At a glance.
- Probable implications of New York' SHIELD law.
- UN chooses Tencent to facilitate its 75th anniversary online conversations.
- Governments urged not to abuse public health surveillance measures.
- Lawful intercept vendors' offer of assistance in collecting epidemiological data raises questions.
The SHIELD ACT and business.
The National Law Review summarizes the salient points of New York's new data breach reporting law, the Stop Hacks and Improve Electronic Data Security (SHIELD) Act. The law, which went into effect on March 21st, expanded the scope of previous data breach laws from entitites that did business in New York to anyone who "owns or licenses the private information of a New York resident." Private information is now defined as including, among other items, “'biometric information' and a 'user name or email address in combination with a password or security question and answer that would permit access to an online account.'” "Breach" has been redefined as well. It's no longer confined to "acquisition" of information by an unauthorized party, but now extends to cases where there are “indications that the information was viewed, communicated with, used or altered by a person without valid authorization or by an unauthorized person.” Finally, the law also imposes data security requirements that don't specify requirements for protecting information. Instead, the law describes what businesses must do to be "deemed in compliance." To do so, a business must have a data security program with administrative, technical, and physical safeguards, all of which are assessed against a standard of reasonableness.
There's one notable difference between the SHIELD Act and the California Consumer Privacy Act: the SHIELD Act, unlike its West Coast counterpart, doesn't create a right of private action.
The UN's "global conversation" in honor of its 75th anniversary will be moderated from China.
Quartz notes that the United Nations has chosen the partner that will provide "videoconferencing and digital dialogue tools" as the UN prepares to celebrate its seventy-fifth anniversary with "thousands of online conversations" so that the thoughts of millions will be audible in Turtle Bay. That partner is Tencent, best known outside China for its central role in Beijing's domestic surveillance programs.
Privacy hawks urge governments not to abuse epidemiological surveillance.
It might be necessary in an emergency, but privacy advocates (prominently including Human Rights Watch) are urging governments not to prolong emergency measures beyond necessity, and above all not to make comprehensive surveillance a permanent feature of their policy.
Spyware vendors would like to help governments collect epidemiological information.
Israel-based NSO Group, proprietors of the Pegasus intercept tool, and their Italy-based competitor Cy4Gate are offering their products to governments interested in tracking individual contacts during the COVID-19 pandemic. Motherboard sees the software on offer as mass surveillance tools, as easily adaptable to pervasive surveillance of individuals as they are to tracking contacts.