Top Five Privacy Issues NJ Businesses Should Monitor in 2014

Cyber security, smartphone applications, and social media will likely top the priority list of tech issues that businesses intend to focus on in 2014.  Privacy and data protection remain the undercurrent of those issues. Here are some key issues businesses should be monitoring in the context of those priorities:

• Cyber security: Target’s high-profile data breach is just one example of the cybersecurity threats faced by businesses of all sizes. Recent studies suggest that cyberattacks against U.S. businesses have increased nearly 50 percent in the past few years. To make sure companies have the proper procedures in place, Congress is currently considering the Personal Data Privacy and Security Act, which includes measures companies must take to protect sensitive customer data as well as methods by which businesses must notify customers when breaches occur.
• Social media: Employers will continue to face legal concerns regarding the privacy of social media accounts. In New Jersey, a new social media law took effect recently that prohibits employers from requiring applicants and employees to disclose their personal passwords. New Jersey courts are currently addressing other issues, including the ownership of business-related social media accounts and the ability to discipline employees who disparage employers online.
• Data collection: Thanks to mobile and Internet technology, businesses can collect a wide variety of information about customers, ranging from where they live to what they buy. However, these new tools come with security and privacy risks and legal obligations. The “Internet of Things,” which refers to the interconnectivity of personal devices like your cell phone, television, or thermostat, is also gaining the attention of regulators and lawmakers. Businesses who offer products and services in this industry should be aware that they might soon face additional compliance obligations.
• FTC regulation: The Federal Trade Commission (FTC), which is tasked with policing unfair or deceptive acts or practices under the Federal Trade Commission Act, has been increasingly turning its enforcement attention to privacy-related issues. Two ongoing lawsuits, including one pending in New Jersey, challenge whether the regulator has exceeded its authority over data security policies and subsequent breaches. However, even if these suits were to  successfully curb the FTC’s reach, Congress may act by passing legislation that explicitly expands the power of the FTC to increase its jurisdiction over data security and privacy.
• Drones: While Amazon’s plan to use drones to deliver packages likely may be years away from fruition, research on commercial drone use is underway here in New Jersey. Rutgers University and Virginia Polytechnic Institute are partnering to study failure modes and technical risks for drones. In Washington, lawmakers have already expressed concern about using the unmanned aircraft for commercial use. At a recent hearing of the Senate Commerce, Science and Transportation Committee, the task of balancing privacy interests with innovation was the top concern. Businesses should expect additional debate on this issue and, ultimately, federal regulations.

Effective, updated written data security policies and procedures are essential for businesses of all sizes. For additional information, we encourage you to check out our prior Scarinci Hollenbeck Business Law posts and visit companion blog, eWhite House Watch.

If you have any questions about this post or would like to discuss your company’s cybersecurity and data protection strategies, please contact me or the Scarinci Hollenbeck attorney with whom you work.