You know how regulators in Europe and the US seem to be imposing stricter privacy regulations? Not so in Georgia. Whereas others are stepping forward into a more privacy-focused future, the US state just took a massive step backward.
The State's Supreme Court has ruled that its government doesn't have an inherent obligation to protect citizens' personal information. In doing so, it dismissed the claims of benefit claimant Thomas McConnell, whose information the Georgia Department of Labor exposed accidentally in 2013.
The Department had mishandled a spreadsheet containing the names, Social Security numbers, telephone numbers and email addresses of 4457 benefit claimants. An employee sent the information to 1000 people.
In spite of the error, the Supreme Court dismissed allegations of negligence, breach of fiduciary duty and invasion of privacy.
"McConnell has not shown that the Department owed him or the other proposed class members a duty to protect their information against negligent disclosure," the Court said in its ruling.
Breaches of fiduciary duty only apply when a public officer has benefited financially, the Court added.
It also dismissed the invasion of privacy claim. "Even if the information were of the kind that affected reputation, the complaint would still not state a claim here because the matters disclosed were not offensive and objectionable," it said.
In short, the Supreme Court's position was that definitions under existing law did not support the kinds of claims that McConnell made.
This could have legal ramifications for any company dealing with the Georgia State government, warned experts.
"This decision was taken without consideration of damage to the plaintiff citizens whose data was negligently distributed," explained law firm Womble Bond Dickinson in an alertlast week.
"Now, entities must be careful when contracting with Georgia governmental entities if sharing personal information," the law firm continued, warning them to consider drafting additional contractual protections with the government.
The topic of Governance, Risk and Compliance will be covered throughout the free-to-attend conference at Infosecurity Europe in London from 4-6 June. See all the talks on Governance, Risk and Compliance here. Infosecurity Europe is the leading European event for information and cyber security; find out more and secure your free visitor badge.
