On July 9, 2009, Missouri Governor Jay Nixon signed House Bill 62 ("HB 62”), making the Show-Me State the 45th state with an information security breach notification law on the books. The new law takes effect on August 28, 2009. But Missouri’s new law isn’t the only new data breach notification requirement on the horizon. Amendments to existing data breach notice laws in three other states, Texas, Maine and North Carolina, will also become effective soon.
In January 2009, there was a postponement of a controversial federal regulation resulting from a legal challenge by several trade organizations, including the U.S. Chamber of Commerce. The rule, the result of an executive order signed by then-President George W. Bush, requires most federal contractors and subcontractors to verify their employees’ work eligibility using the Department of Homeland Security’s E-Verify system. On July 8, 2009, President Barack Obama’s Administration announced its plan to go forward with the rule. Immediately after this announcement, the U.S. Senate approved legislation that would codify the rule into law.
On July 7, 2009, the U.S. District Court for the Southern District of New York ruled that the Federal Fair Credit Reporting Act (“FCRA”) preempted an identity exposure plaintiff’s state law claims for, among other things, negligence, breach of contract, and violation of the New York Deceptive Trade Practices Act (“DTPA”).
On June 16, 2009, in Pietrylo v. Hillstone Restaurant Group, USDC D.N.J. Case No. 2:06-cv-5754-FSH-PS, a New Jersey federal jury found that the Houston’s restaurant chain violated the Stored Communications Act (SCA) and the New Jersey Wiretapping and Electronic Surveillance Control Act (NJWESCA) by allegedly requiring an employee to surrender to Houston’s managers login information that would allow access to an employee MySpace gripe group called “Spec-Tator.” Spec-Tator’s creators, Brian Pietrylo and Doreen Marino, were fired for violating Houston’s policies regarding professionalism and positivity. They sued for alleged violations of their common law right to privacy, freedom of speech, the SCA and the NJWESCA, and for wrongful termination.
With social networking sites proliferating across international boundaries, privacy and data protection concerns are becoming increasingly relevant. With these concerns in mind, the Article 29 Working Party, an independent European advisory body on data protection and privacy, adopted an opinion on online social networking on June 12, 2009.