In the News
Connecticut Board of Education Considers RFID System to Track Students: The New Canaan, Connecticut Board of Education has begun talks with SecureRF Corporation to hire SecureRF to provide the town’s schools with a monitoring system called a Radio Frequency Identification (“RFID”) system. Students would carry RFID tags, which would use radio waves to allow monitors to see when students pass designated points where the tags are registered. SecureRF introduced the idea at August’s Board meeting. SecureRF is applying for a $100,000 grant from the National Science Foundation to fund the system, which would be a pilot program for larger deployment to occur later. Student participation in the program would be voluntary. Assistant Superintendent of Schools Steven Swerdlick said that the Board is considering the privacy implications, explaining that the Board would have to be “thoroughly satisfied that there is no negative impact on privacy and safety” before making any final decision about RFID deployment.
California Breach Notification Bill Sent Back to Governor: On August 19, 2010, the California Senate passed SB 1166, which would update California’s data breach notification law. The bill (then SB 20) was previously vetoed last October because, the governor said, there was no proof that the new measures would actually help consumers. Joe Simian (D-Palo Alto), who drafted the bill, said he was persuaded to reintroduce it this year after conversations with the Governor’s office, and that, based on those conversations “a signature by the Governor seems possible this year.” SB 1166 would require additional information in notification letters, including the type of personal information exposed, a description of the incident, and an explanation of what steps consumers can take to protect themselves from identity theft. California’s current law was the first breach notification law in the nation in 2002. Since then, most states have adopted similar laws. Many of the newer rules include the kind of information SB 1166 would require.
ABA Continues to Fight Inclusion of Attorneys in Groups Regulated by Red Flag Rules: On August 20, 2010, the American Bar Association filed a brief in D.C. Circuit Court responding to FTC claims that lawyers should be required to comply with the “red flag” rules requiring financial institutions and creditors to develop and maintain identity theft prevention programs. The issue is before the D.C. court on an appeal by the FTC of a 2009 ruling in D.C. district court that found that the FTC’s interpretation of the law, which would cover lawyers, was unreasonable. In its August 20 filing, the ABA argued that the FTC cannot regulate the practice of law until such time as Congress gives the FTC an “unmistakably clear” grant of authority to do so. No oral argument date as been set, but the FTC will have a chance to respond to the ABA’s brief by September 21, 2010.
Illinois Enacts Law Prohibiting Credit Checks by Employers: On August 10, 2010, Illinois passed HB 4658, the “Employee Credit Privacy Act,” which restricts the access of employers to credit histories of potential employees. The law restricts employers from obtaining, or even inquiring about, credit histories unless a satisfactory credit history is an “established bona fide occupational requirement” of a particular job, under a limited set of circumstances, such as a requirement by state and federal law that bonding or other security is required to cover the employee. Employers are also prohibited from (i) failing to hire or recruit, (ii) firing, or (iii) otherwise discriminating against employees or potential employees on the basis of their credit histories. Illinois is the fourth state to enact legislation restricting employer access to employee credit information.
Privacy and Data Protection Team
The attorneys in Womble Carlyle’s Privacy and Data Protection Team provide a wide array of privacy services to clients. We work with clients to assess their privacy and data security obligations, and then develop a compliance plan and controls to meet their needs. This includes privacy and security assessments; drafting and reviewing policies and procedures; training employees; managing privacy risks in contracts and mergers and acquisitions; and providing dedicated staffing for client privacy projects and ongoing privacy management. Our team does not operate in a vacuum—our goal is to help clients avoid pitfalls in privacy and data protection so they can focus on their core business. We also assist clients when privacy protections do not work by helping clients address security breaches. The firm also assists clients regarding monitoring and affecting privacy and data protection legislation and regulations. Should the need arise, we aggressively represent our clients in litigation and in agency or law enforcement matters.