A draft Congressional bill released Tuesday, May 3 aims enhance consumer privacy protections both online and offline and establish a national framework for the collection, use and security of consumer information, superseding state law requirements regarding the collection, use and disclosure of the information it covers. The draft legislation, sponsored by Congressmen Rick Boucher (D, Va.) and Cliff Stearns (R, Fla.), recognizes the importance of online advertising in supporting free online content and services and attempts to extend privacy protections without disruption of this business model.

Massachusetts’s new data security regulations, effective as of March 1, 2010, currently set forth the country’s most stringent requirements for protecting data. Extending beyond what is required by other states, Massachusetts specifies that, for example, covered entities must implement a written information security program and must encrypt personal information that will be transmitted over the Internet, or that is kept on laptops and other portable devices. Massachusetts regulators and enforcement agencies would likely make the following three arguments that out of state entities must also comply with the new regulations.

On April 27, 2010, a sweeping new law on data protection was passed by the Mexican Senate, clearing the way for the President to sign the landmark legislation, which provides for penalties up to an astounding $1.5 million for violations under the law.  The new Federal Law for the Protection of Personal data (la Ley Federal de Protección de Datos Personales en posesión de los particulares), prescribes, among other things, the manner with which both private and public entities must treat the collection, use, and disclosure of personal data relating to Mexican citizens.

On April 27, 2010, the Federal Trade Commission announced separate settlements with women’s clothing retailer Talbots and its telemarketer SmartReply, Inc. for violations of the Telemarketing Sales Rule (“TSR”). The FTC alleged that SmartReply’s robocalls for Talbots did not allow consumers to opt out of future calls until they had listened to almost all of the prerecorded solicitation or failed to provide opt out instructions; did not immediately disconnect consumers that chose to opt out; and failed to notify live call recipients of their right to opt out at any time during the call.

On March 22, 2010, Washington Governor Christine Gregoire signed H.B. 1149 into law, making her state the second behind Minnesota to hold businesses and governmental entities responsible to financial institutions for certain costs arising from payment card information breaches. As of July 1, entities that process more than 6 million credit or debit card transactions annually who fail to reasonably safeguard card information can be required to reimburse financial institutions for the costs related to the re-issuance of cards as well as attorneys fees and costs in the event that a security breach involving payment card information is a proximate result.