We’re from the federal government, trust us with your data security

I joined host Ray Dunaway yesterday on Hartford’s WTIC 1080 to discuss the OPM hack (earlier on which) and schemes to extend federal regulatory control over private data security. You can listen here.

And from yesterday’s House hearing on the subject: “OPM chief ducks blame for data breach, pins it on ‘whole of government'” [Washington Examiner]

Filed under: military, on TV and radio, privacy

“Feds Who Didn’t Even Discover The OPM Hack Themselves…”

“…Still Say We Should Give Them Cybersecurity Powers” The spectacular breach of Office of Personnel Management records, which exposed to China-based hackers information on every federal employee as well as the obviously sensitive contents of security clearance applications, was revealed when a vendor of security services was allowed to do a sales presentation on the federal network in question and discovered the already-exploited vulnerability. But of course the feds will be totally competent in prescribing practice to the private sector, right? [Mike Masnick, TechDirt] Earlier on regulation of private-sector electronic security here, here, etc. Related: W$J (DHS couldn’t move to secure networks without engaging in collective bargaining first). Related: pending bills “authorize government to impose data retention mandate on private businesses”

Filed under: military, privacy, technology

June 10 roundup

Alan Dershowitz, Harvard lawprof, suing TD Garden over slip and fall in bathroom three years back [Boston Globe]
“Harsh Sanction Proposed For Attorney Who Blogged About Probate Case” [Mike Frisch, Legal Profession Blog]
Maryland veto sets back reform: “Governor Hogan, Civil Asset Forfeiture Is Inherently Abusive” [Adam Bates, Cato]
“‘Vape’ bans have little to do with public health” [Jacob Grier, Oregonian in February]
Academics prosper through expert witness work, part one zillion [Ira Stoll]
Sounds good: call for civil procedure reform includes fact-based pleading, strict discovery limits, case-specific rules, and more [Jordy Singer, Prawfs, on recommendations from American College of Trial Lawyers Task Force on Discovery and Civil Justice and Institute for the Advancement of the American Legal System]
Draft plan would arm FTC with vast power over data practices [James C. Cooper, Morning Consult, via @geoffmanne]

Filed under: bloggers and the law, discovery, expert witnesses, Federal Trade Commission, forfeiture, Harvard, Maryland, pleading, privacy, procedure, tobacco

Labor and employment roundup

NLRB to brass: please don’t sell workplace data to telemarketers or use it to “harass” or “rob” employees [Joe Perticone, IJ Review]
“Direct evidence must … wait for it … exist to matter in a discrimination case” [Jon Hyman on Butler v. Lubrizol, Ohio Court of Appeals]
“Cries of ‘blacklisting’ as administration cracks down on contractors” [Lydia Wheeler/The Hill, Connor Wolf/Daily Caller, Public Citizen (supportive; proposals also attack pre-dispute arbitration), earlier here and here]
Fast food: “The fix is in on Cuomo’s wage-fixing panel” [Ashley Pratte, Washington Examiner; Diana Furchtgott-Roth, Economics 21]
Another perspective on working in a nail salon [Tyler Cowen, earlier pushback on New York Times investigation]
Annals of “wage theft”: hired Ferguson protesters say they’ve been stiffed out of pay promised by ACORN successor [American Thinker]
“Can [an Employer] Lawfully Prohibit Secret Recordings in the Workplace?” [Jarad Lucan, Connecticut School Law]

Filed under: Andrew Cuomo, arbitration, discrimination law, government contract compliance, National Labor Relations Board, privacy, wage and hour suits

Buy our protective services, or we’ll rat you out to the feds

I’ve got a new post at Cato summarizing dramatic new testimony in the case (briefly noted here last year) of a laboratory company that got reported to the Federal Trade Commission for data breach — and drawn into a crushingly expensive legal battle — after it declined to buy data security services offered by a company with Homeland Security contracts. The battle has been raging for a while, with the nonprofit Washington, D.C. group Cause of Action representing LabMD and outlets like Mother Jones running coverage unsympathetic to its case.

Filed under: competition through regulation, Federal Trade Commission, privacy, WO writings

What to do with police body camera footage?

If you’re Seattle, you put it on YouTube [Tyler Cowen]

Filed under: police, privacy, Seattle, surveillance

Labor and employment roundup

Mach Mining v. EEOC: unanimous SCOTUS, Kagan writing, agrees courts can hold EEOC to legal duty of pretrial conciliation, but prescribes narrower review than employer asked, with no commission duty of good-faith negotiation [Maatman et al; earlier on case here, here, and here; earlier from me on EEOC record of frequent losses in court]
New “ambush election” rules: “Your Privacy Has Just Been Compromised, Thanks To Obama’s NLRB” [Labor Union Report]
U.K. controversy parallels ours: “Banning unpaid internships will harm, not help, the disadvantaged” [Andrew Lilico, IEA]
“U.S. signed agreement with Mexico to teach immigrants to unionize” [Sean Higgins, Washington Examiner]
Another view on bias-law “Utah compromise” [Dana Beyer, Huffington Post; my critical view]
Advice to employers: “OSHA is not your friend. It is not there to give you an atta-boy on workplace safety. It is there to find violations and levy fines to make money for OSHA.” [Jon Hyman]
“CA: Failing to Pay Prevailing Wages May Be Intentional Interference with Prospective Economic Advantage” affording competitors a cause of action [Garret Murai via TortsProf]

Filed under: California, EEOC, Mexico, OSHA, privacy, Utah, wage and hour suits

Target data breach class settlement

The Target Corporation’s settlement of class action litigation over a major consumer data security breach is not as groundbreaking as all that, and in particular falls far short of the enormous liability payouts that were being talked of for a while [Paul Karlsgodt; Minnesota Public Radio] It does however feature attorney’s fee payouts “not to exceed $6.75 million, which is on the high end of the historical range” [Paul Bond, Lisa Kim, and Christine Czuprynski, Reed Smith] Earlier here. More: Randy Maniloff, Minneapolis Star-Tribune.

Filed under: class action settlements, debtor-creditor law, privacy

Europe’s misbegotten “right to be forgotten”

It grows from a branch of Friedrich Hayek’s idea of Fatal Conceit, writes Julian Sanchez [Cato, earlier]

Filed under: Europe, Google, privacy

When the family is the last to know

The doctor legally couldn’t tell him his son was in drug trouble. Nor could the college. Maybe time to rethink federal privacy laws? [Tony Christ, DelmarvaNow]

Filed under: colleges and universities, HIPAA, privacy