The privacy world has been abuzz with the passage of the California Consumer Privacy Act of 2018. In June 2018, within just a week, California passed this strict new privacy law. Some commentators have compared it to the GDPR, but it is a much more narrow law and is a far cry from the GDPR. Nevertheless, it is a significant entry in California’s considerable canon of privacy laws.
For more on California privacy laws, see this collection compiled by the California Attorney General.
For the first half of 2018, all eyes were focused eastward on the EU with the start of GDPR enforcement this May. Now, all eyes are shifting westward based on a bold new law passed by California. By January 1, 2020, companies around the world will have to comply with additional regulations related to the processing of personal data of California residents. Pursuant to the California Consumer Privacy Act of 2018, companies must observe restrictions on data monetization business models, accommodate rights to access, deletion, and porting of personal data, update their privacy policies and brace for additional penalties and statutory damages. The California Legislature adopted and the Governor signed the bill on June 28, 2018 after an unusually rushed process in exchange for the proposed initiative measure No. 17-0039 regarding the Consumer Right to Privacy Act of 2018 (the “Initiative”) being withdrawn from the ballot the same day, the deadline for such withdrawals prior to the November 6, 2018 election.
Below is an interview with Lothar Determann, a leading expert on California privacy law. He has a treatise on the topic: California Privacy Law (3rd Edition, IAPP 2018).
Recently, HBO suffered a massive data breach. The hackers stole unreleased episodes of Game of Thrones and have been leaking them before they are broadcast. Episodes of other shows were also stolen. The hackers grabbed 1.5 terabytes of data including sensitive internal documents.
By Daniel J. Solove
Privacy and cybersecurity have become issues that should be addressed at the board level. No longer minor risks, privacy and cybersecurity have become existential issues. The costs and reputational harm of privacy and security incidents can be devastating.
Yet not enough boards are adequately engaged with these issues. According to a survey last year, 58% of members of boards of directors believed that they should be actively involved in cyber security. But only 14% of them stated that they were actively involved.
by Daniel J. Solove
The recent cases of Ebola in the United States demonstrate challenges to health privacy in today’s information age — both in preventing employees from snooping into patient information as well as preventing the disclosure of patient identities.
It seems to happen way too often. Despite policies and laws that forbid law enforcement officials from mentioning the names of suspects who are not yet formally accused or even arrested, leaks invariably seem to happen. The leaks can wreak havoc in the lives of those whose names are mentioned. Many of these people wind up never being charged with any crime, yet their reputations are destroyed by the leaks and resulting media attention. Continue Reading
The Washington Post reports on an interesting little incident involving Tucker Carlson:
Potomac Video store clerk Charles Williamson, 28, posted a message on his blog, Freelance Genius, Dec. 23 that described how he set up a movie rental account for MSNBC host Tucker Carlson at the MacArthur Boulevard store the day before.
“I could tell you what he and his ridiculously wasped-out female companion (wife?) rented if you really want to know,” he wrote. “I won’t tell you where he lives, though. That would be wrong and stupid.” Williamson also joked that he wouldn’t send 10,000 copies of Jon Stewart’s best-selling political satire, “America (The Book),” to Carlson’s home; Stewart ridiculed Carlson on “Crossfire” before the 2004 election.
A week later, Williamson had forgotten all about it, he told us yesterday. That is, until Carlson, 37, reappeared at the video store and, said Williamson, “got pretty aggressive.” According to Williamson, Carlson confronted him about the blog and said he viewed the post as a threat to him and his wife. “He said, ‘If you keep this [expletive] up, I will [expletive] destroy you,’ ” Williamson recalled. . . .
In a phone interview Thursday, Carlson acknowledged that he approached Williamson in the store and said he was “very aggressive” because he wanted the post removed: “I don’t like to call the police or call his boss. . . . I’m a libertarian. I’m not into that.”
The United States v. Ziegler case I wrote about in a previous post brings to mind a radical employment law case decided last December in New Jersey. [Thanks to Charlie Sullivan and Timothy Glynn for bringing the case to my attention]. The case is Doe v. XYC, 887 A.2d 1156 (N.J. Super. 2005). Since I couldn’t find a version of it online, I’ve posted a copy here.