International privacy standards for governments and schools?

Bradley Shear by Bradley Shear, Law Office of Bradley S. Shear
Thursday, May 21, 2015

While many think of state and local governments as just repositories of public records, they also store massive amounts of highly sensitive personal information, including tax returns, family services files, student records and health data. And as state and local governments move more data to the cloud, privacy concerns become paramount. It is imperative governments establish robust privacy standards for cloud storage to prevent the misuse of personal data. Moving forward, governments should require their vendors to follow the recently adopted International Standards Organization (ISO) 27018 cloud privacy guidelines. These standards foster transparency while increasing security and data privacy. Without adherence to ISO 27018, government entities — such as public schools, which collect, process, and archive tremendous amounts of student data — could have their data used for non-educational purposes.

EU trades privacy reform for surveillance

H. Bryan Cunningham by Bryan Cunningham, Cunningham Levy LLP
Wednesday, May 20, 2015

A strange — and strangely unnoticed — trend is emerging in the evolving global response to massive 2013 leaks about US surveillance activities. While our European cousins talk privacy reform, the United States is actually moving ahead with it, albeit more slowly than many would like. As the American side of the Atlantic inches toward self-restraint, many European governments are seeking sweeping new spying powers. Europe is at risk of falling behind the US in privacy reform.

The vast amount of PII stored in the cloud needs to be better secured

Paul Rosenzweig by Paul Rosenzweig, The Chertoff Group
Friday, May 15, 2015

Rosenzweig highlights the need to adopt ISO 20718 and suggests that harmonizing this standard with the FBI’s CJIS cloud data storage policy will reduce competition among standards and offer state and local governments a clear and consistent standard. Rosenzweig writes, “The alphabet soup of CJIS, PII and ISO in the end spell out a simple message: secure, confidential cloud storage of criminal justice information.”

Are wearables violating HIPAA?

Julie Anderson by Julie Anderson, AG Strategy Group
Thursday, May 14, 2015

With the development of wearable technologies such as the Nike Fuel Band, Fitbit, and Apple Watch, consumers suddenly have more options to monitor their fitness performance than ever before. And the way these devices capture data poses serious privacy and security issues to individually-identifiable health information that must be addressed.

Where should security exist?

Scott Andersen by Scott Andersen, CGI
Monday, May 11, 2015

Security First is a cry many government agencies have taken up, as they should. The reality of the modern cyber world is that security is a risk for every solution out there. The value of putting a solution out where people can use and consume the data is that more people get more information more quickly. The bad side is that making information available makes it vulnerable. That, in turn, makes security people nervous. Where is the right place to install or deploy security components for a solution? If we break an application into the many tiers, which tier should include security?

Is the NSA's Big Data Program Authorized? Key Quotes from a Major Court Ruling

Daniel J. Solove by Daniel Solove, TeachPrivacy
Friday, May 08, 2015

The U.S. Court of Appeals for the 2nd Circuit just issued a 97-page ruling limiting the NSA's power to sweep up data about people's phone calls. The court held that the USA Patriot Act Section 215 doesn't authorize the kind of sweeping collection of phone call metadata that the NSA has been engaging in.

Agency CIOs Need to Be Aware of the Dangers of Consumer Tech

Jeff Gould by Jeff Gould, SafeGov.org
Thursday, May 07, 2015

Contrary to common belief, the problem is not security. Consumer tech and cloud data centers are no more vulnerable to hackers and accidental breaches than traditional enterprise IT shops. On the contrary, greater scale and scope of cloud operations require resources to deploy the best security expertise and tools available. This attribute will arguably make the cloud a safer platform for enterprises to secure their most valuable information than in-house facilities.

ISO 27018: Protecting privacy and national security too

H. Bryan Cunningham by Bryan Cunningham, Cunningham Levy LLP
Tuesday, May 05, 2015

Broad adoption of international standards around the globe, by governments and other public institutions and, critically, by cloud providers and other private companies, can have multiple benefits. First, broadly accepted standards produced by a process involving a wide variety of stakeholders foster trust in the adequacy, fairness and sustainability of such rules. Needless to say, trust and fairness, in particular, are top-tier issues in cloud computing today.

U.S. Student Digital Data Privacy and Parental Rights Act of 2015 Introduced

Bradley Shear by Bradley Shear, Law Office of Bradley S. Shear
Thursday, April 30, 2015

Earlier this year, I advocated for my home state of Maryland to enact a similar student privacy bill which was also modeled after California's SB 1177. I was very troubled to witness Facebook and Google (here is a link to the hearing where you will see that the representatives of these companies were actively trying to thwart passage of robust student privacy protections) advocate for amendments to gut the bill's privacy protections for our children. My hope is that Facebook, Google, etc... realize that their continued refusal to accept appropriate limits on student data collection, processing, and usage will continue to make parents suspicious about their motives for providing educational technology tools. These companies are two of the largest advertising entities in the world and their actions so far clearly demonstrate that they want access to personal student data for marketing purposes.

Courts docs show how Google slices users into “millions of buckets”

Jeff Gould by Jeff Gould, SafeGov.org
Thursday, April 30, 2015

The first law of selling is to know your customer. This simple maxim has made Google into the world’s largest purveyor of advertisements, bringing in more ad revenue this year than all the world’s newspapers combined. What makes Google so valuable to advertisers is that it knows more about their customers — that is to say, about you — than anyone else.