A month after the Mobile Marketing Association released its Mobile Application Privacy Policy Framework (which we blogged about here), the GSM Association (GSMA) announced the release of its Privacy Design Guidelines for Mobile Application Development. The guidelines seek to provide developers with specific design points meant to enhance mobile application users’ abilities to guard personal information within mobile apps.

A federal district court dismissed an action against an employer alleging vicarious liability for an employee’s dissemination of a patient’s protected health information (PHI) related to treatment for a sexually transmitted disease (STD). Specifically, the court found that the employer, a private New York medical clinic, was not vicariously liable for the actions of the employee because the employee was acting in a personal capacity which was beyond the scope of her employment.

It may seem obvious to a lay person that employees should refrain from insulting their companies on social media due to the threat of termination for cause; however, there are contradictory legal principles that apply to the use of social media by employees which can be used both for and against employees (i.e. freedom of speech, right to privacy, data protection laws, an employer’s right to take disciplinary action, public insult offense, etc.) As a consequence, there is uncertainty as to whether an employer can use its employees’ postings made on social media websites to sanction them.

On February 22, 2012, California’s Attorney General, Kamala D. Harris, entered into an agreement with several leading providers of mobile devices and app stores to increase consumer privacy protection for mobile applications or “apps.” Under the agreement’s terms, these companies have agreed to redesign their app stores to provide a location for app developers to display their privacy policies.

On February 23, 2012, the White House issued a proposal to adopt a Consumer Privacy Bill of Rights. The new proposal is part of the Administration’s efforts to adopt a comprehensive consumer data privacy framework that applies to all personal data, defined as any data that can be linked to a specific individual or device. The Administration’s efforts are also intended to bring about conformity with the privacy principles that have become the norm in other countries such as in Europe, thereby increasing interoperability between the U.S. privacy framework and that which has arisen in the rest of the world.

For now, the Consumer Privacy Bill of Rights is still a blueprint and does not include enforceable rules, but the Administration is pursuing implementation through legislation and a multistakeholder rule-making process.