Month: November 2017 Page 1 of 2

By: Nicole Gram,

The successful 2015 pilot of Callisto in the college setting has proved to be beneficial in encouraging sexual assault victims, who otherwise would have remained silent, to speak up.[1] This success is driving consideration of expanding the application of allegation escrows to employment and political settings.[2] Information escrows contain private information that is deposited with an escrow agent who will release the information only under predefined conditions.[3] Allegation escrows, such as Callisto, connect people who have reported similar problems with the same individual or group and enables them to file complaints together.[4] The escrow provides a mechanism to overcome the “first mover disadvantage” in which the first accuser faces the greatest risk of retaliation or skepticism.[5] It reduces the fear of potential retaliation from the accused harasser and reputational risk since multiple complainants eliminates the “he said, she said” situation.[6] The existence of similar reports of misconduct reinforces the confidence of the victim that their claims are unacceptable acts of harassment.[7]

There are several legal implications to be considered relative to the technology of allegation escrows. Specific to Callisto, the antidiscrimination regulations of Title IX that prohibit gender based discrimination has been interpreted to include sexual harassment. This may cause schools to be discouraged from an escrow that may not inform them until there are reports from multiple parties due to concern about satisfying their obligation to investigate and address harassment when they reasonably should know about the conduct.[8] However, the obligation of schools to investigate all complaints without guaranteeing confidentiality reinforces the value of the escrow in encouraging victims to deposit who might otherwise be reluctant to report by themselves.  In the workplace, Title VII requires employers to take an even more active role than schools in the prevention and investigation of sexual harassment.[9] While employers may be concerned about escrows because they don’t always notify the employer of every complaint, there are ways to leverage the escrow as an additional option toward providing adequate harassment reporting mechanisms.[10]

There are additional legal considerations in the relationships between the escrow agent, the depositor and the sponsoring institution or organization. To mitigate privacy and confidentiality concerns, contractual relationships between the escrow agent and the sponsoring organization should be extremely limited, and preferably nonexistent, to avoid employee rights to documents and to separate the sponsoring institution from the escrow reports in satisfying governing regulations.[11] Another area of concern is abuse of the escrows via fake and false reporting. Providing the escrow agent with rights to review the reports deposited to determine whether the content is sufficient and made in good faith by a valid member of the sponsoring organization is a preventative measure to address this.[12] However, the rights of the escrow agent must be administrative only to avoid any liability on their part.[13] Another measure to avoid abuse and protect privacy is to automatically forward matched deposits for investigation without providing flexibility for the matching depositors to collaborate or decide action.[14]

In light of recent media reports of rampant sexual harassment surrounding famous players in the motion picture industry and prominent politicians, there appears to be an opportunity for Callisto beyond the college setting. The manner in which the flood gates have been opened by initial accusers willing to risk retaliation and their reputation supports the value proposition of an allegation escrow. An ancillary benefit is the ability to leverage aggregate data without the specifics of unmatched reports to allow institutions to address systemic issues in particular departments, locations and organizations.[15] The legal issues of antidiscrimination regulations, privacy, liability and abuse via fake or false reporting present current challenges to be overcome via careful construction of contracts and relationships between the key stakeholders of allegation escrows.

 

[1] See Callisto, What We Do, Callisto: Tech to combat sexual assault (2017), https://www.projectcallisto.org/what-we-do.

[2] See id.

[3] See Ian Ayres & Cait Unkovic, Information Escrows, 111 Mich. L. Rev. 145, 150 (2012).

[4] See id at 147.

[5] See Laura Bassett, How A New Technology Could Help Find The Next Harvey Weinstein, Huff. Post (2017), https://www.huffingtonpost.com/entry/callisto-rape-reporting-app_us_59df86c7e4b0eb18af06d54e?section=us_technology.

[6] See Ayres, supra note 3 at 147.

[7] See id at 161.

[8] See id at 174.

[9] See id at 174 n. 87.

[10] See Ayres, supra note 3 at 176.

[11] See id. at 176-77.

[12] See id. at 178-79.

[13] See id. at 177-78.

[14] See Ayres, supra note 3 at 180.

[15] See id. at 183.

Image source: https://beggarsdaughter.com/.

By: Jenna Bouley,

Most people have at some point in their lives jaywalked regardless of the safety concerns with the practice. While jaywalking is still generally illegal, the rule is often not enforced.[1] As defined by Merriam-Webster, jaywalking is a verb meaning “to cross a street carelessly or in an illegal manner so as to be endangered by traffic.”[2] However, in practice it is more likely that people do not consider the safety concerns implicated by the definition, but simply see jaywalking as the easiest way to get from one point to another. Obviously, jaywalking presents safety concerns and can even result in death. The United States Department of Transportation provides that in 2015, 71% of all pedestrian fatalities were at non-intersection locations whereas at intersection locations fatalities were only at 19%.[3] In a report produced by the Governors Highway Safety Association in 2016 that percentage appeared to increase to 82% of pedestrian fatalities occurring outside of intersections.[4] The report also provided that around 6,000 pedestrian fatalities are estimated to have occurred in 2016, which would make 2016 the first year in more than two decades with more than 6,000 pedestrian deaths.[5] The cause of this surge may be an increase in distractions by both pedestrians and drivers having their eyes are down, staring at their phones.[6] Since, phones are unlikely to be going away anytime soon the answer may in fact lie in the use of more technology, self-driving cars.

A report recently released from the National Association of City Transportation Officials, a nonprofit representing cities on transportation issues, provides a blueprint of cities with self-driving cars that allow pedestrians to cross anywhere they want.[7] The concept being that the technology in self-driving cars will be able to identify when a person is trying to cross a street, and slowdown to allow the person to safely cross the street.[8] The report goes on to provide that  streets should be designed to allow maximum a speed on 20 to 25 mph.[9] As such the authors of the report provide that concept of jaywalking would become a thing of the past stating that: “the instinctive human act of walking straight to one’s destination, pejoratively known as “jaywalking,” becomes simply “walking”.”[10]

While cities often look to the National Association of City Transportation Officials for guidance on what policies to adopt it is unclear if they would be willing to adopt such a policy.[11] Cities must make decisions about what they want to prioritize and that includes deciding whether to place their resources in vehicles, pedestrians or other uses of streets.[12] However, the theoretical benefit of self-driving cars in this area is that there is considerable evidence that autonomous vehicles drive much more cautiously than the majority of human drivers and will be able to sense when a human is crossing in front of it.[13] Moreover, an autonomous vehicle would likely be programmed to respect the pedestrian’s right of way, regardless of whether a crosswalk is unmarked or marked.[14] These improvements will help ensure that pedestrians will remain safe regardless of whether they are jaywalking. While, self-driving cars are still a developing technology they could be the answer to providing a safer way of life for pedestrians.

 

[1] Matt McFarland, Self-driving Cars Could Make Jaywalking Legal, CNN Tech (Nov. 3, 2017), http://money.cnn.com/2017/11/03/technology/culture/autonomous-vehicles-jaywalking/index.html.

[2] Merriam-Webster.com, https://www.merriam-webster.com/dictionary/jaywalk (last visited Nov. 9, 2017).

[3] United State Department of Transportation: National Highway Traffic Safety Administration, Pedestrian Safety, https://www.nhtsa.gov/road-safety/pedestrian-safety (last visited Nov. 9, 2017).

[4] Government Highway Safety Association, Pedestrian Traffic Fatalities by State: 2016 Preliminary Data, http://www.ghsa.org/resources/spotlight-peds17 (last visited Nov. 9, 2017).

[5] Richard Retting & Sam Schwartz, Pedestrian Traffic Fatalities by State: 2016 Preliminary Data, Government Highway Safety Association, 4 http://www.ghsa.org/sites/default/files/2017-03/2017ped_FINAL_4.pdf (last visited Nov. 9, 2017).

[6] See David Schaper, Distraction, On Street And Sidewalk, Helps Cause Record Pedestrian Deaths, NPR (Mar. 30 2017), https://www.npr.org/2017/03/30/522085503/2016-saw-a-record-increase-in-pedestrian-deaths.

[7] See McFarland, supra note 1.

[8] Id.

[9] Janette Sadik-Khan et al., BlueprintfFor Autonomous Urbanism, National Association of City Transportation Officials, 12 (Nov. 9, 2017), https://nacto.org/wp-content/uploads/2017/11/BAU_Mod1_raster-sm.pdf last visited.

[10] Id. at 41.

[11] See McFarland, supra note 1.

[12] See id.

[13] Adam Millard-Ball, Pedestrians, Autonomous Vehicles, and Cities, J. of Planning Ed. & Research, 3 (Nov. 9, 2017), http://journals.sagepub.com/doi/pdf/10.1177/0739456X16675674.

[14] Id at 4.

Image Source: https://www.acsh.org/.

By: Mitch Torrence,

“Robber Baron” is a term that conjures up images of John D. Rockefeller, Andrew Carnegie, Henry Frick, and Cornelius Vanderbilt; men in dark, smoke filled rooms amassing their fortunes on the backs of monopolistic enterprises. The days of the Robber Barons are gone now. The heads of Silicon Valley, Mark Zuckerberg and Sheryl Sandberg, Jeff Bezos, Tim Cook, Larry Paige, and Sergey Brin don’t exactly fit the description or so it would seem. Rockefeller’s Standard Oil Company was broken up pursuant to the Sherman Anti-Trust Act when the Supreme Court handed down its decision in Standard Oil Company v. United States.[1] Today, Silicon Valley has assumed the mantle once occupied by the likes of Standard Oil, yet conversations about the potential of anti-trust laws to break up the Big Tech companies remain muted. The current state of anti-trust poses a serious problem, but it may be time to consider breaking up the Big Tech companies.

Perhaps the largest hurdle to clear when considering breaking up Big Tech is the state of anti-trust today. Gone are the days of the Standard Oil, American Tobacco, and AT&T breakups.[2] Since the 1980’s, anti-trust has been far less aggressive and less concerned with companies being oversized and depressing competition.[3] The primary driver of this is the rise in prominence of the Chicago School, which moved the focus of anti-trust from structuralism to price theory, focusing on whether or not consumers are paying inordinate prices as opposed to a company driving competition out of the market.[4] This poses an issue with Big Tech companies as many of the services they provide are ostensibly free. This has, as Hubbard notes, allowed the companies to largely fly under the radar but the reality is that the users pay with their data.[5] This line of thinking recently has been challenged more and more by people like Khan and Hubbard, but it remains dominant. It also bears mentioning that the line the Chicago School takes is at odds with the political origin of the Sherman Act.[6] There exists an additional messaging issue in that it’s fairly difficult to say to consumers “the convenience you enjoy from Amazon etc. and the low prices you enjoy, they don’t matter”. [7] Perhaps the most daunting task that remains is the fact that Tech Companies don’t necessarily resemble monopolies as they’re classically understood.[8] It is worth noting that while the iPhone is the most popular phone in America, it accounts for around only a third of phones sold.[9] Furthering this point, Amazon does not account for the majority of online sales, and its market share of American retail remains in the single digits.[10] It’s true that Facebook and Google constitute a duopoly in digital ads, but this is one of the few classic examples.[11] All of this paints a rather bleak picture for the prospect of breaking up the tech companies; at the very least it is an uphill battle. However, a legitimate case remains to be made and it begins with the outsized effect the Big Tech companies have in the economy.

In the first quarter of 2017 the world’s four most valuable companies were Apple, Alphabet, Microsoft, and Amazon; Facebook came in at number 8.[12] This in and of itself is not necessarily problematic; it is generally a good thing for American companies to occupy these slots. The problem arises when one considers how this value is being attained and the cost that comes along with it, most notably the lack of competition in the space. It isn’t a coincidence that the number of companies started in the United States is at a 40-year low.[13] The barrier to entry in these industries, despite what common wisdom would suggest, is high. Moreover, the structure of companies like Amazon or Alphabet that have their hands in every area creates a structural problem that may manifest itself as outsized leverage.[14] As Khan notes, Amazon is able to use its structural advantages to create anti-competitive environments.[15] This is a problem that anti-trust moving away from the Chicago School may be able to solve. Additionally, there are criticisms of the way these companies are developing that may be the province of anti-trust. There is a mythology associated with Big Tech that paints the companies as scrappy upstarts that stay on top of the market through innovation; the reality is murkier. Google, for example, did not develop Android, but rather acquired it.[16] Amazon has employed similar tactics.[17] The result being that these companies can wield their structural power and create anti-competitive environments that may necessitate anti-trust.[18]

The mythology surrounding Big Tech complicates the matter at hand; the reality is that the level of convenience Americans enjoy due to Amazon, Apple, Google, etc. is largely, and perhaps rightly, considered to be a net positive. However, this does not mean these companies can do no wrong nor does it mean that we ought to ignore the very real structural problems these companies are creating. It is not a forgone conclusion that breaking up Big Tech is necessary, and more to the point the current status of anti-trust doctrine in the U.S. would seem to preclude it. That being said, it may still be time to move fast and break up Big Tech.

 

[1] See generally, Standard Oil Co. v. U.S., 221 U.S. 1 (1911).

[2] Id.; see generally American Tobacco v. U.S., 221 U.S. 106 (1911).

[3] See Lina Khan, Amazon’s Antitrust Paradox, 126 Yale L.J. 710 (2017).

[4] Id.

[5] Sean Illing, Why “Fake News” Is an Antitrust Problem, VOX (Sept. 23, 2017), https://www.vox.com/technology/2017/9/22/16330008/facebook-google-amazon-monopoly-antitrust-regulation.

[6] Id.

[7] See Farhad Manjoo, Can Washington Stop Big Tech? Don’t Count on It, New York Times (Oct. 25, 2017), https://www.nytimes.com/2017/10/25/technology/regulating-tech-companies.html?_r=0,

[8] Id.

[9] Id.

[10] Id.

[11] Id.

[12] See Natasha Tiku, Digital Privacy is Making Antitrust Exciting Again, Wired (June 04, 2017), https://www.wired.com/2017/06/ntitrust-watchdogs-eye-big-techs-monopoly-data/.

[13] Id.

[14] See Khan, supra note 3.

[15] Id.

[16] See Tiku, supra note 12.

[17] See Khan, supra note 14.

[18]  Id.

Image Source: https://latourades.wordpress.com/2014/01/page/2/.

By: Nicole Allaband,

Courts in general have been slow to adopt technological changes. However, the Supreme Court of the United States has finally taken the plunge and will launch an electronic filing system on November 13, 2017.[1] Chief Justice John G. Roberts, Jr. promised to bring the Supreme Court into the 21st century and implement an electronic filing system back in 2014.[2] It took three years for the new system, developed in-house, to become available but the time has finally arrived.[3]

The federal courts implemented electronic filing in 2001, with bankruptcy courts joining first.[4] The Case Management/Electronic Case Files (CM/ECF) program allows more than 700,000 nationwide to file court documents electronically. Additionally, the public has access to virtually all the documents filed through the website Public Access to Court Electronic Records (PACER).[5] PACER does charge fees for searching, accessing, and printing.[6] The fees are set by the Judicial Conference and are currently $0.10 a page.[7] The new Supreme Court system will make all unsealed documents available to the public for free.[8] The free and quick access to electronic filings will benefit practicing lawyers as well as researchers.

Electronic filing in the federal courts has provided many benefits, including allowing attorneys to file documents from their home or office all day, every day.[9] Initially, the Supreme Court system will require litigants represented by attorneys to file both electronically and in paper.[10] The Supreme Court will likely maintain the dual filing for some time until the Court is sure the system works and is not vulnerable. After review, the filings will be publicly available. Attorneys can file electronically at no extra cost than the regular filing fees.[11] Pro se litigants must still file in paper form and the documents will subsequently be scanned and uploaded to the system.[12]

The CM/ECF system employs a two-step security process.[13] A program verifies each PDF document as it is uploaded.[14] Another program runs periodically to verify that the documents have not been changed since they were uploaded.[15]

To file electronically for the Supreme Court, attorneys must first register with the new system, which can take 1-2 days to process.[16] Only attorneys admitted to the Supreme Court Bar and those attorneys appointed for a specific case are able to register.[17]

The launch of the Supreme Court’s new electronic filing system has many potential benefits for practicing lawyers, as well as researchers. But there are also security concerns.[18] In the age of cyberattacks, ransomware, and hacking, courts are especially cautious because they deal with sensitive information on a daily basis.[19] Courts and the electronic filing systems have been targeted in the past.[20]

The Supreme Court developed its online filing system in-house over the last three years. Developers undoubtedly considered and developed security mechanisms to prevent hacking to steal sensitive information and cyber-attacks that could shut the system down. Technological advances are coming in an increasingly fast pace. Malicious hackers also move at a fast place, finding vulnerabilities in systems faster than “white hat” hackers can plug the holes.[21]

 

[1] See Electronic Filing, The Supreme Court of the United States, https://www.supremecourt.gov/electronicfiling/ (last visited November 7, 2017).

[2] See Brian Fung, The Supreme Court is about to become more transparent, thanks to technology, Wash. Post (August 3, 2017), https://www.washingtonpost.com/news/the-switch/wp/2017/08/03/the-supreme-court-has-finally-embraced-the-21st-century/?utm_term=.bac09c44ccf3.

[3] See Electronic Filing, The Supreme Court of the United States.

[4] See FAQs: Case Management/Electronic Case Files (CM/ECF), United States Courts, http://www.uscourts.gov/courtrecords/electronic-filing-cmecf/faqs-case-management-electronic-case-files-cmecf#faq-What-is-CM/ECF? (last visited November 7, 2017).

[5] See id.

[6] See Electronic Public Access Fee Schedule, PACER: Public Access to Court Electronic Records, https://www.pacer.gov/documents/epa_feesched.pdf (last visited November 7, 2019).

[7] See id.

[8] See Melissa Heelan Stanzione, Supreme Court Electronic Filing Opens Nov. 13, Criminal Law Reporter, BNA Law Reports,  https://www.bloomberglaw.com/document/XFOUD4HS000000?emc=bnacrl%3A12&jcsearch=bna%25200000015f8215d6fdafffc6f5f0b20000#jcite

[9] See FAQs: Case Management/Electronic Case Files (CM/ECF)

[10] See Electronic Filing, The Supreme Court of the United States.

[11] See FAQs: Case Management/Electronic Case Files (CM/ECF)

[12] See Electronic Filing, The Supreme Court of the United States.

[13] See FAQs: Case Management/Electronic Case Files (CM/ECF

[14] See id.

[15] See id.

[16] See Stanzione, Supreme Court Electronic Filing Opens Nov. 13.

[17] See id.

[18] See David Murphy, U.S. Supreme Court to Deploy New Electronic Filing System Around 2016, PCMag (January 1, 2015), https://www.pcmag.com/article2/0,2817,2474456,00.asp.

[19] See, e.g.,Richard Milne, Maersk cuts profit guidance in wake of cyber attack, Financial Times (November 7, 2017) https://www.ft.com/content/711be9fa-c396-11e7-a1d2-6786f39ef675; Judy Greenwald, Ransomeware risks go mainstream, Business insurance (November 6, 2017), http://www.businessinsurance.com/article/20171106/NEWS06/912317025/Ransomware-risks-go-mainstream; Jake Bernstein, The Paradise Papers Hacking and the Consequences of Privacy, New York Times (November 7, 2017) https://www.nytimes.com/2017/11/07/opinion/paradise-papers-hacking-privacy.html?_r=0.

[20] See U.S. court system targeted in cyber attack: report, Reuters (January 24, 2014), https://www.reuters.com/article/us-usa-courts-hack/u-s-court-system-targeted-in-cyber-attack-report-idUSBREA0O03W20140125

[21] See obert Siciliano, How Hacking Has Evolved with Technological Advances, Balance (August 28, 2017), https://www.thebalance.com/how-has-hacking-evolved-with-technological-advances-1947546.

Image Source: https://www.tradesecretslaw.com/.

By: Spencer Allen,

More than four-billion data records were stolen worldwide in 2016.[1] In 2014 alone, nearly half (47%) of U.S. adults had their personal information stolen.[2] Though it is the big hacks that make the news- Yahoo (3 billion), Equifax (143 million), Verizon (6 million)—small and local businesses are no less vulnerable to data breach, and need to be ready to respond quickly when a breach happens.[3]

Virginia law requires businesses to notify affected parties in certain situations where personal data is compromised.[4] Failure to give proper notice can be expensive—up to $150,000 per breach.[5] This article is intended to help Virginia businesses comply with mandatory notification procedures following a data breach.

I. What sorts of breaches require giving notice?

Virginia Code § 18.2-186.6 requires that companies give notice when each of five criteria are met: 1) unencrypted or unredacted; 2) personal information; 3) is accessed or acquired by an unauthorized person (or reasonably believed to have been accessed or acquired by an unauthorized person); 4) which causes identity theft or another fraud (or is reasonably believed to have caused or cause in the future identity theft or another fraud); 5) to any resident of Virginia.[6] Each of the five criteria must be analyzed to determine whether notice is required.[7]

1. “Unencrypted or unredacted”

“Encrypted” data is data that has been “scrambled” by an algorithmic process.[8] Though the precise way in which data is encrypted depends on the kind of data and the way in which the data is stored and sent, the basic idea is that an algorithm makes the data unreadable without a specific key (or series of keys).[9]

For example, imagine that we apply an algorithm that subtracts one from each number. If we apply the algorithm to an unencrypted number—4765—we arrive at an encrypted number of 3654. In this example we have no way of knowing that the unencrypted number is 4765 unless we have the key—that is, unless we know the algorithm. Without knowing the algorithm, the unencrypted number could be anything, and there is a low probability that we could figure it out by chance.

“Redacted” data is data for which identifying information or confidential information has been removed, and is thus not tied to a particular person or entity.[10] For example, imagine you come across a detailed medical record with no name attached. That data is considered “redacted” because without the identifying information the data is useless for anyone who would seek to exploit it. The data merely shows that someone, somewhere in the world has that medical history.

Basically, this first criteria for data that triggers mandatory notification is that it must be useable. The person who steals or otherwise acquires the data must be able to actually read what it says, and pair the data to particular persons or entities. If compromised data remains encrypted or is redacted, notification is not required by VA § 18.2-186.6.

2. “Personal information”

Though “personal information” may cover a lot of things, it is specifically defined in the statute.[11] To qualify as “personal information,” data must include:[12]

1. The first name or first initial
2. The last name
3. In combination with or linked to any of the following:
   • More than five digits of a social security number
   • More than the last 4 digits of a driver’s license number or state identification card number
   • More than the last four digits of a financial account number or credit card or debit card number in combination with any required security code, access code, or password that would permit access to the person’s financial accounts.

If the data that is stolen or compromised does not contain all three of the above, notice is not mandatory.[13]

3. Accessed or acquired by an unauthorized person (or reasonably believed to have been accessed or acquired by an unauthorized person)

Importantly, the statute does not require the data to have actually been stolen.[14] A company must comply with mandatory notice even if the company only has a reasonable belief that the data has been accessed or acquired by an unauthorized person.[15] “Reasonable belief” is subject to the court’s discretion.[16] The issue of reasonable belief as it relates to this statute has never been brought to trial, and thus it is better to err on the side of caution whenever a data breach is suspected.[17]

4. “Which causes identity theft or another fraud (or the individual or entity reasonable believes has caused or will cause identity theft or another fraud)

This part of the statute holds that mandatory notice is only triggered when an unauthorized person who receives personal data intends to misuse the data or actually misuses the data.[18] Just like the access requirement, actual identity theft or fraud does not have to occur to trigger mandatory notice, all that is required is a reasonable belief that identity theft or fraud has or will occur.[19] This allows effected parties to be notified as soon as possible—and hopefully before damage has been done. Again, as with access, if personal data is stolen it is best to err on the side of caution and assume that the data will be used for identity theft or fraud. Virginia crimes involving fraud are codified in Chapter 6 of Title 18.2 of the Code of Virginia.[20]

This part of the statute is important because it creates a carve-out so that accidental “good faith” breaches do not trigger mandatory notification.[21] For example, imagine that a business owner’s mother-in-law, while snooping on her computer, opens a file called “business records.” The file contains all of the transaction information from the business, including credit card numbers and personal information of customers. Without criteria four, this would trigger mandatory notification because 1) unencrypted; 2) personal information; was 3) accessed by an unauthorized person.[22] However, because the business owner (hopefully) can trust that her mother-in-law will not use the information to commit fraud, this sort of breach does not trigger mandatory notification. The breach neither caused identity theft or fraud, nor would a person reasonably suspect that identity theft had or would happen.

5. “To any resident of Virginia”

Importantly, mandatory notice does not apply to persons or entities who are not residents of Virginia.[23] However, forty-eight states have mandatory disclosure statutes similar to the one in Virginia (all but Alabama and South Dakota).[24] If personal data concerning a resident of a state other than Virginia has been compromised, it is important to check the laws of that state to determine whether notice is required. For a complete list of similar state statutes, refer to appendix.

II. What happens if no notice is given?

If a company fails to give notice when it is required, the Attorney General may bring an action against it for up to $150,000 per breach. [25]

It is also possible that an individual could sue a company for damages arising out of a failure to give notice of theft of personal information.[26] This remains an unresolved legal question.[27]

III. To Whom Must Notice be Given, When, and What Must it Include?

If a data breach has occurred and it satisfies the above criteria, notice must be given “without unreasonable delay” following the discovery of the breach.[28] If the data is owned or licensed by the company where the breach occurred, notice must be given to 1) the Attorney General of Virginia; and 2) any resident of Virginia affected by the breach.[29]

Notice may be delayed if, after notifying a law enforcement agency, that agency determines that notification would impede a criminal or civil investigation, or homeland or national security.[30]

If the company where the breach occurred does not own or license the data that was compromised, that company must notify the owner or licensee of the data “without unreasonable delay” following discovery of the breach.[31]

1. Notice to the Attorney General

Notice to the Attorney General of Virginia must include:[32]

1. A cover letter on official letterhead notifying the VA Attorney General of the breach
2. Approximate date of the incident and how the incident was discovered
3. The cause of the breach
4. The number of Virginia residents affected by the breach
5. The steps taken to remedy the breach; and
6. A sample of the notification made to the affected parties, to include any possible offers of free credit monitoring.

Notice to the Attorney General may be addressed to:[33]

Computer Crime Section

Virginia Attorney General’s Office

202 North 9th Street

Richmond, Virginia 23219

2. Notice to affected persons

            Notice to affected persons must include:[34]

1. A description of the incident in general terms
2. The type of personal information that was accessed by the unauthorized person
3. A description of what the company has done to prevent further unauthorized access
4. A telephone number that the person may call for further information and assistance, if one exists; and
5. Advice that directs the person to remain vigilant by reviewing account statements and monitoring free credit reports.

Notice to affected persons may be: 1) written to the last known postal address of the person in the records of the company where the breach occurred; 2) telephone notice; or 3) Electronic notice.[35]

If the cost of providing notice exceeds $50,000, or the number of Virginia residents to be notified is more than 100,000, or the company where the breach occurred does not have adequate contact information or consent to use the contact information, substitute notice can be used.[36] Substitute notice includes:[37]

1. E-mail notice
2. Conspicuous posting of the notice on the company website of the individual or the company
3. Notice to major statewide media

 

APPENDIX: A List of State Notice Statutes

http://www.ncsl.org/research/telecommunications-and-information-technology/security-breach-notification-laws.aspx

Alaska	Alaska Stat. § 45.48.010 et seq.
Arizona	Ariz. Rev. Stat. § 18-545
Arkansas	Ark. Code §§ 4-110-101 et seq.
California	Cal. Civ. Code §§ 1798.29, 1798.82
Colorado	Colo. Rev. Stat. § 6-1-716
Connecticut	Conn. Gen Stat. §§ 36a-701b, 4e-70
Delaware	Del. Code tit. 6, § 12B-101 et seq.
Florida	Fla. Stat. §§ 501.171, 282.0041, 282.318(2)(i)
Georgia	Ga. Code §§ 10-1-910, -911, -912; § 46-5-214
Hawaii	Haw. Rev. Stat. § 487N-1 et seq.
Idaho	Idaho Stat. §§ 28-51-104 to -107
Illinois	815 ILCS §§ 530/1 to 530/25
Indiana	Ind. Code §§ 4-1-11 et seq., 24-4.9 et seq.
Iowa	Iowa Code §§ 715C.1, 715C.2
Kansas	Kan. Stat. § 50-7a01 et seq.
Kentucky	KRS § 365.732, KRS §§ 61.931 to 61.934
Louisiana	La. Rev. Stat. §§ 51:3071 et seq.
Maine	Me. Rev. Stat. tit. 10 § 1346 et seq.
Maryland	Md. Code Com. Law §§ 14-3501 et seq., Md. State Govt. Code §§ 10-1301 to -1308
Massachusetts	Mass. Gen. Laws § 93H-1 et seq.
Michigan	Mich. Comp. Laws §§ 445.63, 445.72
Minnesota	Minn. Stat. §§ 325E.61, 325E.64
Mississippi	Miss. Code § 75-24-29
Missouri	Mo. Rev. Stat. § 407.1500
Montana	Mont. Code §§ 2-6-1501 to -1503, 30-14-1701 et seq., 33-19-321
Nebraska	Neb. Rev. Stat. §§ 87-801 et seq.
Nevada	Nev. Rev. Stat. §§  603A.010 et seq., 242.183
New Hampshire	N.H. Rev. Stat. §§ 359-C:19 et seq.
New Jersey	N.J. Stat. § 56:8-161 et seq.
New Mexico	2017 H.B. 15, Chap. 36 (effective 6/16/2017)
New York	N.Y. Gen. Bus. Law § 899-AA, N.Y. State Tech. Law 208
North Carolina	N.C. Gen. Stat §§ 75-61, 75-65
North Dakota	N.D. Cent. Code §§ 51-30-01 et seq.
Ohio	Ohio Rev. Code §§ 1347.12, 1349.19, 1349.191, 1349.192
Oklahoma	Okla. Stat. §§ 74-3113.1, 24-161 to -166
Oregon	Oregon Rev. Stat. §§ 646A.600 to .628
Pennsylvania	73 Pa. Stat. §§ 2301 et seq.
Rhode Island	R.I. Gen. Laws §§ 11-49.3-1 et seq.
South Carolina	S.C. Code § 39-1-90
Tennessee	Tenn. Code §§  47-18-2107; 8-4-119
Texas	Tex. Bus. & Com. Code §§ 521.002, 521.053
Utah	Utah Code §§ 13-44-101 et seq.
Vermont	Vt. Stat. tit. 9 §§ 2430, 2435
Virginia	Va. Code §§ 18.2-186.6, 32.1-127.1:05
Washington	Wash. Rev. Code §§ 19.255.010, 42.56.590
West Virginia	W.V. Code §§ 46A-2A-101 et seq.
Wisconsin	Wis. Stat. § 134.98
Wyoming	Wyo. Stat. §§ 40-12-501 et seq.
District of Columbia	D.C. Code §§ 28- 3851 et seq.
Guam	9 GCA §§ 48-10 et seq.
Puerto Rico	10 Laws of Puerto Rico §§ 4051 et seq.
Virgin Islands	V.I. Code tit. 14, §§ 2208, 2209

 

[1] Herb Weisbaum, More Than 4 Billion Data Records Were Stolen Globally in 2016, NBC (Oct. 31, 2017, 10:43 AM), https://www.nbcnews.com/storyline/hacking-in-america/more-4-billion-data-records-were-stolen-globally-2016-n714066.

[2] Jose Pagliery, Half of American Adults Hacked This Year, CNN tech, (Oct. 31, 2017, 10:47 AM), http://money.cnn.com/2014/05/28/technology/security/hack-data-breach/index.html.

[3] Matt Burgess, That Yahoo Data Breach Actually Hit Three Billion Accounts, Wired (Oct. 31, 2017, 10:51 AM), http://www.wired.co.uk/article/hacks-data-breaches-2017; Chris Morris, 14 Million US Businesses Are at Risk of a Hacker Threat, CNBC (Oct. 31, 2017, 10:53 AM), https://www.cnbc.com/2017/07/25/14-million-us-businesses-are-at-risk-of-a-hacker-threat.html.

[4] Va Code Ann. § 18.2-186.6 (2017).

[5] § 18.2-186.6 (I)

[6] § 18.2-186.6 (B).

[7] Id.

[8] Lee Bell, Encryption Explained: How Apps and Sites Keep Your Private Data Safe (and Why That’s Important), Wired, (Oct. 31, 2017, 11:18 AM), http://www.wired.co.uk/article/encryption-software-app-private-data-safe

[9] Id.

[10] Rick Borstein, Redaction in a Digital World, Law Practice Today (Oct. 31, 2017, 11:39 AM), https://www.americanbar.org/publications/law_practice_today_home/law_practice_today_archive/july11/redaction_in_a_digital_world.html.

[11] § 18.2-186.6 (A).

[12] Id.

[13] Id.

[14] § 18.2-186.6 (B)

[15] Id.

[16] Id.

[17] The only record of § 18.2-186.6 being brought before a court is in regards to a private suit. The case was dismissed for lack of standing. Corona v. Sony Pictures Entm’t, Inc., 2015 U.S. Dist. LEXIS 85865 (C.D. Cal. 2015).

[18] § 18.2-186.6 (B).

[19] § 18.2-186.6 (B).

[20] Va Code Ann. § 18.2-168-246.15 (2017).

[21] § 18.2-186.6 (B).

[22] Id.

[23] § 18.2-186.6 (B).

[24] Refer to Appendix.

[25] § 18.2-186.6 (I).

[26] Id.

[27] Supra note 17.

[28] § 18.2-186.6 (B).

[29] Id.

[30] Id.

[31] Id.

[32] Office of the Attorney General of Virginia, Database Breach Notification Requirements Updated July 1, 2017 (2017), https://www.oag.state.va.us/CCSWEB2/files/Data_Breach_Notification_Req.pdf.

[33] Id.

[34] § 18.2-186.6 (A).

[35] Id.

[36] Id.

[37] Id.

Image Source: https://www.wsj.com/articles/should-the-u-s-require-companies-to-report-breaches-1506254402.

By: Rachel Weinberg-Rue,

Suicide has become the second leading cause of death among young adults aged 10-24 in the United States today.^[1] Over the past 30 years, suicide rates in the country have continued to rise.^[2] More young people die from suicide than from cancer, heart disease, AIDS, birth defects, stroke, pneumonia, influenza, and chronic lung disease combined.^[3] Society is well aware of the problem. There are many factors and behaviors that healthcare providers and loved ones can trained to pick up on. According to the statistics, four out of five teenagers who attempt suicide provide warning signs.^[4] However, the attempts happen anyway, which strongly indicates that the warning signs come far too late if they come at all. The reality of the matter is that suicide is not easy to diagnose^[5]. If it was, it would not be the crisis that it is today.

Developments have been made within federal law to address these concerns. Since the Call to Action to Prevent Suicide (1999), a national conference on suicide prevention, the government has been actively involved in creating national strategies of suicide prevention.^[6] Laws like the Garrett Lee Smith Memorial Act, which aimed to reduce^[7] suicide prevention among young adults and was signed into law in 2004, have been passed.^[8] The government has funded many research projects, and many suicide prevention programs have been proposed. However, the government’s efforts have clearly been unsuccessful given the climbing suicide rates.

Luckily, new scientific research suggests that it may be possible to detect suicidal tendencies in individuals with the use of brain scans and artificial intelligence.^[9] Researchers at Carnegie Mellon and the University of Pittsburgh analyzed how suicidal individuals think and feel differently about concepts like life and death by looking at how their brains reacted using fMRI data.^[10] They then programmed machines with learning algorithms to be able to detect frontal lobe flares at the mention of those concepts.^[11] 90 percent of the time, the computations enabled the machines to accurately and successfully pick out suicidal ideators.^[12] The machines were actually able to distinguish between people who had actually attempted self harm from those who only thought about it.^[13] Researchers hope to further develop these algorithms to search for clues that would indicate suicide-linked brain patterns before self-harm even occurs.^[14]

The downside of using fMRI imaging to detect suicidal ideators is the expensive costs involved, which is why other researchers have suggested that similar algorithms can be used to analyze medical records, social media, and data that is more accessible and available than brain scans.^[15] Researchers at Florida State and Vanderbilt have seen an 85 percent success rate using such algorithms.^[16]

The government has a legitimate interest in preventing suicide in our country and has been been increasingly involved in suicide prevention efforts, but more must be done.  The development of suicide-prevention algorithms could play a major role in structuring the legal approach to suicide prevention. Hopefully, in the future, we will see laws that utilize the data gathered by algorithms like these and provide viable strategies that can be implemented in our communities.

 

^[1] Youth Suicide Statistics, Tʜᴇ Jᴀsᴏɴ Fᴏᴜɴᴅᴀᴛɪᴏɴ, http://prp.jasonfoundation.com/facts/youth-suicide-statistics (last visited Nov. 2, 2017).

^[2] Megan Molteni, Controversial Brain Imaging Uses AI to Take Aim at Suicide Prevention, Wɪʀᴇᴅ (Oct. 30, 2017, 12:00 PM), https://www.wired.com/story/fmri-ai-suicide-ideation.

^[3] Supra note 1.

^[4] Id. 

^[5] Molteni, supra note 2.

^[6] Vivian Le, Note, Fighting Against the Silent Epidemic: An Imperative for a Federal Suicide Prevention Act Narrowing the Lens on Mental Health, 25 S. Cᴀʟ. Rᴇᴠ. L. & Sᴏᴄɪᴀʟ Jᴜsᴛɪᴄᴇ 87, 99 (2015).

^[7] Id. at 110.

^[8] Id. at 101–02.

^[9] Molteni, supra note 2.

^[10] Id. 

^[11] Id.

^[12] Id. 

^[13] Molenti, supra note 2. 

^[14] See Id.

^[15] Id.

^[16] Id.

Image source: https://timedotcom.files.wordpress.com/2014/12/brain-scan-fmri-mri.jpg?quality=85.

By: Helen Vu,

As 3D printing technology continues to develop, the possibilities for its potential uses increases exponentially. Medical devices such as prosthetics, implants, and casts can now be produced at much lower prices than they would be otherwise.[1] A company named KoreLogic used 3D printing to build the interior and exterior of an entire car, decreasing the vehicle’s weight and lowering costs.[2] Through the process of additive manufacturing, which involves the layering of materials to create a fully formed object, owners of 3D printers can produce items they would normally only be able to obtain from a manufacturing company.[3] While this technology can cut costs and increase efficiency for consumers, manufacturers must address the effect of 3D printing on their bottom lines. Every person that has the capability to print a product at home is a lost customer who would have otherwise purchased the item from the manufacturer.[4] Patent rights have normally prevented people from copying processes and products that belong to others.[5] However, as with other technological advancements, the law has yet to catch up to new developments in the area, and the legal world has not found a way to apply intellectual property law neatly to 3D printing.

While industrial 3D printers can cost up to $500,000,[6] at-home consumers can purchase desktop models for as little as $400.[7] These printers cannot produce objects as sophisticated as their more expensive counterparts but as manufacturers of 3D printers continue to improve their products, it will not be long before cheaper printers can create more than crude forms.[8] This presents an issue for the many patent-owners who have exclusive rights to many products that can be reproduced using 3D printing technology.[9] Although they certainly do not want others to produce items that they have an exclusive right to, the growing availability of 3D printers make it difficult to protect against all patent infringement involving additive manufacturing. Those who use extremely large-scale 3D printing in an industrial context may be easier to monitor but it would be extremely difficult, if not impossible, to identify every at-home user who commits patent infringement using widely available pieces of equipment such as computers and 3D printers.

Intellectual property lawyers have suggested various solutions to the problem of improper reproduction of patented objects, each with their own advantages and pitfalls. Because bringing legal action against every individual who infringes a patent through the use of a 3D printer would be impractical for the above-named reason, it seems more logical to go after those broader entities that facilitate the infringement.[10] In order to print an object, the user must have a Computer-Aided Design (CAD) file that instructs the 3D printer on how to create the form.[11] It has been suggested that those who create CAD files for products covered by patent protection and producers of software that help share those files should be held responsible for inducement of patent infringement. However, it is unclear how patent protection could cover CAD files, since they are digital blueprints of a patentable object rather than the objects themselves.[12]

Retaining intellectual property rights and protecting against infringement becomes increasingly harder in a time when technology purposefully makes it easier for individuals to directly obtain objects, information, and ideas. However, as impossible as it may seem to come to a solution that appeases all parties and covers all bases, regulations will inevitably develop to catch up to the technology due to the high interest that the manufacturing industry has in retaining exclusivity over their patented products. A decade ago, the improper distribution of copyrighted films and music albums using file-sharing software such as Grokster was the bane of the entertainment industry’s existence.[13] While illegal file sharing still exists today, the industry managed to significantly reduce the improper distribution of their copyrighted materials by taking the developers of that software to court and successfully shutting them down.[14] In the process, entertainment corporations were jolted into focusing more on digital products and less on the market for hard copies of albums and films.[15] Similarly, while the development of 3D printing technology may present difficult patent protection issues for manufacturers, it may also present opportunities to capitalize on a new market.[16] As technology grows in unimaginable ways, the industry that has the most at stake will find a method of managing their patent rights.

 

[1] See The Ultimate List of What We Can 3D Print in Medicine and Healthcare!, The Medical Futurist, http://medicalfuturist.com/3d-printing-in-medicine-and-healthcare/.

[2] See P. Andrew Riley & Elizabeth D. Ferrill & Benjamin T. Sirolly, Catch Me If You Can: Auto Parts in the Era of 3D Printing, Law 360 (2014).

[3] The Medical Futurist, supra note 1.

[4] See Timothy Holbrook, How 3-D Printing Threatens Our Patent System, Scientific American (Jan. 6, 2016), https://www.scientificamerican.com/article/how-3-d-printing-threatens-our-patent-system1/.

[5] See id.

[6] See Sara Angeles, The Best Industrial 3D Printers, https://www.business.com/categories/best-industrial-3d-printers/ (Oct. 31, 2017).

[7] See Tony Hoffman, The Best 3D Printers of 2017 (Jan. 18, 2017), https://www.pcmag.com/article2/0,2817,2470038,00.asp.

[8] See Tabrez Y. Ebrahim. 3D Printing: Digital Infringement & Digital Regulation, 14 Nw. J. Tech. & Intell. Prop. 37 at 41 (2016).

[9] See id.

[10] Holbrook, supra note 4.

[11] See What is 3D Printing?, https://www.stratasysdirect.com/resources/what-is-3d-printing/ (Oct. 31, 2017).

[12] Ebrahim, supra note 8.

[13] See Jeff Leeds, Grokster Calls It Quits on Sharing Music Files, N.Y. Times (Nov. 8, 2005).

[14] See id.

[15] See id.

[16] Riley, supra note 2.

Image Source: https://www.mcgilldaily.com/2014/02/3d-printing-a-disruptive-technology/.

By: James Williams,

Designers have used a variety of tools throughout the years, and various platforms have been marketed for them. Designers already are involved in a variety of intellectual property such as design patents, copyright, and trademark. There has been a mix of designers who work collectively or work individually.[1]  If the designer is working on commission, then usually they are not entitled to the rights of the work unless the work doesn’t fit under the statute or if the contract assigns the copyright to someone else.[2]  Seeing how there are already many ways for designers or artists in general to get involved with intellectual property, it will be interesting to see how technology makes access to intellectual property claims more or less accessible.

Adobe is well known for its program Photoshop, and it is still highly popular to this date for designers.[3]  Some recent additions into the market have been Sketch and Figma. Sketch is a program that is supposed to be marketed as a simpler and more accessible version of Photoshop with its own additions.[4]  Sketch “helps designers make digital products as a group, letting multiple people collaborate in real time as they draw, drag, and edit elements on the screen.”[5]  However, with the new “cutting-edge” technology attempting to unseat Adobe, which is more established, the presence of bugs makes the effort even more challenging.[6]

Figma has made a large move into collaborative efforts for designers.[7]  It has two new notable features: code mode and prototype mode.[8]  Code mode allows designers to directly alter the code.[9]  Prototype mode allows designers to create, edit, and share prototype designs.[10] With the program’s trackable contribution features, the individual authorship contributions could be more easily traceable. Authorship traceability is incredibly important when it comes to copyright ownership as will be discussed below. The collaborative contribution features in Figma are similar to how Google Docs allows people to contribute to documents in real time.[11]

As designers in general work for hire or for commission-based projects, this could even be a move in the direction of collaborating with clients in a more direct sense. With the Internet’s accessibility, collaboration is even easier. There is a growing trend suggesting that joint authorship and collaboration will be more common in science fields which utilize intellectual property claims heavily.[12]  It’s possible that this trend will also become more noticeable in the art field[13], given the right circumstances.

For artists that work in collective groups and intend on joint authorship as a goal, this could be the way for tracking who has been making what types of changes. If there is a contest over whether one person was the true author, assuming one person contests joint authorship, then this could be an excellent program for evidentiary purposes, in theory.

The requirements for joint authors in copyright include: each author must have made a substantial and valuable contribution to the work; each author must have intended that his/her contribution be merged into inseparable or interdependent parts of a unitary whole; and each author must have contributed material to the joint work which could have been independently copyrighted.[14]

Thinking back to Figma, if admitted properly as evidence, the logs that track each members work could serve as basis for claims of independent or joint authorship. Yes, there may be questions of whether the work being done by the various designers and coders involves the work sufficient to satisfy the claim, but with technology that maintains tracking of each contributor’s parts, it may be easier to prove whether sufficient joint authorship existed. There may not be an exact trend of people who seek joint authorship just because the technology makes it easier. Only time will tell whether it will become preferred or more common, but accessibility will be less of a burden for designers with Figma and other programs.

 

[1] See David Galenson & Clayne Pope, Collaboration in Science and Art, The Huffington Post (Jul. 23, 2012, 4:26 PM) (updated Sep. 22, 2012), https://www.huffingtonpost.com/david-galenson/collaboration-in-science-_b_1687024.html.

[2] 17 U.S.C. § 101 (considering that most work designers do would not fall within the statutory provisions under the second part of work-made-for-hire, the only way for designers to lose copyright, aside from transfer of copyright, would be if the work was considered as part of their employment and there were agency elements involved).

[3] See Robbie Gonzalez, Figma Wants Designers to Collaborate Google-Docs Style, Wired (Sep. 25, 2017, 12:07 PM), https://www.wired.com/story/figma-updates/.

[4] Id.

[5] Id.

[6] WebdesignerDepot Staff, Infographic: Sketch Vs Photoshop, Webdesigner Depot (Mar. 20, 2015), https://www.webdesignerdepot.com/2015/03/infographic-sketch-vs-photoshop/.

[7] See Gonzalez, supra note 3.

[8] Id.

[9] Id.

[10] Id.

[11] George Easton, Google Docs Has Full ‘Track Changes’ Word Integration, (Dec. 4, 2014, 10:30 AM), https://www.viwoinc.com/google-docs-has-full-track-changes-word-integration/.

[12] See Galenson, supra note 1.

[13] See id.

[14] See 17 U.S.C. § 101, supra note 2.

Image Source: http://sketchhunt.com/2016/09/10/sketch-vs-adobe-xd-vs-figma-_taylorpalmer/.

By: Lilias Gordon,

The movie Gattaca came out in 1997, starring Jude Law, Ethan Hawke, and Uma Thurman. Based in the “not-to-distant-future,” employment discrimination is no longer about race, sex, or any other protected class. Rather, a person’s genetic code is the only determining factor for school admissions and employment options. Discrimination is now a science.^[1]

Fear of genetic discrimination was not limited to science fiction, becoming a public concern in the late 90’s and early 2000’s. In the early 2000’s, the Human Genome Project finished sequencing the human genome. Media, scientists, and legislators all created a public perception of a pending landslide of discrimination and privacy invasions.^[2] Spurred on by this fear, many states created statutes barring genetic discrimination.^[3] Despite all this collective concern, there is still no consensus on what exactly is the legal issue surrounding genetic discrimination — or, if this is a problem at all.

Congress followed suit in 2008, passing the Genetic Information Nondiscrimination Act (GINA).^[4] The substantive provisions of GINA were geared towards preventing healthcare providers from making decisions based on genetic information.^[5] GINA bars insurers from discriminating based on a person’s likelihood of developing a genetic disease; thus individuals are only protected if they are asymptomatic.^[6] However, in almost ten years, under 200 cases have litigated this statute, with about a quarter of these cases coming out of the 4th Circuit. For example, in 2013, there were 333 employment discrimination complaints filed based on GINA, compared to 90,000 based on everything else.^[7] Most of the genetic discrimination concerns born in the 90’s and early 2000’s have not matured into real legal problems.

Legal theorists have asserted that —while disseminating personal genetic information is a huge risk— this is not a discrimination issue. Genetic information is better understood as creating privacy concerns by compromising the autonomy of an individual by foreclosing opportunities on the basis of genetic characteristics.^[8] This suggests that mapping the civil rights model onto a brand new type of discrimination will hamper society’s ability to deal with the problem.^[9] Said another way, our intuition that this is a discrimination issue is wrong.

Genetic discrimination may become more of a problem as technology advances. Perhaps we just have not yet reached the “not-to-distant-future.” “As technological advances increasingly permit detection of subtle physiological changes, the line between using genetic information and non-genetic medical information will become more and more difficult to police.”^[10] There is no clear scientific distinction between genetic information and non-genetic information, despite the fact GINA turns on this difference. However, this is still a far cry from a Gattaca-esque fear. Or, perhaps the real harm is this irrational fear itself, which is slowing down potentially life-saving research. Mass genetic testing may be incredibly valuable, aiding genetic disease research and treatment development.^[11] People are reluctant to undergo genetic testing out of fear of discrimination, which leads to less data for disease research.^[12]

In the intervening decades since genetic discrimination became a concern, there has been a lot of legislation, but little case law and arguably only a fraction of the landslide of discrimination we expected. While the lofty problems we anticipated have not materialized, genetic discrimination has recently become a real-life concern, garnering much public attention.

Anyone following politics has heard the term “preexisting condition” thrown around in relation to healthcare debates. GINA does not protect a person as soon as they become symptomatic. However, GINA does not exactly define what symptomatic means.^[13] Because the Affordable Care Act covers most preexisting conditions, this definition was never really tested.^[14] Without the ACA, GINA will be the only way to make sure healthcare companies cover preexisting conditions. Because GINA has no clear definition of symptomatic, stripping healthcare laws could allow your genetics to become a preexisting condition.

 

^[1] Gattaca (Sony Pictures Entertainment 1997).

^[2] Sonia M. Suter, The Allure and Peril of Genetic Exceptionalism: Do We Need Special Genetic Legislation?, 79 Wash. U. L. Q. 669, 676 (2001).

^[3] Karen Rothenberg, Genetic Information and Health Insurance: State Legislative Approaches, 23 J. L. Med. & Ethics 312, 313 (1995).

^[4] Genetic Information Nondiscrimination Act of 2008, 110 P.L. 233, 122 Stat. 881.

^[5] Marion Crain, Pauling Kim & Micheal Selmi, Work Law: And Case Materials 430 (Carolina Academic Press 3rd ed.) (2015).

^[6] GINA § 102(b).

^[7] Adam Rogers, The House Health Plan Makes Your Genes a Preexisting Condition, Wired Magazine (May 4, 2017, 7:55 PM) https://www.wired.com/2017/05/house-health-plan-makes-genes-preexisting-condition/.

^[8] Pauline T. Kim, Genetic Discrimination, Genetic Privacy: Rethinking Employee Protection for a Brave New Workplace, 96 Nw. U.L. Rev. 1497, 1498 (2002); Suter, supra note 1, at 747.

^[9] Kim, supra note 9, at 1498.

^[10] Crain, supra note 5, at 432.

^[11] Id at 430.

^[12] Id.

^[13] Rogers, supra note 6.

^[14] Id.

Image Source: http://www.councilforresponsiblegenetics.org/blog/post/Protecting-Genetic-Data-A-Primer-for-Employers.aspx.