Tyler S. on LinkedIn: Clark County Human Resources (2024)

Latest News

12

In this article, our Partner, Saurabh Bindal and Intern, Ayushman Singh delve into a facet of the DPDP Act, 2023, that has not been given enough consideration relative to its possible consequences - the foundational principles and attributes that define the Data Protection Board. It also examines the critical question of whether the Board aligns with the concept of a tribunal, given its quasi-judicial role in data protection matters. Furthermore, the paper explores the constitutional implications of not mandating a judicial member within the Board, assessing potential conflicts with the doctrine of separation of powers. Read more: https://lnkd.in/gxMpzKDF#dataprotectionboard #digitalpersonaldataprotectionact #judicialrepresentation #tribunal #dataprotection #fmblogs #fma #foxmandal

31

No harm, no foul?For those who find the developments around awarding compensation for non-material (i.e., distress/anxiety) data protection harms as interesting as I do, the English High Court handed down a judgment last Friday that considered the issue. The litigation concerns a data breach involving nearly 450 current and former police officers whose pension letters were sent to the wrong addresses.After the UK ICO found that no further action needed to be taken in relation to the breach, the officers collectively sued the company that sent the letters, alleging breaches of UK data protection laws and the misuse of private information.They each sought damages of between £3,000 and £4,000.Last week’s pre-hearing judgment turned on whether the letters were actually opened, and the judge found that most were not.Indeed, of the 446 claimants, only 14 were allowed to proceed — but even those 14 were “very far from being serious cases”, and may ultimately be dismissed as the proceedings continue.For example, in each case the letter was handed back to the relevant claimant, and in 11 of the 14 cases, the letter was apparently opened by a relative before being passed back to the relevant claimant.Nevertheless, the 14 claimants variously alleged that the breach caused them anxiety, distress, exacerbation of unrelated symptoms (in one case, of post-natal depression), and annoyance and irritation.*****The question you likely want to ask is whether — and if so what — the judge had anything to say about a minimum threshold of seriousness of harm being suffered.And the answer is that he kicked the can down the road.The European Court of Justice’s decision last year in Austrian Post (in which the ECJ found that there is no minimum threshold for non-material harm claims) isn’t binding on English courts post-Brexit, albeit they may choose to give it weight.Here, the judge wrote: " ... it is not necessary (nor is it desirable) for me to reach a concluded view on the very interesting points as to whether the law in this jurisdiction imposes a threshold of seriousness in data protection claims ... I think it is better for me not to express any view. It is sufficient ... that I have decided that whether each Claimant could surmount a threshold of seriousness (were one found to apply in data protection claims) is a factual question that ... can only fairly be resolved at a trial".So the wait goes on for a post-Austrian Post decision by the (senior) English courts on non-material data protection harms.Frankly, I'm not sure that this is the case to get it over the line, given the facts discussed above, but time will tell.#dataprotection #gdpr #damages #databreach

27

This a rapidly growing trend - its usually redacting personal identifying information (PII) from the record... not from the ability to search for the record.It really does nothing for their stated purpose. The question here is - why is this no long a search criteria? If a searcher has this information, its not like they are looking for it. There is actually no reason to redact this information from records, either. But, that's for another day.

1

On March 2024 New Hampshire enacted SB 255. Learn why this pivotal legislation empowers New Hampshire residents with protections surrounding their personal data &more. 🛡️🔒Learn more here: https://lnkd.in/gBqt8NGJ#NewHampshire @SB255 #PrivacyLaw #GetTerms

This blog post is a great read for those interested in California's Senate Bill 362, which if passed into law, would build on the compliance obligations that entities designated as “data brokers” are required to follow.

The agency released 2 April its first-everenforcement advisoryfocused specifically on CCPA data minimization obligations tied to consumer requests. More specifically, the advisory focuses on minimization standards underCalifornia Civil Code § 1798.100(c), the implementing CCPA regulations concerning minimization, and additional CCPA regulations that "reflect the concept of data minimization."#dataprotection

8

Defense DepartmentRulesPublication Date: 9/21/2023EDDECTIVE Date: 10/23/2023Privacy Act; ImplementationFRDoc#:2023-20434FRDoc@88 FR 65129 (3 pgs) CFR: 32 CFR 310Agency/Docket ID: DoD-2022-OS-0142RIN: 0790-AL62SUMMARY: The Department of Defense (Department or DoD) is issuing a final rule to amend its regulations to exempt portions of the system of records titled CIG–16, “Inspector General Administrative Investigation Records,” (IGAIR) from certain provisions of the Privacy Act of 1974....FOR FURTHER INFORMATION CONTACT:Ms. Rahwa Keleta, Privacy and Civil Liberties Division, Directorate for Privacy, Civil Liberties and Freedom of Information, Office of the Assistant to the Secretary of Defense for Privacy, Civil Liberties, and Transparency, Department of Defense, 4800 Mark Center Drive, Mailbox #24, Suite 08D09, Alexandria, VA 22350–1700; OSD.DPCLTD@mail.mil;(703) 571–0070.SUPPLEMENTARY INFORMATION:Discussion of Comments and ChangesThe proposed rule published in the Federal Register (88 FR 7375–7378) on February 3, 2023. Comments were accepted for 60 days until April 4, 2023. One comment was received which stated support for the exemption rule.I. BackgroundIn finalizing this rule, OSD is exempting portions of this system of records titled, CIG–16, “Inspector General Administrative Investigation Records,” from certain provisions of the Privacy Act of 1974. This system contains records of DoD Office of Inspector General mission activities such as: the identification, referral, & investigation of DoD Hotline complaints; administrative investigations of both military & civilian senior officials accused of misconduct; oversight & investigation of whistleblower reprisal cases against Service members, DoD contractor employees, & DoD civilian employees (appropriated & non-appropriated fund); & improper command referrals of Service member mental health evaluations.II. Privacy Act ExemptionThe Privacy Act allows Federal agencies to exempt eligible records in a system of records from certain provisions of the Act, including those that provide individuals with a right to request access to and amendment of their own records. If an agency intends to exempt a particular system of records, it must first go through the rulemaking process pursuant to 5 U.S.C. 553(b)(1)–(3), (c), and (e).OSD is amending 32 CFR 310.28(c)(4) to change the system name and to exempt portions of this system of records from certain provisions of the Privacy Act because information in this system of records may also fall within the scope of the following Privacy Act exemptions: 5 U.S.C. 552a(j)(2) and (k)(1).Regulatory Analysis...https://lnkd.in/gc4RB8hF

1

Interesting look at the lack of federal #dataprivacy law by my colleague Makenzie Holland. Curious what the ostensible reason is for not having such a law - I have my theories as to the real reasons, ofc... via TechTarget News

11

This should become federal law as soon as possible. Reading the law I see exceptions that I expect will be abused (for security reasons or if part of research) by the usual suspects, but this is a meaningful start.