3 major 2009 privacy trends to watch next year

As the result of a highly unscientific review of big developments on the privacy front in 2009, here are 3 major trends from the past year that we predict will continue to draw attention in 2010.

  1. Increasing likelihood of a federal law on disclosure of data breaches involving personal information. During 2009 there was significant movement on national data breach notification laws in the 111th Congress, including the Data Accountability and Trust Act in the House of Representatives, and two bills in the Senate voted out of the Judiciary Committee, including the Personal Data Privacy and Security Act. Versions of both of these bills were introduced in previous Congressional sessions, but none progressed as far as these have, making passage of a national data breach law in 2010 a feasible proposition. The enhanced privacy provisions in the HITECH Act may have provided a preview of how this sort of legislation will look, with personal health information breach disclosure rules having gone into effect.
  2. Continuing divergence of privacy protections in the U.S. versus the European Community. While domestic trends included strengthening of privacy protections in some important contexts such as health information, a series of developments abroad served to widen the existing divide between E.U. and U.S. privacy approaches. E.U. additions this year including designation of IP addresses as personally identifiable information, mandatory opt-in for the use of cookies, and stronger penalties in the U.K. for misuse of personal data in violation of Data Protection Action §55. European Community privacy protections have long been viewed as stronger than those in the U.S., due in large part to a fundamentally different philosophy focusing first on the privacy interests of individuals, and defaulting to rules favoring information protection rather than disclosure.
  3. Escalation of privacy concerns as the primary obstacle to achieving widespread information exchange. This issue is most notable in health care, but also surfaced e-commerce, consumer credit markets, and even national security contexts such as terrorism information, where information sharing imperatives may be sufficiently critical to warrant moving ahead without fully addressing security and privacy issues. A tangential trend is the increased awareness of personal privacy control through highly publicized events late in the year such as Facebook’s changes in privacy policy and practices and the Supreme Court’s decision to hear an appeal of a case involving expectations of privacy in the workplace.