state privacy law workshop
play

State Privacy Law Workshop May 6, 2020 Libbie Canter, Kate Goodloe - PowerPoint PPT Presentation

Mar 03, 2023 •515 likes •1.07k views

State Privacy Law Workshop May 6, 2020 Libbie Canter, Kate Goodloe and Maggie Martin Presenters Libbie Canter Kate Goodloe Maggie Martin ECanter@cov.com m aggie.m artin@capitalone.com kateg@bsa.org 2 Agenda Comprehensive Privacy Laws

  1. State Privacy Law Workshop May 6, 2020 Libbie Canter, Kate Goodloe and Maggie Martin

  2. Presenters Libbie Canter Kate Goodloe Maggie Martin ECanter@cov.com m aggie.m artin@capitalone.com kateg@bsa.org 2

  3. Agenda  Comprehensive Privacy Laws  Where Are We?  The Substance  The Battlegrounds  Other Privacy Topics  Biometrics  IoT  Artificial Intelligence  Health and Genetic Privacy  Cybersecurity 3

  4. Part I Comprehensive Privacy Laws 4

  5. Where Are We? 5

  6. 2019 Privacy Proposals Introduced Passed one chamber Task force or study formed Signed into law ffsdf 6

  7. 2020 Privacy Proposals Introduced Passed one or more chamber Hearings held Signed into law Ballot initiative ffsdf 7

  8. The Battle in Washington State 8

  9. The Battle in Washington State 9

  10. Coronavirus Impact 10

  11. The Substance 11

  12. Key Battleground Issues  Enforcement, including private right of action  Scope of personal information covered  How “identifying” is it? To whom?  Application to employee and household data  Exclusions for de-identified or pseudonymous data  Exemptions for federally regulated entities 12

  13. Key Battleground Issues  Scope of rights with regard to sharing of data  Rights with respect to targeted advertising  Right to opt out of any disclosure of personal information  Additional consumer rights  “Other” issues (e.g. facial recognition)  Distinguishing between “controllers”/businesses and “processors”/third parties or service providers 13

  14. Key Legislative Models 14

  15. Minnesota HF 3096 Factors Content of Law Personal Data Covered All state residents  Transparency  Access Rights  Deletion  Opt-out from sale Sale/Disclosure Restrictions Other Rights Non-discrimination Accountability Other Features Enforcement AG & PROA 15

  16. New Hampshire HB 1680 Factors Content of Law Personal Data Covered All state residents  Transparency  Access Rights  Deletion  Opt-out from sale (opt-in for minors) Sale/Disclosure Restrictions Other Rights Accountability Other Features Enforcement AG only (except PRA for data breaches) 16

  17. Connecticut SB 134 Factors Content of Law Personal Data Covered All state residents  Transparency  Access Rights  Deletion  Opt-out from sale (opt-in for minors) Sale/Disclosure Restrictions Other Rights Accountability Other Features Enforcement AG only (except PRA for data breaches) 17

  18. Nebraska LB 746 Factors Content of Law Personal Data Covered Employee/B2B exceptions  Transparency  Access Rights  Deletion  Opt-out from sale (opt-in for minors) Sale/Disclosure Restrictions Other Rights Accountability Other Features Enforcement AG only 18

  19. Illinois SB 3299/ HB 5603 Factors Content of Law Personal Data Covered All state residents  Transparency  Access Rights  Deletion  Opt-out from sale Sale/Disclosure Restrictions Other Rights Accountability Other Features Enforcement AG only 19

  20. Arizona SB 1614 Factors Content of Law Personal Data Covered All consumers when any aspect of commercial conduct takes place in AZ  (but only if business sells data) Transparency  Access Rights  Deletion  Opt-out from sale (opt-in for minors) Sale/Disclosure Restrictions Other Rights Accountability Other Features HCR 2013 expresses preference for federal standard Enforcement AG only (except PRA for data breaches) 20

  21. Maryland SB 957 Factors Content of Law Personal Data Covered Employee/B2B exceptions  Transparency  Access Rights  Deletion  Opt-out from sale and disclosure Sale/Disclosure Restrictions Other Rights Accountability Other Features Enforcement AG, PRA (violation of CPA) 21

  22. Illinois SB 2330 Factors Content of Law Personal Data Covered Employee exception  Transparency  Access Rights  Deletion  Opt-out from sale and disclosures Sale/Disclosure Restrictions  Correction and opt out of processing Other Rights Accountability Risk assessments Other Features Enforcement AG only (except PRA for data breaches) 22

  23. Massachusetts S. 120 Factors Content of Law Personal Data Covered Narrow Employee Exception  Transparency  Access Rights  Deletion  Opt-out from third-party disclosure Sale/Disclosure Restrictions Other Rights Accountability Other Features Prohibits disclosure of PI if a business knows/willfully disregards under 18 Enforcement AG Enforcement & PRA 23

  24. Florida SB 1670 Factors Content of Law Personal Data Covered Employee/B2B exceptions  Transparency  (contemplated, but not clear) Access Rights Deletion X  Opt-out from sale Sale/Disclosure Restrictions  Correction right contemplated Other Rights Accountability Other Features Enforcement Dep’t of Legal Affairs only (no PRA) 24

  25. Louisiana HB 617, HB 654 Factors Content of Law Personal Data Covered All state residents  Transparency  Access Rights Deletion X  Opt-out from sale Sale/Disclosure Restrictions  Correction right contemplated Other Rights Accountability Other Features Restrictions on use of public records data for marketing/solicitations Enforcement DOJ only 25

  26. Washington PSSB 6281 Factors Content of Law Personal Data Covered Commercial/Employment exceptions  Transparency  Access Rights  Deletion  Opt out of sale Sale/Disclosure Restrictions  Rights to correction; opt out of targeted Other Rights advertising and profiling Accountability Data protection assessments Other Features Facial recognition regulation Enforcement Initially AG only; PRA added 26

  27. Wisconsin AB 870, 871, 872 Factors Content of Law Personal Data Covered All Wisconsin residents  Transparency  Access Rights  Deletion Sale/Disclosure Restrictions Via right to restrict processing  Right to restrict processing and Other Rights nondiscrimination Accountability Recordkeeping requirements Other Features Requires basis to process personal data; further limits sensitive personal data Enforcement AG only 27

  28. Arizona HB 2729 Factors Content of Law Personal Data Covered Employee/B2B exceptions  Transparency  Access Rights  Deletion  Opt out of sale Sale/Disclosure Restrictions  Rights to correction; restriction of Other Rights processing Accountability Other Features Enforcement AG only 28

  29. Minnesota SF 2912 Factors Content of Law Personal Data Covered Employee exception  Transparency  Access Rights  Deletion  Objection to targeted advertising Sale/Disclosure Restrictions (includes sale)  Objection to Processing, Rectification, Other Rights Profiling Accountability Risk Assessments Other Features Enforcement AG only 29

  30. Virginia HB 473 Factors Content of Law Personal Data Covered Employee/B2B exceptions  Transparency  Access Rights  Deletion  Opt out of sale for targeted ads Sale/Disclosure Restrictions  Rights to correction and to object to Other Rights processing and/or targeted advertising Accountability Risk assessments Other Features Enforcement Broad PRA 30

  31. New York Privacy Act – S 5642 Factors Content of Law Personal Data Covered Broad definition, but excludes employees and contractors  Privacy notice Transparency  Access, Correction, Deletion, Restrict Consumer Rights processing, Portability, Object to processing, Profiling restriction  Opt-in (sale and processing) Sales/ Disclosure Restrictions  Likely an indirect requirement Accountability Other Features No minimum company revenue threshold, Fiduciary duty, Pass through Enforcement AG, PRA: injunction/ damages (+atty’s fees) 31

  32. Vermont H. 899 Factors Content of Law Personal Data Covered Not clearly defined  (must include monetary value of data) Transparency Access Rights X  (social networking services only) Deletion Sale/Disclosure Restrictions X Other Rights Accountability Other Features Facial recognition restrictions Enforcement AG only 32

  33. Rhode Island H. 7778 Factors Content of Law Personal Data Covered All State Residents  Transparency Access Rights X Deletion X Sale/Disclosure Restrictions X Other Rights X Accountability X Other Features Enforcement AG only 33

  34. Uniform Law Commission ULC – Timeline Winter/Spring 2020 Drafting sessions Summer 2020 First reading draft to full ULC Summer 2021 Final draft to full ULC Summer 2022 Available for adoption by states 34

  35. Uniform Law Commission Factors Content of Law Personal Data Covered Excludes employees  + “privacy commitment” Transparency  Access, Correction, Deletion, Confirmation Consumer Rights of Processing Sales/ Disclosure Restrictions Opt-out of targeted advertising, profiling Accountability Privacy impact assessments, privacy officers Other Features Duties of: loyalty, data minimization, purpose limitation, nondiscrimination, data security Enforcement AG, PRA 35

Recommend

pp W3C Privacy Workshop in Berlin 2014-11-21 W3C Privacy Workshop in Berlin 2014-11-21 pretty

pp W3C Privacy Workshop in Berlin 2014-11-21 W3C Privacy Workshop in Berlin 2014-11-21 pretty

pp W3C Privacy Workshop in Berlin 2014-11-21 W3C Privacy Workshop in Berlin 2014-11-21 pretty Easy privacy pretty Easy privacy Landscape of Messaging Solutions Voltage Datamotion Symantec Echoworx Totemo TrendMicro Peanut SMS

982 views • 15 slides
From Privacy To Opacity - Digital Me Management W3C Workshop - Privacy for Advanced Web APIs I

From Privacy To Opacity - Digital Me Management W3C Workshop - Privacy for Advanced Web APIs I

From Privacy To Opacity - Digital Me Management W3C Workshop - Privacy for Advanced Web APIs I am ? Karl Dubost Network Global Instantaneous Replicated Permanent ACCESS AND Traces lead to Patterns Privacy is cultural Robots.txt

287 views • 12 slides
The Privacy of Secured Computations Adam Smith Penn State Crypto & Big Data Workshop

The Privacy of Secured Computations Adam Smith Penn State Crypto & Big Data Workshop

The Privacy of Secured Computations Adam Smith Penn State Crypto & Big Data Workshop Relax it can only December 15, 2015 see metadata. Cartoon: 1 Big Data Every <length of time> your <household object> generates

832 views • 55 slides
Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy Alexandra Wood Berkman Klein Center for Internet & Society at Harvard University DIMACS/Northeast Big Data Hub Workshop on Overcoming Barriers to

964 views • 54 slides
PriBots Conversational Privacy with Chatbots Hamza Harkous 1 , Kassem Fawaz 2 , Kang. G. Shin 2 ,

PriBots Conversational Privacy with Chatbots Hamza Harkous 1 , Kassem Fawaz 2 , Kang. G. Shin 2 ,

PriBots Conversational Privacy with Chatbots Hamza Harkous 1 , Kassem Fawaz 2 , Kang. G. Shin 2 , Karl Aberer 1 1 EPFL; 2 University of Michigan Workshop on the Future of Privacy Notices and Indicators, SOUPS 2016 Privacy Notice: Current State 2

708 views • 50 slides
Making Privacy a Fundamental Component of Web Resources Paper presentation at W3C Workshop on

Making Privacy a Fundamental Component of Web Resources Paper presentation at W3C Workshop on

Making Privacy a Fundamental Component of Web Resources Paper presentation at W3C Workshop on Privacy for Advanced Web APIs July 12/13, 2010, London Dr. Thomas Dbendorfer thomas.duebendorfer@google.com Tech Lead, Privacy Engineering Team

350 views • 13 slides
K Anonymity Dagstuhl Workshop Federated Semantic 8 Data Management, June 2017 4 27.06.2017

K Anonymity Dagstuhl Workshop Federated Semantic 8 Data Management, June 2017 4 27.06.2017

27.06.2017 Schutz der Privatsphre (WS15/16) Introduction to Privacy (Part 1) You have zero privacy. Get over it. Scott McNealy, 1999 Privacy, k anonymity, and differential privacy Johann Christoph Freytag Humboldt-Universitt zu

457 views • 11 slides
Privacy Enhancing T echnologies Carmela Troncoso, Gradiant PRIPARE Workshop on Privacy by Design

Privacy Enhancing T echnologies Carmela Troncoso, Gradiant PRIPARE Workshop on Privacy by Design

T rialog, Atos, T rilateral, Inria , AUP, Gradiant, UPM, UUlm, Fraunhofer SIT, WIT , KU Leuve Privacy Enhancing T echnologies Carmela Troncoso, Gradiant PRIPARE Workshop on Privacy by Design Ulm 9 th -10 th March 2015 11/03/2015 Privacy

668 views • 48 slides
Interaction of RFID Technology and Public Policy Presentation at RFID Privacy Workshop @ MIT

Interaction of RFID Technology and Public Policy Presentation at RFID Privacy Workshop @ MIT

Interaction of RFID Technology and Public Policy Presentation at RFID Privacy Workshop @ MIT 15 TH November 2003 By Rakesh Kumar Wipro Technologies India Privacy Consumers Perspective Privacy can be defined as customers ability to

284 views • 17 slides
Privacy Invasions in Ubicomp Marc Langheinrich ETH Zurich http://www.inf.ethz.ch/~langhein/

Privacy Invasions in Ubicomp Marc Langheinrich ETH Zurich http://www.inf.ethz.ch/~langhein/

Privacy Invasions in Ubicomp Marc Langheinrich ETH Zurich http://www.inf.ethz.ch/~langhein/ Privacy Workshop, Ubicomp 2002 Helpful Concepts Privacy Workshop, Ubicomp 2002 ! Privacy Boundaries When do people feel their privacy is being

262 views • 9 slides
How Badly Broken is Privacy Legislation? And what can we do to fix it? 17th Annual Privacy and

How Badly Broken is Privacy Legislation? And what can we do to fix it? 17th Annual Privacy and

How Badly Broken is Privacy Legislation? And what can we do to fix it? 17th Annual Privacy and Security Conference Privacy and Security by Choice, not Chance Afternoon Workshop Wednesday February 3, 2016 Victoria, B.C. Canada Gerry Bliss

1.11k views • 63 slides
2016 International Workshop on Privacy Engineering IWPE 16 Tools in support of

2016 International Workshop on Privacy Engineering IWPE 16 Tools in support of

2016 International Workshop on Privacy Engineering IWPE 16 Tools in support of privacy engineering methodologies Tools for privacy communications Aleecia M. McDonald, PhD Non-resident Fellow, Stanford Center for Internet &

902 views • 15 slides
Privacy in the Smartphone Age Di Ma NSF US/Mid-East Workshop on Trustworthiness in Emerging

Privacy in the Smartphone Age Di Ma NSF US/Mid-East Workshop on Trustworthiness in Emerging

Privacy in the Smartphone Age Di Ma NSF US/Mid-East Workshop on Trustworthiness in Emerging Distributed Systems and Networks June 4-6, 2012 Istanbul, Turkey The issue Privacy in the smartphone age I s important because smartphones

233 views • 6 slides
Secure Genome me Analysis The privacy workshop is jointly

Secure Genome me Analysis The privacy workshop is jointly

The 2 nd Compe,,on on Cri,cal Assessment of Data Privacy and Protec,on Secure Genome me Analysis The privacy workshop is jointly sponsored by iDASH (U54HL108460) and

721 views • 53 slides
W3C Workshop on Privacy for Advanced Web APIs 12-13 July, 2010 I. Krontiris, A. Albers,

W3C Workshop on Privacy for Advanced Web APIs 12-13 July, 2010 I. Krontiris, A. Albers,

W3C Workshop on Privacy for Advanced Web APIs 12-13 July, 2010 I. Krontiris, A. Albers, K. Rannenberg Chair of Mobile Business Goethe University Frankfurt ... location privacy ... 2 Location Privacy the

473 views • 18 slides
Use cases from the perspective of Deutsche Telekom's Group Privacy W3C Workshop on Privacy and

Use cases from the perspective of Deutsche Telekom's Group Privacy W3C Workshop on Privacy and

Use cases from the perspective of Deutsche Telekom's Group Privacy W3C Workshop on Privacy and data usage control public Frank Wagner / Use cases from the perspective of Deutsche Telekom's Group Privacy 24.09.2010 1

464 views • 15 slides
Privacy Preserving Protocols Workshop on Cryptography for the Internet of Things Jens Hermans KU

Privacy Preserving Protocols Workshop on Cryptography for the Internet of Things Jens Hermans KU

Privacy Preserving Protocols Privacy Preserving Protocols Workshop on Cryptography for the Internet of Things Jens Hermans KU Leuven - COSIC 20 November 2012 Privacy Preserving Protocols Introduction Cryptography in Daily Life RFID Privacy

1.04k views • 60 slides
DIMACS/PORTIA Workshop on Privacy Preserving Data Mining Data Mining & Information Privacy:

DIMACS/PORTIA Workshop on Privacy Preserving Data Mining Data Mining & Information Privacy:

DIMACS/PORTIA Workshop on Privacy Preserving Data Mining Data Mining & Information Privacy: New Problems and the Search for Solutions March 15 th , 2004 Tal Zarsky The Information Society Project, Yale Law School Introduction: Various

273 views • 25 slides
$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

Presentation Slides $ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

318 views • 13 slides
Consumers privacy decision -making Sren Preibusch 12 th July 2010 W3C Workshop on Privacy

Consumers privacy decision -making Sren Preibusch 12 th July 2010 W3C Workshop on Privacy

Consumers privacy decision -making Sren Preibusch 12 th July 2010 W3C Workshop on Privacy for Advanced Web APIs Sren Preibusch 1 Intended reaction towards excessive data collection (first and second choices) Sren Preibusch 2

140 views • 12 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

CISPA Center for IT Security, Privacy and Accountabiltiy Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when,

573 views • 26 slides
Compliance Workshop Privacy & Security Protecting Personal Information & SNAP Program

Compliance Workshop Privacy & Security Protecting Personal Information & SNAP Program

3/27/2015 Compliance Workshop Privacy & Security Protecting Personal Information & SNAP Program Considerations August 14, 2014 Presentation by: Jennifer L. Cox, J.D. Cox & Osowiecki, LLC Hartford, Connecticut 1 Todays Privacy &

475 views • 24 slides
$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

Presentation Slides $ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

429 views • 13 slides

More recommend