As 2011 is coming to a close, many of us are thinking about what 2012 will bring. With regard to privacy, there are numerous key issues to choose from (and I am sure many privacy professionals would add to this list) - but from a corporate compliance standpoint, here are my top five picks for hot topics to address in 2012:
As we have discussed on our blog, the National Labor Relations Board (NLRB) has continued a campaign of enforcement actions against employers who, according to the NLRB, have unlawfully terminated employees for discussing working conditions on social media. As we reported, in the first of such "Facebook" enforcement actions to come before an NLRB administrative judge, the employer was ordered to reinstate five employees and to pay back their wages.On September 28, 2011, in the second "Facebook" case to reach an NLRB administrative judge, an employer was found to have been justified in terminating an employee car salesman for Facebook postings that mocked the employer and did not concern working conditions
Earlier this week we blogged about Senator Blumenthal's (D-CT) proposed Personal Data Protection and Breach Accountability Act of 2011. Today, InfoLawGroup partner Boris Segalis spoke on Fox Live about the advantages of federal information security legislation.
Dan Or-Hof, a privacy and technology partner at the Israeli law firm Pearl Cohen Zedek Latzer is reporting that new regulations and orders introduced by Israel's Ministers Committee for Biometric Applications set the ground for a two-year biometric IDs issuance trial period. The Ministry of Home Affairs is making final preparations to start issuing the IDs that will contain encoded fingerprints and facial image, and will be stored in a national database. A campaign led by privacy activists against the controversial biometric database has failed to yield a positive result so far.
It is being reported that Moscow prosecutors conducted an investigation into whether several websites that were involved in data breaches earlier this year violated the country's data protection law. As a result of the breaches, names, contact information and order histories of Internet magazine subscribers (including adult-themed publications) became available on Internet search engines, including Russian-language Yandex. Without naming the websites, the report states that the prosecutors have filed administrative charges against two Internet magazines as a result of the investigation.
On August 18, 2011, the Associate General Counsel of the National Labor Relations Board ("NLRB" or the "Board") issued a report analyzing the Board's recent social media enforcement actions. The report seeks to provide guidance to employers that want to ensure that their social media policies appropriately balance employee rights and company interests.
Banks and other financial institutions face unique issues when it comes to the use of social media. Faced with conflicts between social media platform rules, customer expectations, self-regulatory standards, and the strict regulations that govern the industry, guidance has been needed. The industry received some of that guidance recently through a whitepaper issued by BITS, the technology arm of The Financial Services Roundtable whose members are 100 of the largest financial institutions in the U.S.The report addresses the compliance, legal, operational, and reputational risks - and related mitigation strategies - of using social media in connection with a financial or banking operation. Regarding compliance, the report discusses the myriad of compliance areas relevant to banks, including marketing, privacy and security. For example, because social media web sites and web activities are deemed advertising by regulators, the report warns of the risks of failing to comply with various marketing laws and regulations applicable to the banking industry, including state Unfair and Deceptive Acts or Practices Acts and Prize and Gift Acts, as well as others that require additional steps for financial institutions, such as Truth in Lending, Truth in Savings, and FDIC membership rules. The paper predicts even stronger and more subjective requirements to come under the Dodd-Frank Wall Street Reform and Consumer Protection Act. Risks of non-compliance vary widely - from litigation and reputation risk, regulatory enforcement actions and in some cases civil money penalties.
On July 20, 2011, the U.S. House of Representatives Energy and Commerce Committee's Trade Subcommittee approved the Secure and Fortify Electronic Data Act (the "SAFE Data Act"). The Act would require any business that maintains personal information to implement an information security program and notify affected individuals in the event of an information security breach. The SAFE Data Act would preempt the over 45 existing state information security and breach notification laws and task the Federal Trade Commission with developing information security rules implementing the Act.
Last week, the upper house of Russia's federal legislature approved amendments to the country's federal data protection law. The amendments impose detailed information security requirements on businesses that process personal data and revise some of the statute's data subject consent provisions.The amended law will come into force when it is published in the official newsletter.