Data Privacy Changes 2018

January 16, 2018

Data privacy and security are rapidly developing and changing areas in the law. Data privacy

Tracking Technologies: Privacy and Data Security Issues is an informative article on Thomson Reuters Practical Law that discusses the approach the United States has taken to data privacy and the laws companies using tracking technologies should consider.

Currently, some of the statutes companies using tracking technologies should consider include:

With Regard to Use of Consumer Information: The Federal Trade Commission Act, codified at 15 U.S.C.A. 41-58 (short title 15 USCA 58). The Federal Trade Commission Act regulates consumer privacy and “unfair or deceptive” practices.

With Regard to Healthcare: The Health Insurance Portability and Accountability Act (HIPAA), codified throughout titles 29, 42, 18, 26 of the U.S.C.A. (short title 42 USCA 201 note). HIPAA addresses use and disclosure of health information.

With Regard to Financial Services: The Gramm-Leach-Bliley Act (GLBA), codified throughout titles 12 and 15 of the USCA (short title 12 USCA 1811 note). GLBA requires financial institutions to issue privacy notices to customers and explain information sharing practices.

With Regard to Consumer Credit and Background Checks: The Fair Credit Reporting Act, codified at 15 USCA 1681-1681x (short title 15 USCA 1601 note). The Fair Credit Reporting Act covers information used when making eligibility determinations pertaining to credit, housing, employment, insurance, etc.

With Regard to Children’s Privacy: The Children’s Online Privacy Protection Act (COPPA), codified at 15 USCA 6501-6506 (short title 15 USCA 6501 note). COPPA prevents collection of information on children under the age of 13 without parental consent.

Other interesting articles on Data Privacy on Thomson Reuters Practical Law that businesses may find helpful include: US Privacy and Data Security Law: Overview and Developing a Privacy Compliance Program.

In addition, if Congress finds the time in 2018, we will be seeing new Cyber Legislation on the agenda that will be interesting for businesses and consumers alike to track:

On Financial Cyber Security: In November 2017, the House of Representatives passed the Market Data Protection Act in response to a data breach at the Securities Exchange Commission. This bill would require the SEC to develop internal risk mechanisms to secure market data information. See, 2017 CONG US HR 3973.

On Department of Homeland Security Cyber Agency: A bill passed in the House in July 2017 (the Senate has yet to make a decision on this bill), after passing the Homeland Security Committee, will put DHS cyber functions into a new Cyber-security and Infrastructure Protection Agency, with clear authority and a defined role. See, 2017 CONG US HR 2825.

On the National Institute of Standards and Technology’s Cyber-security Framework, Assessment, and Auditing Act of 2017: This act will allow the National Institute of Standards and Technology to initiate an individual cyber-security audit of agencies to assess the extent to which the agency is meeting the information security standards.  See, 2017 CONG US HR 1224.

On the Internet of Things:  Legislation on setting the minimum security requirements for Internet of Things devices could also be on the docket. The Internet of Things refers to all manner of interconnected devices, ranging from smart-phones to self-driving cars.  See, 2017 CONG US 2234 and 2017 CONG US 1904.

Not a Westlaw subscriber? Sign-up for a free trial today.