Last year, a federal employee sued OPM in federal court to force the agency to cover her same sex spouse. OPM had declined the request based on the Defense of Marriage Act. The federal court which sits in San Francisco (which is not a crack because the Judge is a George W. Bush appointee) held that the Defense of Marriage Act is unconstitutional as applied to this case. The Court ordered OPM to grant the federal employee's request. Although the case has been appealed to the Ninth Circuit, no party sought to stay this order, and the Washington Post reported yesterday that OPM appropriately has complied with the order. The U.S. Court of Appeals for the First Circuit, which sits in Boston, will consider the same issue in arguments to be made before the entire court (rather than a three judge panel) on April 4.
The Federal Trade Commission did release its consumer privacy framework on Monday. "The final report calls on companies handling consumer data to implement recommendations for protecting privacy, including:
- Privacy by Design - companies should build in consumers' privacy protections at every stage in developing their products. These include reasonable security for consumer data, limited collection and retention of such data, and reasonable procedures to promote data accuracy;
- Simplified Choice for Businesses and Consumers - companies should give consumers the option to decide what information is shared about them, and with whom. This should include a Do-Not-Track mechanism that would provide a simple, easy way for consumers to control the tracking of their online activities.
- Greater Transparency - companies should disclose details about their collection and use of consumers' information, and provide consumers access to the data collected about them."
[The rule] combines four separate rulemakings: the changes to HIPAA's privacy and security rules mandated by the HITECH Act; the new enforcement requirements and higher penalty requirements; the final regulations of HITECH's breach notification rule; and changes to HIPAA to incorporate the Genetic Information Nondiscrimination Act (GINA). OCR also will release guidance to help entities implement the changes, including an updated business associate agreement.