The Broker Road Less Traveled

Scott Andersen by Scott Andersen, CGI
Tuesday, November 18, 2014

I’ve been thinking and writing about the cloud market now for more than five years. In that time I have seen a number of solutions come and go. What I haven’t seen yet is the small agile solution that in the end forces the larger players to change not only their approach but in the end also what and how they deliver services. So I am stuck with that question what might that change be? Recently I started realizing that in the end the change that would modify the CSP’s quickly and in the end change the market forever is the solution known as a cloud broker.

Lawsuits for HIPAA Violations and Beyond: A Journey Down the Rabbit Hole

Daniel J. Solove by Daniel Solove, TeachPrivacy
Monday, November 17, 2014

At first blush, it seems impossible for a person to sue for a HIPAA violation. HIPAA lacks a private cause of action. So do many other privacy and data security laws, such as FERPA, the FTC Act, the Gramm-Leach-Bliley Act, among others. That means that these laws don’t provide people with a way to sue when their rights under these laws are violated. Instead, these laws are enforced by agencies. But wait! Stop the presses! A recent decision by the Connecticut Supreme Court has concluded that people really can sue for HIPAA violations. As I will explain later, this is not a radical conclusion ... though the implications of this conclusion could be quite radical and extend far beyond HIPAA.

The Most Alarming Fact About HIPAA Audits (Part 5)

Daniel J. Solove by Daniel Solove, TeachPrivacy
Thursday, October 23, 2014

Under the Health Insurance Portability and Accountability Act (HIPAA), various organizations can be randomly selected to be audited – even if no complaint has been issued against them and even if there has been no privacy incident or breach. What the audits thus far have revealed is quite alarming.

Why don't we have a Cloud Transition Framework?

Scott Andersen by Scott Andersen, CGI
Wednesday, October 22, 2014

There is a wonderful cloud process called “design for failure.” Once upon a time in IT we called that “prepare a risk analysis.” Include in that analysis both mitigation and contingency planning. Make sure you socialize that list so that people know what the project risks are. Design for failure works the same way. So let’s design our transition for failure.

Local police learn to bear body cameras

Michael Chertoff by Michael Chertoff, Chertoff Group
Wednesday, October 22, 2014

On Wednesday, an autopsy on Michael Brown, who was shot by a police officer in Ferguson, Mo., in August, raised new questions about what exactly happened. As details emerge from interviews and forensic evidence, it is clear that video would have helped sort the allegations. In future cases, the public and police will have more access to just such video evidence. The Washington, D.C., police have begun a pilot program, with 165 officers using body-worn cameras to record interactions with the public. They join many other departments.

The Brave New World of HIPAA Enforcement (Part 4)

Daniel J. Solove by Daniel Solove, TeachPrivacy
Monday, October 20, 2014

The Health Insurance Portability and Accountability Act (HIPAA) regulations govern health information maintained by various entities covered by HIPAA (“covered entities”) and other organizations that receive health information from covered entities when performing functions for them. HIPAA is enforced by the Office for Civil Rights (OCR) in the Department of Health and Human Services (HHS).

Who Are the Privacy and Security Cops on the Beat? (Part 3)

Daniel J. Solove by Daniel Solove, TeachPrivacy
Monday, October 13, 2014

In the United States, a variety of different regulators are responsible for overseeing and enforcing different laws that impact different types of information. Some laws are exclusively enforced by agencies. Some are also enforced by state attorneys general. Others are enforced exclusively with a private right of action – the ability of individuals to bring lawsuits. Several laws have criminal penalties, which are typically enforced by the Department of Justice (DOJ). And then there are laws that are enforced by a combination of means, such as the Fair Credit Reporting Act (FCRA) which is enforced by two agencies plus private rights of action.

The Privacy Pillory and the Security Rack: The Enforcement Toolkit (Part 2)

Daniel J. Solove by Daniel Solove, TeachPrivacy
Thursday, October 09, 2014

Are privacy and security laws being enforced effectively? What kind of sanctions do privacy and security laws use for enforcement? In this post, I will discuss the various tools that are frequently used in the enforcement of privacy/security laws.

Why Enforce Privacy and Security Laws? (Part 1 of a new series)

Daniel J. Solove by Daniel Solove, TeachPrivacy
Tuesday, October 07, 2014

How are privacy and security laws enforced? How should they be enforced? What enforcement works well? What doesn’t? What are the various agencies that are enforcing privacy laws doing? How do the agencies compare in their enforcement efforts? I plan to explore these questions in a series of posts. Collectively, I’ll call this series “Enforcing Privacy and Security Laws.”

Home Improvement or Guide to Cloud Migrations?

Scott Andersen by Scott Andersen, CGI
Monday, October 06, 2014

Recently I was watching a home improvement show and it struck me that home improvement design questions and questions we should ask our cloud provider are often quite similar.