- Data Security
- Identity Theft
- Healthcare IT
- Offshore Data Security
- Cell Phone Use
- Census Funding
- Universal Service
- Do Not Call
- Text Messaging
Congress – CMOR attended a hearing of the Senate Commerce Committee on the Counter Spy Act (S. 1625), which bars various activities related to “taking control” of another's computer. It requires notice and consent prior to collection of sensitive PII, and disclosure prior to collection of PII under certain circumstances. It does, however, contain an exception for information collection that only impacts user experience at an online service or Web site. The FTC and state Attorneys General would have enforcement authority, and be able to levy civil penalties of up to $3 million per violation. Thanks to CMOR’s previous efforts, this legislation should have no direct negative impact on the research profession.
VA – Del. Kathy Bryson’s H.B. 1469 on data security has been signed into law. The new law, on identity theft and breach notification, stipulates that any unauthorized individual who acquires unencrypted private data that could lead to identity theft must notify the Virginia Attorney General of the breach of the security system. The law defines a breach of a security system as the unauthorized access of compromising and unauthorized computer data. It is not a violation for employees to access private data, provided it is for a lawful purpose. Private data is a person’s name in addition any one of the following: social security number, driver’s license number, or financial account number in addition to any required password. Notice can be provided by a written letter, telephone, or electronically. If, however, providing notice would cost over $50,000, affect a class of residents over 100,000, or the person cannot obtain to consent to notify the Attorney General, substitute notice may be done through: e-mail, posts on a website, or the media.
Survey and opinion research companies who are located in Virginia or conduct business in Virginia with respondents are expected to comply with the scope of this law if a security breach occurs.
Offshore Data Security
European Union - A member of the European Parliament from the Netherlands, MP Jules Maaten, plans to introduce legislation modeled after the U.S. Congress’ H.R. 275. It would similarly prohibit businesses from locating any data containing personally identifiable information (PII) within Internet-restricting countries. MRA remains concerned with the potential negative impact of H.R. 275 on the research profession and is similarly concerned about MP Maaten’s bill. MRA will work with our counterparts in Europe on this bill.
Congress - Rep. Charles Boustany (R-LA 07) introduced the Patient-Controlled Health IT Act (H.R. 6345), which would provide financial incentives for the adoption of healthcare information exchange networks. It is unclear if this legislation would restrict the research use of and access to Personal Health Information (PHI) more than the existing restrictions under the federal HIPAA law. INSERT LINK TO MRA HIPAA BRIEF MRA will be contacting the sponsor to emphasize the importance of data access and use for research, although this legislation is unlikely to be acted upon.
MI - H.B. 6103, known at the “Identity Theft Prevention Act”, introduced by Rep. Bert Johnson (D), has been amended to require certain disclosures to consumers when their personal identifying information is included in public records. Specifically, if a person or agency has a database that holds personally identifying information, the person or agency must disclose the information, how they use it, and include a phone number so individuals can call and either edit the information or request removal. Notice must be provided by sending a letter, or if the recipient has consented to electronic notice or the agency conducts most of its business online, an e-mail can be sent. Notice can also be provided by the telephone, provided that the recipient consents and the call does not result in a live conversation. Knowingly failing to provide notice can result in a $250 fine for each failed notice. Civil damages would be capped at $750,000 per person. This legislation would apply to survey and opinion research companies that share personal information of respondents in public records.
Cell Phone Use
MA - The Joint Committee on Transportation introduced H.B. 4477, which would make it illegal for anyone under 18 to utilize any cell phone—even a hands-free device—while driving in the car. In addition, the bill would also require all remaining drivers to have a hands-free device while driving. Furthermore, it will be presumed that a driver who is holding a cellular device is using that device—though that presumption is rebuttable. There would also be an exception if the driver could show that he/she was using a cell phone for emergency purposes and would not apply to public employees such as policeman, fireman, or other safety vehicles. Survey and opinion researchers need to be mindful of such legislation and laws and implement appropriate business policies on how to proceed in conducting telephone surveys via cell phone.
Congress – The President signed Public Law 110-252, a Supplemental Appropriations Act, on June 30, 2008. This legislation included $210 million “for necessary expenses related to the 2010 Decennial Census”, although $4 million of that funding is dedicated to strict oversight by the Office of the Inspector General and the Defense Contract Management Agency. CMOR has been advocating for this emergency funding
TX - The Texas Public Utility Commission ("TX PUC") unanimously voted to reduce the state high-cost universal service fund by 36.5 percent. The fund will decrease from $395 million to $251 million and the current 4.4 percent monthly universal service fee will decrease to 3.4 percent by 2012. This will lower the telephone bills for research organizations located in Texas.
Do Not Call
CA - Assemblyman Fabian Nunez (D) has introduced A.B. 2059, which would require solicitors who are contacting consumers not on the “do not call” list, to state clearly who the solicitor is, the solicitor’s telephone number, and notice that the consumer may be contacted by telephone. A consent form to receive phone calls would also have to be included. The same standard would apply to those consumers who are on the “do not call” list. Solicitor is defined specifically to cover calls for sales-related purposes, so research calls would not be included in the scope of this legislation.
NY - A.B. 70, sponsored by Assemblywoman Audrey Pheffer (D), has been sent to New York Gov. Patterson for signature. The proposed law would make it unlawful for any entity to send unsolicited advertisements via fax if the recipient has indicated that they do not want to receive the messages. The proposed law would not apply to faxes when there is a previous business relationship. If signed into law, unsolicited faxes would also have to include a toll-free number or a cost-free way for the recipient to contact the sender in order to request that faxes no longer be sent. Under the pending law, unsolicited faxes are defined to only include commercial or sales related faxes. Similar to the existing federal law, this pending law will not apply to faxes sent solely for survey and opinion research purposes.
NY - Sen. Shirley Huntley (D) introduced an unsolicited email bill that would make it a Class A misdemeanor of aggravated harassment to send unsolicited emails without the consent of the recipient, when the message does not have the purpose of legitimate communication and the recipient cannot send a direct reply to the sender. “Unsolicited” is defined to cover commercial sales related e-mails only, so research emails would not be included.
Congress - Sen. Gordon Smith (R-OR) introduced the “Do-Not-Text Act” (S. 3138), which would permit cell phone users to opt-out of receiving unwanted commercial text messages and would include text messages in the scope of the federal Do-Not-Call Registry. At an FTC workshop in May on mobile marketing, major cell phone carriers highlighted mechanisms already in place that allow consumers to block any surreptitious or otherwise unwanted text messages. Unsolicited commercial messages already violate several laws, including CAN-SPAM and the Computer Fraud and Abuse Act, which bans any disruption of consumer networks. Since this legislation only deals with “commercial” text messages, it should have negligible impact on survey and opinion research.