privacy law

The White House released a proposed bill to protect consumers' digital privacy, the Washington Post's Andrea Peterson reports, but the bill may not be strong enough. The Federal Trade Commission said that the legislation wouldn't provide "strong and enforceable protections" for consumer privacy. The bill would allow industries to develop their own privacy codes of conduct, which the FTC could then enforce. But the bill would preempt state laws dealing with data collection and handling and could preempt state laws like California's that have more stringent standards than at the federal level for data breaches, the privacy of minors and other consumer protection laws. The Recorder's Cheryl Miller notes that a private right of action is explicitly rejected, but that state attorneys general as well as the FTC would have enforcement authority.

The Pennsylvania Commonwealth Court has ruled that government employees must be notified before their home addresses are publicly released, Newsworks' Bobby Allyn reports. The court majority said the Pennsylvania Right-to-Know law doesn't take into account how turning over a home address could cause personal harm. In a two-member dissent, Judge Dan Pellegrini said the majority was "'succumbing to unfounded fears and a parade of speculative horribles.'"

Five Rhode Island lawmakers had introduced drone legislation that would make it illegal for drones to take pictures or videos of private buildings without permission, Media General's WPRI 12's Allison Gallo reports. Other legislators have introduced legislation to create a panel to study how other states are regulating drones.

The Federal Aviation Administration has just released long-awaited rules to integrate drones into the American airspace, but those rules aren't expected to become final for two years or more.

U.S. District Judge Jeffrey White of the Northern District of California has ruled that a group of AT&T customers haven't been able to show they have standing to show that their Fourth Amendment rights were violated by alleged surveillance of all of their Internet communications, The Recorder's Ross Todd reports. Even though a retired AT&T technician Mark Klein reports that the the company's Internet traffic is routed to a secret room controlled by the government, the judge "found that Klein could not establish 'the content, function, or purpose of the secure room at the AT&T site based on his own independent knowledge' and that lawyers challenging the program under the Fourth Amendment hadn't offered enough admissible evidence to support standing."

The Seventh Circuit ruled that the Chicag0 Sun-Times broke the law when it published the heights and weights of Chicago cops who acted as fillers in a police lineup, Kim Janssen reported for that newspaper. The cops' height, weight, eye color, hair color and months and years of their birthdates were private information that was improperly obtained from the officers' drivers licenses in violation of the Driver's Privacy Protection Act, the court ruled.

The lineup involved former Mayor Richard M. Daley's nephew, who threw a deadly punch that killed a man, and who was investigated by the newspaper for allegedly getting preferential treatment from the police.

The New York legislature is considering bills to restrict the use of drones by law enforcement, the Tenth Amendment Center reports: "Introduced on Jan. 7, Senate Bill 411 (SB411) by Sen. Gordon Denlinger (R-Syosset) and Assembly Bill 1247 (A01247) would ban law enforcement from using a drone in a criminal investigation with a few exceptions, and would prohibit any 'person, entity, or state agency' from using a drone for surveillance anyplace a person has a reasonable expectation of privacy unless they meet specific requirements."

The Colorado Senate is also considering limits for drones, the Associated Press' Kristen Wyatt reports. The bill also would require law enforcement to have warrants before using drones.

Maine is considering a bill that would go even farther, the Tenth Amendment Center also reports. The bill would place a moratorium on all drone use until July 1, 2017, except for emergency situations. After that, law enforcement agencies would need a court order or a warrant to be able to use drones. The law also would create a private right of action for violations of the law.

Politico's David Perera reports on a cybersecurity proposal that President Barack Obama put forth today. One key part, pushed for a long time, would provide limited safe harbors to firms that share cybersecurity information with the government: "A central portion of the White House’s plan would grant targeted liability protection to companies that share cyberthreat information with the government — removing what critics say is a major stumbling block to private-sector partnership with federal authorities on cyber issues." The Department of Homeland Security, in turn, would share cyberthreat data with other federal agencies and with private-sector information-sharing organizations.

There are privacy safeguards as part of the plan. Firms would be required to take steps to remove personally identifiable information unrelated to cyberthreats when sharing that information.

Edith Ramirez, chairwoman of the Federal Trade Commission, speaking at the International CES tech event, said that privacy by design should be incorporated into products, including to ensure data security for homes outfitted with smart devices, the New York Times reports: "Ramirez seemed to be directing her remarks at the start-ups that are making most of the products — like fitness trackers and glucose monitors — driving the so-called Internet of Things." The chairwoman also called for tech firms to collect only the "personal data they need for a specific purpose and delete it permanently afterward."

Ruth Reader, writing for VentureBeat, reports that, in 2014, healthcare providers made up nearly one-third of all data breaches: "Hot medical identities can sell for as little as $50, according to a report issued earlier this year by the FBI. With more and more hospitals moving to electronic health records and healthcare breaches on the rise, its hard to see how this problem won’t become more widespread in the coming year." Reader also points out that, unlike for financial breaches, it is much harder to prove that a consumer didn't receive medical services on their records.

The Daily Report's Greg Land reports on an issue of first impression in Georgia: does the public have a First Amendment right to attend a plastic surgeon's disciplinary hearing? Dr. Nedra Dodds had her license to practice medicine suspended after two of her patients died following liposuction treatments. The doctor doesn't want a local TV station to cover the hearing before an administrative law judge. The doctor's attorney argues that the privacy of information about patients bars public disclosure of Georgia Composite Medical Board disciplinary hearing, while the station's attorney argues patient privacy is not a compelling state interest that outweighs the public interest in a judicial proceeding.