MRA News

  • Aug 27, 2014
    At a Technology Policy Institute conference in Colorado in August, Politico interviewed two FTC commissioners about data security and privacy issues of concern to survey, opinion and marketing researchers. Asked about data security bills in Congress, FTC Commissioner Julie Brill said she had thought that the rash of high-profile security breaches early in the year and the rising costs of breaches “would help make the issue rise to the top.” However, the multiple bills in the House and Senate (S. 1927, S. 1897, S. 1976, S. 1995, S. 1193, H.R....
  • Aug 27, 2014
    The Sunshine State has tightened the screws on data security. Governor Rick Scott (R) signed the Florida Information Protection Act (FIPA) (S.B. 1524, Chapter No. 2014-189) into law on June 20. It took effect on July 1. FIPA covers any entity that acquires, maintains, stores, or uses personal information. The most important changes to the prior law (Section 817.5681, Florida Statutes) include: the shortening of the notification requirements from within 45 days to within a mere 30 days (only a few states have specific timelines for...
  • Aug 22, 2014
    On July 15, New York Attorney General Eric T. Schneiderman released a report on data breaches in the Empire State, showing that the number of reported data security breaches in New York more than tripled between 2006 and 2013, including exposure of nearly 23 million personal records. His report also offered some useful pointers for any data-dependent businesses (since almost all have some interaction with New Yorkers or base in the state): Understand what data your company needs to operate, what data you already have, how long you may need to...
  • Aug 22, 2014
    An out-of-state company recently got in hot water in Massachusetts for being too slow to figure out they had suffered a data security breach. Women & Infants Hospital of Rhode Island agreed to pay $150,000 for a security breach of more than 12,000 Massachusetts patients, as part of a July 23 consent agreement with the Massachusetts Attorney General (AG). The breached information, considered a violation of both Massachusetts state law and federal healthcare privacy and security law (HIPAA), “included patients’ names, dates of birth, Social...
  • Aug 22, 2014
    The Hawkeye State recently updated their data security breach notification law (Iowa Code § Chapter 751C) to require that the Iowa Attorney General’s office receive notification of a breach, expand the definition of a breach to include paper records derived from digital ones, and clarify that encrypted or redacted data still qualifies as personal information covered by the law if it could be reidentified using other information that has been breached. Governor Terry Branstad (R) signed S.F. 2259 into law on April 3. It came into effect on...
  • Aug 21, 2014
    California A.B. 1710 looks likely to become law before the end of 2014. This legislation would expand the requirements of the Golden State’s data security breach requirements to include not just the owner or licenser of personal data, but also anyone who “maintains” such data. The bill originally passed the Assembly on May 8, and the Senate returned it to the Assembly for concurrence in some amendments and tweaks on August 19. The terms “own” and “license” include “personal information that a business retains as part of the business’ internal...
  • Aug 20, 2014
    Congress is set to fund most of the federal government in fiscal year 2015 (starting October 1) with a “continuing resolution” in the next few weeks, funding government activities at the same level as the current fiscal year. For the 2020 Census, that could mean a fiscal and statistical disaster later in the decade -- and once we’re on that road, veering off might be extremely difficult. As MRA and our Census Project coalition allies explained in calling for a funding “anomaly” in the continuing resolution to allow for necessary Census 2020...
  • Aug 11, 2014
    By Stuart L. Pardau What Was the Lawsuit About?The class action representatives alleged[1] that comScore improperly obtained and used personal information from class members’ computers in violation of state and federal law. ComScore used a program called “OSSProxy,” which it distributed under different comScore owned and operated brands, to collect information about users’ computer usage. Generally, OSSProxy was bundled with unrelated third party “free” digital products, like screensavers. ComScore presented users who downloaded the digital...
  • Aug 8, 2014
    Will the Federal Communications Commission (FCC) finally bring some certainty to the telephone bills of survey, opinion and marketing research firms, or will it simply spread the tyranny to online research as well? On August 6, the FCC asked the the Federal-State Joint Board on Universal Service to recommend how the FCC should modify the "Universal Service methodology" which determines the size of the fee on your telephone bill. Those recommendations are due in April 2015. BackgroundThe Universal Service Fund (USF) was originally established...
  • Aug 8, 2014
    Delaware needs you to fire up the incinerator and ready the old industrial-strength shredder. The First State’s governor, Jack Markell, signed H.B. 295 into law on July 1, requiring the safe destruction of documents containing personally identifying information. The new law specifies that a commercial entity must “shall take all reasonable steps to destroy or arrange for the destruction of a consumer's personal identifying information within its custody and control that is no longer to be retained by the commercial entity by shredding, erasing...