The Transportation Security Administration (TSA) will require a REAL ID-compliant form of identification for all airline passengers who fly in the United States starting on October 1, 2020. More information from the TSA about REAL ID is available here.
Stanford Law School’s Center for Internet and Society (CIS) has an interactive map that lists Internet legal developments around the world. More information about this map can be found at the CIS map’s FAQ page.
California now has the first IoT (Internet of Things) security law in the U.S., as reported by CNET.com. California Senate Bill No. 327 (SB-327) was signed into law on September 28, 2018, and this law will become effective on January 1, 2020. The law requires IoT device makers to use appropriate security measures by design, and to protect device data from unauthorized access.
These new requirements are in addition to what is required by the new California Consumer Privacy Act of 2018 (CCPA).
The Cybersecurity and Infrastructure Security Agency (CISA) Act of 2018 was signed into law as of November 16, 2018. This legislation reorganizes the National Protection and Programs Directorate (NPPD) as the Cybersecurity and Infrastructure Security Agency (CISA), a standalone federal agency in charge of cyber and physical infrastructure security.
More information is available at the Department of Homeland Security’s CISA website.
The U.S. Copyright Office issued a new ruling effective October 28th 2018 that allows exceptions to the Digital Millennium Copyright Act of 1998 (DMCA). Section 1201 of the DMCA was used by some companies to restrict consumer and third party use of products containing software, including smartphones, computers, motor vehicles, and home appliances. This ruling allows greater legal protection for consumers and third party companies to repair and diagnose rightfully owned technology products.
Answers to some frequently asked questions on this ruling can be found at www.copyright.gov/1201/2018/faqs.html. General information on U.S. copyright laws is available at www.copyright.gov/help/faq/index.html.
The Federal Trade Commission (FTC) has announced that Americans nationwide can now freeze their credit reports for free. This was made possible because of a new federal law made effective on September 21st 2018.
More information about credit freezes is at www.consumer.ftc.gov/articles/0497-credit-freeze-faqs. The FTC also requires that credit reporting agencies give consumers a free credit report once a year at www.annualcreditreport.com
The California Consumer Privacy Act of 2018 (CCPA) (Assembly Bill AB-375) was passed on June 28th 2018 and is designed to protect the personal data of California state residents. Companies worldwide must comply with CCPA by January 1, 2020.
The International Association of Privacy Professionals (IAPP) has published an in-depth analysis of what is required to comply with this new legislation.
GDPR includes some of the following requirements:
- the right to easy access to one’s own personal data;
- the right to secure data protection by design and by default;
- the right to data portability, or the ability for customers to move their data between companies easily upon request;
- the right to know when one’s data has been compromised or breached;
- the right to be forgotten, i.e. the ability to have one’s personal data deleted if there is no legitimate reason to retain the data.
The maximum penalty for GDPR non-compliance would be 20 million euros or 4% of worldwide turnover, whichever is greater.
More information about GDPR is available at www.eugdpr.org and ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules_en.
Microsoft has published its own GDPR compliance guide and best practices at www.microsoft.com/en-us/TrustCenter/Privacy/gdpr/default.aspx.
Google has documented its own commitment to GDPR here.