have previously
California and Massachusetts Legislatures Push Data Breach and Security Bills
In distinct efforts to strengthen data security requirements, the California and Massachusetts legislatures recently passed bills affecting data breach notification requirements and data security notification, respectively.
On April 14, 2011, the California senate approved S.B. 24, requiring California businesses and agencies to notify the state attorney general if more than 500 California residents
The Commercial Privacy Bill of Rights Act
Two Senators who clearly did not let the potential government work stoppage affect them, formally introduced the Commercial Privacy Bill of Rights Act of 2011 on April 12. In a bipartisan effort, Senators John Kerry (D-Mass.) and John McCain (R-Arizona) introduced the legislation which sets forth privacy rules governing businesses that collect, use, or share
Where the FMLA and HIPAA Meet
In a case addressing the Family Medical Leave Act (FMLA) that directly implicates the privacy rules under the Health Insurance Portability and Accountability Act (HIPAA), Pacosa v. Kaiser Foundation Health Plan of the Northwest, the Portland Division of the United States District Court of Oregon awarded summary judgment against a physician assistant who claimed
ADA Violated When Employer Responds to State Subpoena and Discloses Former Employee’s Medical Records
Companies frequently receive requests for information about current and former employees. These requests often come in the form of an attorney’s demand letter or a subpoena and apply to the individual’s medical records. Failing to carefully think through whether and how to respond can be a costly trap for the unwary.
Continue Reading ADA Violated When Employer Responds to State Subpoena and Discloses Former Employee’s Medical Records
Social Security Number Protection Act of 2010
On December 18, 2010 President Obama signed into law the Social Security Number Protection Act of 2010. The law has two key components.
First, the law establishes that no Federal, State, or local agency may display the Social Security account number of any individuals or any derivative of such number, on any check issued for
Business Owner Enjoined from Accessing Co-Owner’s Email
A Minnesota Court of Appeals panel has affirmed the issuance of a temporary injunction against a co-owner of an LLC blocking him from accessing emails of his partner from the company’s server in the midst of their business dispute. The unpublished decision, Gates v. Wheeler A09-2355 (Minn. App. November 23, 2010), raises some interesting issues
California allows “driver cams” starting in 2011
In the name of vehicle safety, California Assembly Bill 1942 will permit among other things “driver cams” to be mounted on vehicle windshields beginning on January 1, 2011. Formally known as “video event recorders,” these devices can continuously record audio, video, and G-force levels in a digital loop in order to help identify bad driver
Court Finds Use of Microsoft Outlook’s Auto Forward Feature is an “Interception” and Upholds Criminal Conviction of Employee Under the Federal Wiretap Law
The Seventh Circuit Court of Appeals in U.S. v. Szymuszkiewicz recently affirmed the criminal conviction of an employee under the federal Wiretap Act, 18 U.S.C. § 2511, after he auto-forwarded emails from his supervisor’s email account to his own. The Court concluded the use of the auto-forward feature constituted an “interception” in violation of the Act.
Szymuszkiewicz shows the application of traditional criminal statutes like the Wiretap Act to Internet-based modes of communications such as email, but also to voice-over IP phone communications. The case also is an example of the courts’ continuing struggle with applying the Act to modern communications technologies such as email. Szymuszkiewicz is an instructive reminder for employers, however, about the remedies applicable under the Act to employees who misuse an employer’s email system actions, in addition to traditional remedies such as discipline or termination. In light of the length of time in which Szymuszkiewicz forwarded his supervisor’s emails without her knowledge, 3 years, the case also highlights a need for review and audit of employer technology systems and education to employees to monitor their accounts for privacy purposes.
Federal Agencies Tighten Data Security Screws on Federal Contractors
Federal contractors are subject to numerous requirements under federal law and, as we have previously highlighted here, need to keep pace with changes in law and regulation.
Under the Federal Information Security Management Act of 2002 (FISMA) each federal agency is required to develop, document, and implement an agency-wide program to provide information security