Litigation and regulation surrounding privacy and cybersecurity is continuously developing, both within the government and the private sector. This digest summarizes the most notable events in privacy and cybersecurity.
Indiana Attorney General Urges Everyone in State to Freeze Their Credit
Indiana Attorney General Greg Zoeller urged every single citizen of Indiana to freeze their credit after news of a data breach at Medical Informatics Engineering (MIE) which may have impacted 1.5 million Indiana residents (3.9 million nationwide). Information which was allegedly breached may have included social security numbers, lab results, medical conditions, and health plan information.
Google Will Not Apply EU “Right to Be Forgotten” Order Globally
In 2014, Google was ordered by the European Court of Justice to allow Europeans to delist search result links they felt were harmful to their privacy. Since then, Google has removed the qualifying links from all European versions of its search engine; but the French data protection authority told Google last month to remove those links from all versions of its search engine – everywhere in the world. Google has now officially declined to do so, stating that, “We’ve worked hard to implement the right to be forgotten ruling thoughtfully and comprehensively in Europe, and we’ll continue to do so. But as a matter of principle, we respectfully disagree with the idea that a national data protection authority can assert global authority to control the content that people can access around the world.”
White House Agrees that Electronic Communications Privacy Act Should be Updated
As part of the wave of White House responses to the back log of petitions from We the People, the White House responded with support to a petition which advocated for the updating of the Electronic Communications Privacy Act (ECPA). The 1986 law was an extension of telephone wiretap laws to the arena of electronic computer data. The White House response did not advocate for any particular proposal currently floating around Congress, but advocated for Congressional movement to protect privacy interests in electronic mail.
United Airlines Hit by Cyberattack
In May or June 2015, United Airlines was reportedly hit by the same China-backed hacking group which some security experts believe to be responsible for the U.S. Office of Personnel Management (OPM) and Anthem data breaches. The data which may have been accessed is that of passengers and their flight activities.
Cybersecurity Experts Tell Congress to Make Adjustments to SAFETY Act
Cybersecurity experts speaking to the U.S. Homeland Security subcommittee urged Congress to modify the Support Anti-Terrorism by Fostering Effective Technologies (SAFETY) Act by clarifying that it applies to cyberattacks. The advocates would like to see the programs “help companies determine which cybersecurity measures to adopt” in order to minimize their litigation exposure following a cyberattack.
Google Privacy Appeal Headed to U.K. High Court
In a case that could establish a privacy tort right of action, the United Kingdom Supreme Court granted Google permission to appeal a lower court’s decision related to Google’s provision of targeted advertising through the use of Browser Generated Information (BGI). The issue remains whether claimants can be awarded damages for “distress” allegedly caused by personal information popping up in browser advertisements.
CISA May Stall in Senate before August Recess
The Cybersecurity Information Sharing Act (CISA) may have to wait until after Congress’s August recess before it sees any further action, though proponents were hopeful to see it on the floor before the recess began. The bill, which does face some opposition related to privacy concerns about overreach, is intended to decrease liability and increase cybersecurity by allowing companies to share cyber threat indicators with each other and the government. The fate of the bill this week relies in part on the timeline of non-related legislation. If the bill is introduced on the Senate floor midweek, it will likely face several amendments.
Baseball and Biometrics
At least two professional sports teams have begun to use fingerprint scanners to speed the entry line for season ticket holders at the stadium gate. The Colorado Rockies and San Francisco Giants use biometrics to get spectators in the door faster, but the service provider says that the future may hold further uses such as enabling the timely delivery of hot dogs and beer to stadium seats based on a ticketholders preferences and stored payment data.