In this month’s update from the SIA Data Privacy Advisory Board, get the most current information on advisory board projects and events, then see updates on the latest privacy developments, legislative and regulatory activity and must-read articles on privacy topics. Questions and comments about any of the content can be directed to SIA Director of Industry Relations Ron Hawkins at email@example.com.
Data Privacy Advisory Board Update
- The SIA Data Privacy Advisory Board will be holding an in-person meeting at ISC West in Las Vegas on Wednesday, March 23, at 3 p.m. (PDT). The meeting will be open to non-advisory board members.
- The SIA Education@ISC West conference will include a session on Balancing Privacy with Effective Security – An Overview on Redaction, featuring Drake Jamali, manager of government relations at SIA; James Marcella, director of industry associations at Axis Communications; and Florian Matusek, director of video analytics at Genetec.
- The Data Privacy Advisory Board recently released Reducing Risk, Seizing Opportunity: A Security Industry Guide to Privacy, a document building on the Privacy Code of Conduct released last year.
The Indiana Senate on Feb. 1 became the first state legislative chamber to approve a data privacy bill in 2022 when it unanimously passed SB 358, which now awaits consideration by the House. The legislation – which is similar to the Virginia Consumer Data Protection Act, which became law in 2021 – would, according to Lexology, “provide consumer rights such as the right to request that data be disclosed, deleted, or corrected. Additionally, consumers would have the right to opt-out of the processing of personal data for purposes of: (i) targeted advertising, (ii) sale of personal data; and (iii) certain profiling activities. The bill also requires that covered businesses obtain consumer consent before collecting sensitive personal information.” It does not contain a private right of action.
Maine lawmakers are considering a constitutional amendment that would create a right to privacy for its citizens. The amendment, which requires approval by two-thirds of both branches of the Legislature to be added to the state Constitution, reads, “All natural persons have an inherent right to privacy that is free from governmental and private intrusion. The inherent right to privacy includes but is not limited to privacy of a natural person’s personal life, personal communications, private affairs and personal thoughts or inner life. A natural person’s interaction with an Internet, communication or other electronic data service does not diminish the natural person’s reasonable expectation of privacy.” The proposal is being opposed, as the Bangor Daily News noted, by “a somewhat strange alliance of Maine and regional press groups, including the Maine Press Association, which the Bangor Daily News belongs to, and the evangelical Christian Civic League of Maine.”
On Feb. 16, Congress’s Committee on House Administration held a hearing on “Big Data: Privacy Risks and Needed Reforms In The Public And Private Sectors,” during which several witnesses urged lawmakers to pass a data privacy law. Daniel Castro, vice president of the Information Technology and Innovation Foundation, noted the high cost of not having a single national standard: “In the absence of federal data privacy legislation, the growing patchwork of state privacy laws could impose out-of-state costs between $98 billion and $112 billion annually. Over a 10-year period, these costs would exceed $1 trillion. The burden on small businesses would be substantial, with U.S. small businesses bearing $20 billion to $23 billion annually. … Consumers should have the same protections regardless of where they live, and companies should not be faced with 50 different sets of laws and regulations. A patchwork of state laws with varying definitions and standards creates a complex regulatory minefield for businesses to navigate, especially if potential violations risk costly litigation.”
Required Reading: Get the Latest Essential Privacy News
Dark Reading: Be Flexible About Where People Work — But Not on Data Privacy, Feb. 16, 2022
Excerpt: Hybrid and remote work doesn’t happen only in the privacy of people’s homes. It happens in public places like coffee shops and hotel lobbies. These locations present privacy risks that your company today may not address, such as unsecured public Wi-Fi networks and possible exposure of company secrets on workers’ screens. This is why any decision about the future of hybrid and remote work in your company must answer the question: How will we maintain control of the privacy of our sensitive and confidential information?
The Wall Street Journal: How Congress Can Protect Your Data Privacy, Feb. 14, 2022
Excerpt: Only two issues currently divide lawmakers: whether a federal measure should pre-empt state laws, and whether to let consumers themselves initiate lawsuits. On the first, the answer is simple: Pass a federal law stronger than any of the existing state laws and pre-empt only direct conflicts. That is easily achievable because the three state laws that have passed – in Virginia, Colorado and California – are either weak or riddled with loopholes. Even the strongest of the trio, California’s, largely limits only the transferring of data and not its collection. On the second, Congress should develop a compromise: Authorize a private right of action, but one that allows consumers to be compensated only for demonstrable harms.
Bloomberg Law: FTC Sees Growing Pressure for Data Privacy Rule as Pick Stalled, Feb. 8, 2022
Excerpt: Advocacy groups are looking to the commission for policy action amid years of stalled negotiations in Congress over a national privacy law and a growing patchwork of state laws imposing new compliance obligations on companies. But with two Democrats and two Republicans on the commission, having the votes to launch a potentially years-long rulemaking process likely depends on Senate confirmation of Alvaro Bedoya, the Georgetown University law professor Biden’s picked to fill the FTC’s empty fifth seat.
National Law Review: Around the World on Data Privacy Day, Jan. 28, 2022
Excerpt: By 2023, 65 percent of the world’s population will have its personal data covered under modern privacy regulations, up from 10 percent in 2021, according to a technology and consulting company. In light of this, 2022 will see regions such as the Asia Pacific region, Europe, the Middle East, and the United States introducing new data privacy and protection laws.
Morning Consult: More Than Half of Voters Back a National Data Privacy Law, Jan. 12, 2022
Excerpt: Fifty-six percent of registered voters said they support federal data privacy legislation, according to new polling from Morning Consult and Politico – findings that come after civil and human rights advocacy groups presented a 24,000-signature petition to Congress urging action on the issue.