Late last week Senator Richard Blumenthal (D-CT) introduced the Personal Data Protection and Breach Accountability Act of 2011, S.1535, that if ultimately passed would levy significant penalties for identify theft and other "violations of data privacy and security," criminalize as felonies the installation of software that collects "sensitive" PII without clear and conspicuous notice and consent, and specifies requirements that companies collecting or storing the online data of more than 10,000 individuals adhere to data storage guidelines, including auditing the information security practices of contractors and third party business entities. Penalties include up to $10,000 per violation per day up to a maximum of $20,000,000 per violation per individual.
The UK Information Commissioner's Office announces new rules for website cookies, which will normally require explicit user consent.
As reported by Dan Or-Hof, Manager of the Information Technology, Internet and Copyright group at the Israeli law firm of Pearl Cohen Zedek & Latzer, in a first of its kind decision, the Tel-Aviv district court ruled on November 30, 2010 that a subscriber of cellular services does not have a general right to have his phone records deleted.
Mexico has joined the ranks of more than 50 countries that have enacted omnibus data privacy laws covering the private sector. The new Federal Law on the Protection of Personal Data Held by Private Parties (Ley federal de protección de datos personales en posesión de los particulares) (the "Law") was published on July 5, 2010 and took effect on July 6. IAPP has released an unofficial English translation. The Law will have an impact on the many US-based companies that operate or advertise in Mexico, as well as those that use Spanish-language call centers and other support services located in Mexico.