31 Jul Global Data Privacy and Protection Insights – Monthly Newsletter July 2019
HBS Attorney Analysis
Earlier this year, Arkansas Governor Asa Hutchinson signed HB 1943, which amends the Personal Information Protection Act. It goes into effect on July 23, 2019. The new law expands the definition of ‘personal information,’ imposes additional reporting obligations, and enacts specific retention requirements. It continues to apply to any business that acquires, owns, or licenses the personal information of an Arkansas resident.
New York’s SHIELD Act has passed the New York Senate, and now awaits passage in the Assembly before it goes to the Governor to sign into law. While the Act contains new rules regarding data breaches and data breach notification, businesses should be most concerned about the increased geographic coverage of the Act, and the new requirement that businesses implement “reasonable safeguards to protect the security, confidentiality and integrity of the private information.”
It may come as a surprise, but only 11 states have constitutional provisions that contain an explicit right to privacy. Specifically, California voters amended their state constitution to include the right of privacy among the inalienable rights of all people in 1972. In 2018, the California legislature passed the California Consumer Privacy Act of 2018 (CCPA), the first data privacy legislation of its kind in the United States.
Your cell phone rings. You look down, and to your delight, it’s your daughter. She’s in college now and remembering to ‘give mom a call every once in a while’ seems to be an impossible task. You quickly answer, and your delight immediately turns to terror: “We have your daughter,” a voice on the other side of the phone says. “If you don’t pay her ransom, we are going to start cutting off her fingers.” The caller knows personal details about your family, including where you live. The caller ID says the call is coming from your daughter’s phone. In the heat of the moment, there is no reason for you not to believe that your daughter’s been kidnapped.
As the first year of GDPR’s governance comes to a close, the hysteria has subsided, but the reality of the reach of GDPR is all the more real. Since its May 25, 2018 effective date European State Data Protection Authorities (“DPA”) have received more than 64,000 data breach notifications. Those 64,000 notifications have resulted in more than €56,000,000 ($62,500,000) in fines issued under enforcement actions.
Latest News and Headlines
Data breach exposes information of thousands of patients in L.A. County
Los Angeles Times
Fines and Settlements
After a Data Breach, British Airways Faces a Record Fine
The New York Times
Future of Privacy
California’s AB-1395 Highlights the Challenges of Regulating Voice Recognition
Future of Privacy Forum
What Texas businesses need to know about new data breach notification requirements
Houston Business Journal