News Alerts and Breach Report for Week of September 12, 2022
Experts Respond to FTC’s ANPR
The Federal Trade Commission (FTC) held a public comment hearing last week on its advanced notice of proposed rulemaking (ANPR). The hearing involved a panel of industry experts, and they provided perspective on commercial surveillance and data security. Jason Kint, CEO of Digital Content Next noted that the FTC should pay attention to dominant tech players setting the tone, while Rebecca Finlay, CEO of Partnership on AI told the FTC they needed to take AI into account when making new rules. Paul Martino, vice president and senior policy counsel at the National Retail Foundation warned the FTC against making rules too broad, or making rules without understanding context. Also, according to Next Gov, panelists discussed the Global Privacy Control, “a browser setting that lets consumers tell websites their privacy preferences without having to manually reach out to each website—as an important measure for users and companies to take to protect choice and privacy.”
Indonesia to Punish Data Breach with Jail Time
A pending privacy law in Indonesia will prosecute violators with jail time. According to Bloomberg, “Data operators could face up to five years in jail and a maximum fine of 5 billion rupiah ($337,000) for leaking or misusing private information, according to Indonesia’s new data privacy bill set to be passed by parliament this week.”
Ohio, Michigan, and Pennsylvania Consider Privacy Laws
Following the passage of similar laws in Colorado, Connecticut, Utah, and Virginia California, three new U.S. states are considering privacy legislation. The Michigan legislature is currently considering the Consumer Privacy Act (House Bill 5989). It would apply to for-profit businesses that process the personal data of at least 100,000 Michigan residents or control the data of at least 25,000 Michigan residents and makes over 50 percent of its revenue from the sale of such data. HB 5989 would grant consumers a private right of access, the right to correct and delete their data, restrict its use, opt out of their data being sold, and the right to receive a portable copy of their data. The Ohio Personal Privacy Act (House Bill 376) was “informally passed” in February but has since sat with the Rules and Reference Committee. HB 376 resembles Michigan’s HB 5989 in many ways, though it specifically excludes certain government agencies, and sets a gross revenue applicability threshold of $25 million. Pennsylvania’s HB 2202 sits with the Consumer Affairs Committee and sets an applicability threshold of $20 million for for-profit entities. Pennsylvania is also considering several other stripped-down versions of HB 2202. None of the aforementioned bills include a private right of action for consumers.
* * * * * * *
To read our guide on the Information Commissioner’s Office draft guidance aimed at assisting organizations implementing a ‘data protection by design and by default’ approach via techniques like data anonymization and pseudonymization, as well as through the use of privacy enhancing technologies, click here.
To browse through our previously published articles and news alerts, please visit our website, and don’t forget to subscribe to receive free weekly Data and Cyber Governance news and Breach Reports directly to your email.
We have two guests lined up for new podcast episodes. New episodes are generally released on Thursdays, here. They can be enjoyed on Spotify and Apple Podcasts. Don’t forget to subscribe!
Our most recently released episodes:
77 | Privacy & Cybersecurity Whistleblowers: A New Trend?
76 | Privacy Governance v. Cybersecurity Governance
75 | Cybersecurity and Cyber Insurance: Claims, Costs, and Chaos