Missouri: HB 62 includes many provisions that are similar to other state laws requiring notice to individuals when the security of their personal information has been compromised. For example, HB 62 includes a “material risk of harm” trigger. In other words, a business is not required to notify Missouri residents if, after an appropriate investigation or consultation with relevant law enforcement authorities, the business determines that identity theft is not likely to result from the breach. In addition, a business is not required to notify state residents if the personal information compromised was encrypted. Like some other state laws, HB 62 also requires notice to the Missouri Attorney General and national consumer reporting agencies if more than 1,000 Missouri residents are notified, and allows the Attorney General to seek actual damages or civil penalties from persons that fail to comply with the law.

The Federal Trade Commission (“FTC”) announced today that, for the third time, it will delay enforcement of the Red Flags Rule until November 1, 2009 – a year after the original November 1, 2008 compliance deadline. In delaying enforcement yet again, the Commission stated that it intends to engage in an “expanded business education campaign” in which the staff will “redouble its efforts to educate [businesses] about compliance.” Such a campaign is designed to “clarify whether businesses are covered by the Rule and what they must do to comply.” The delay does not affect companies subject to the enforcement authority of federal agencies other than the FTC.

The popularity of crime dramas on primetime television schedules has made certain aspects of genetic testing commonplace and uncontroversial.  However, as science continues to advance at an exponential rate, and as technology and innovation have invaded the realm of individual privacy rights, individuals’ genetic make-up are likely the next frontier.

At least 32 states have genetic privacy laws on the books.  These states have taken steps to protect genetic information beyond the protections given to other types of health information.  This is referred to as “genetic exceptionalism,” which calls for special protections for genetic information due to its predictive, personal and familial nature and other unique characteristics.  Generally speaking, state genetic privacy laws restrict parties (such as insurers or employers) from taking a particular action without consent.  These laws cover a broad range of issues, including:

  • Requiring personal access to genetic information;
  • Requiring consent for performing tests, obtaining or accessing genetic information, retaining genetic information, and/or disclosing genetic information;
  • Defining genetic information or DNA samples as personal property; and
  • Providing for specific penalties for genetic privacy violations.

In January 2009, we reported on the postponement of a controversial federal regulation resulting from a legal challenge filed by Proskauer Rose on behalf of several trade organizations, including the U.S. Chamber of Commerce. The rule, the result of an executive order signed by then-President George W. Bush, requires most federal contractors and subcontractors to verify their employees’ work eligibility using the Department of Homeland Security’s E-Verify system. On July 8, 2009, President Barack Obama’s Administration announced its plan to go forward with the rule. Immediately after this announcement, the U.S. Senate approved legislation that would codify the rule into law.

With social networking sites proliferating across international boundaries, privacy and data protection concerns are becoming increasingly relevant. With these concerns in mind, the Article 29 Working Party, an independent European advisory body on data protection and privacy, adopted an opinion on online social networking on June 12, 2009.

As noted