[1]Georgia Supreme Court Rules that State Has No Obligation to Protect
  Personal Information:

    Almost exactly one year after the stringent European General Data
    Protection Regulation came into effect (May 25, 2019), the Supreme
    Court of the [U.S.] state of Georgia has ruled (May 20, 2019) that
    the state government does not have an inherent obligation to protect
    citizens' personal information that it stores.

    The ruling relates to a case that dates back to 2013. A Georgia
    Department of Labor employee inadvertently emailed a spreadsheet
    containing the names, Social Security numbers, telephone numbers and
    email addresses of 4,457 people who had applied for benefit to about
    1,000 people.

    Thomas McConnell, whose details appeared on the spreadsheet, … had
    alleged negligence, breach of fiduciary duty, and invasion of
    privacy by public disclosure of private facts by the Department of
    Labor. Each of these claims has been rejected. The first to go was
    'negligence' - dismissed because there is no requirement in law to
    protect the data of benefit claimants. Furthermore, McConnell's
    claim that Georgia recognizes a "common law duty 'to all the world
    not to subject others to an unreasonable risk of harm'" (Bradley
    Center, Inc. v. Wessner; 1982) does not, according to this ruling,
    set a precedent.

    Furthermore, the existing identity theft statute does not explicitly
    require anything from data storer, while the statute restricting
    disclosure of social security numbers only applies to intentional
    disclosures and not accidental exposures as appeared here.

    The fiduciary duty claim was then dismissed because no public
    officer stood to gain from the incident, and there was no special
    relationship of confidence between McConnell and the Department.

    Finally, the allegation of an invasion of privacy was rejected. The
    Supreme Court ruled that "the matter disclosed included only the
    name, social security number, home telephone number, email address,
    and age of individuals who had sought services or benefits from the
    Department. This kind of information does not normally affect a
    person's reputation, which is the interest the tort of public
    disclosure of embarrassing private facts was meant to remedy."

  (Via [2]SecurityWeek RSS Feed)

  Georgia is setting a bad precedent. Municipalities and government
  agencies are being targeted for exactly this type of data. The idea
  that Georgia law only offers redress for actions of a malicious insider
  while providing for a "whoopsie" defense is absurd.
    __________________________________________________________________

  My original entry is here: [3]Georgia Supreme Court Rules that State
  Has No Obligation to Protect Personal Information. It posted Tue, 28
  May 2019 22:46:00 +0900.
  Filed under: business,

References

  1. http://feedproxy.google.com/~r/Securityweek/~3/GEarvB5i9a8/georgia-supreme-court-rules-state-has-no-obligation-protect-personal-information
  2. https://feeds.feedburner.com/securityweek
  3. https://www.prjorgensen.com/?p=2960

You are viewing proxied material from sdf.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.