Search Team

Search by Last Name
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
Banner image

Blog

Privacy Concerns for Individuals When State Governments Release Data

February 18, 2015

Blog

Privacy Concerns for Individuals When State Governments Release Data

February 18, 2015

Back to Fish's Trademark and Copyright Blog

 

Recently, former Florida Governor Jeb Bush released on his website hundreds of thousands of emails sent to him while he was Governor “[i]n the spirit of transparency.”  As The Verge discovered, some of these emails included social security numbers, medical information, employment information, and other data about Florida residents.  The release of similar data by private companies has resulted in widespread litigation for failure to adequately protect consumer information.  This incident raises the question of how to incentivize state and local governments to take appropriate precautions to protect public information within their control.

Under Florida Statutes § 501.171(1)(b), a governmental entity must provide notice concerning any unauthorized leak of confidential personal information and report it to the Florida Senate and House of Representatives in an Annual Report,1 but enforcement provisions do not apply to government entities.  Additionally, there is no private right of action for affected citizens to sue the government.  The Deceptive and Unfair Trade Practices Act, Florida Statutes § 501.201 et seq., which is the mechanism used by governments to prosecute commercial enterprises when leaks occur, only applies to acts or practices in the conduct of trade or commerce.  Floridians may be able to bring a general negligence claim if they can demonstrate direct damages, but caps placed on recovery may render any recovery nominal.  And while there may be civil or criminal penalties against an individual public officer who releases a social security number, there is no effective private remedy for affected citizens.

President Obama has announced initiatives to improve security within the federal government through the new Cyber Threat Intelligence Integration Center designed to enhance federal cybersecurity; but what incites state governments and actors to adopt security measures?  And how can consumers ensure data protection without government accountability and a viable remedy?  While the FTC takes an aggressive stance litigating against private companies, there are few comparable measures to protect against data leaks by state governments, which have arguably much more information on consumers than commercial enterprises.  This mistake makes clear that human error can lead to significant security risks that even the best technology would not have prevented.

While the solution to potential state government breaches is not clear, equity, consistency, and practicality point to the adoption of some data security basic standard for all entities, both public and private.  At the least, some right of private action for affected individuals for data breaches would provide a remedy and a strong incentive for state governments to take precautions with residents’ private data.

1 Granted, here access was not technically “unauthorized” and it was more of a mistake than a “breach,” but it raises the issue of incentivizing protection of this information in non-commercial contexts.

Related Tags

privacy and data security

Blog Authors

Headshot
Donna A. Balaguer, CIPP/US | Principal

Donna Balaguer is a Principal in the Washington, DC, office of Fish & Richardson.  Ms. Balaguer previously served as an executive and in-house counsel to both entrepreneurial and major corporations. She relies on that insider perspective to provide clients with practical and...

Headshot
Ed Lavergne, CIPP/US | Principal

Ed Lavergne is a Principal in the Washington, D.C. office of Fish & Richardson responsible for co-managing the firm’s Regulatory and Government Affairs practice.  He is a Certified Information Privacy Professional (CIPP-US) and an active member of the...

Headshot
Sara Koblitz | Associate

Sara Wexler Koblitz is an associate in the Regulatory Group in Fish & Richardson’s Washington, DC office. Ms. Koblitz has assisted clients in filings with multiple regulatory agencies across varying industries, including the medical device sector and the space and defense...

Leave a Reply

Your email address will not be published. Required fields are marked *