- Obama administration proposes US federal data breach law
- EU consults on cloud computing
- Disney subsidiary to pay $3 million COPPA fine in the USA
- Canadian bill fails, Commissioner calls for substantial fines
1. Obama administration proposes US federal data breach law
In an attempt to simplify the patchwork of the existing 47 US state laws on data breach, the White House issued its Cyber-security Legislative Proposal on 12 May.
The proposal also includes elements to protect the administration from cyber threats, and would require the Department of Homeland Security (DHS) to implement its cyber-security program in accordance with privacy and civil liberties procedures.
The next issue of PL&B’s International Report will include an article about developments on EU data breach notification. To subscribe, see www.privacylaws.com/international
Note! 20% discount off PL&B UK and International Report subscriptions with registration to our 24th Annual International Conference 11-13 July. See www.privacylaws.com/annualconference
2. EU consults on cloud computing
The European Commission’s public consultation, which runs until 31 August, seeks to gather stakeholders’ views on several issues, including data protection and liability questions, in particular in cross-border situations.
The responses will provide valuable feedback for the Commission's work on a European Cloud Computing Strategy, as well as the revision of the DP Directive.
The consultation is at http://ec.europa.eu/yourvoice/ipm/forms/dispatch?form=cloudcomputing&lang=en
PL&B’s 24th Annual International Conference, 11-13 July in Cambridge, includes presentations on ‘Managing privacy and security in cloud computing arrangements’ with speakers from cloud computing providers, Google and Dell and comments from the United Kingdom Information Commissioners’ new Technology Policy Adviser, Simon Rice. See www.privacylaws.com/annualconference
3. Disney subsidiary to pay $3 million COPPA fine in the USA
The largest ever Children’s Online Privacy Protection Act (COPPA) related civil penalty has been imposed by the US Federal Trade Commission on operators of Online "Virtual Worlds" for illegally collecting and disclosing children's personal data.
Playdom has been a subsidiary of Disney Enterprises, Inc. since August 2010. Disney issued the following statement: “This matter involved an FTC investigation of the practices of Acclaim Games, Inc., which was acquired by Playdom prior to Disney’s acquisition of Playdom. Disney is pleased that Playdom has now resolved this matter amicably with the FTC.”
It has been proposed that US plans for the Do-Not-Track scheme would be extended to children.
4. Canadian bill fails, Commissioner calls for substantial fines
Following the dissolution of Parliament, Bill C-29, which would have amended Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), has failed to become a law. The Bill would have introduced a mandatory breach notification requirement. Privacy Commissioner, Jennifer Stoddart, has since called for substantial fines against major corporations that fail to adequately protect personal information.
Stoddart said on 4 May: “Too many companies are collecting more personal information than they are able to effectively protect…. It seems to me that it’s time to begin imposing fines – significant, attention-getting fines – on companies when poor privacy and security practices lead to breaches.’’
Stoddart said that the new session of Parliament creates the opportunity to strengthen the legislation to give the Privacy Commissioner the power to impose substantial fines in appropriate cases.
Privacy Laws & Business 24th Annual International Conference, 11-13 July in Cambridge, UK, includes a session on how privacy impact assessment works in Canada. See www.privacylaws.com/annualconference
For further details on the Privacy Laws & Business International Newsletter, please click here.
Copyright Privacy Laws & Business 2011