My friend Sasha Romanosky, a research fellow at the Information Law Institute at NYU and the co-author of a great paper on data breach notification laws, is looking for your help with a research project:
I am involved in a research project that examines state laws affecting the flow of personal information. This information could relate to patients, employees, financial or retail customers, or even just individuals. By “flow” we mean laws that could restrict or permit the collection, use, storage, sale, sharing, disclosure, or even destruction of information.
For example, some state laws require that companies notify you when your personal information has been hacked, while other state laws require notice if the company plans to sell your information. In addition, laws in other states restrict the sale of personal health information; enable law enforcement to track cell phone usage without a warrant; or prohibit the collection of a customer’s zip code during a credit card purchase.
Given the huge variation among states in their information laws, we would like to ask readers of this Info/Law blog to help us collect examples of such laws. You are welcome to either post a response to this blog entry or reply to me directly: sromanos at cmu dot edu.