The LEADS Act: A Transatlantic Olive Branch from the U.S. to Europe Over Government Access to Data

Jeff Gould by Jeff Gould, SafeGov.org
Friday, February 20, 2015

A group of American senators from both parties are offering Europe an olive branch in the transatlantic war of words over Internet surveillance. Concretely, they propose to update the antiquated 1986 Electronic Communications Privacy Act (ECPA) by putting tighter limits on when and how U.S. courts can access electronic data stored abroad. ECPA was a forward looking law when it was passed. Such things as the Internet and email already existed. Personal computers were commonplace. A few people even had (brick-sized) mobile phones. The law was expressly intended to give courts and police agencies conducting criminal investigations a legitimate way to get at data stored on these devices while still protecting the privacy rights of users. But the role and scale of online technology in the world are vastly different today than in 1986. No one could have imagined then that one day hundreds of millions of Europeans would routinely store trillions of personal electronic documents on shared computers located in Europe but owned and remotely operated by American firms. Such a scenario would have been pure science fiction.

Safe Passage, Portability and Who Owns My Data

Scott Andersen by Scott Andersen, CGI
Thursday, February 19, 2015

Recently proposed legislation provides an interesting backdrop to this conversation. The bipartisan Law Enforcement Access to Data Stored Abroad (“LEADS”) Act is currently in the US Senate. LEADs basically says the US government cannot violate the sanctity of data hosted in another country. Who knows what form this will take or if this interesting potential legislation will make it out of congress. It does however make for an interesting conversation. There is an historical concept called Safe Passage. Safe Passage is simply moving through hostile lands without fear of attack. In the cloud world this would be akin to laws that supported the safe transport of data regardless of data sovereignty or ownership.

Getting Smart about Smartphones

Julie Anderson by Julie Anderson, AG Strategy Group
Wednesday, February 04, 2015

If the 20th century was the age of the automobile, the 21st already looks to be the century of smartphones, devices and big data. In the past five years alone, smartphones have gone from being reserved for the world’s wealthiest to full integration into our daily lives. But as next-generation technologies such as Apple’s Siri, Google Voice, smart watches, and other interactive, data-collecting tools are adopted faster than any previous technology in human history, this begs the question—how much do consumers actually know about them? And what can we, as consumers, do to protect our personal data from misuse?

The impact of unique data laws would be significant

Scott Andersen by Scott Andersen, CGI
Friday, January 16, 2015

I have been fortunate to work with a number of young innovators lately. They ask me questions about things that are a blast to discuss. How do I reach my maximum potential market? What is the right price point for my device, and so on? The one thing I’ve noticed is that they aren’t concerned about the IP they have created. Recently, SafeGov posted a link to a WSJ article written by Michael Chertoff talking about the need for a rule of law protecting information. It got me thinking about the questions the young innovators have been asking me concerning what they are building.

Why Google is ignoring Obama’s challenge to sign the Student Privacy Pledge

Jeff Gould by Jeff Gould, SafeGov.org
Wednesday, January 14, 2015

Several months ago a group of privacy advocates and education software providers, with prominent support from the Obama administration, overcame their differences and agreed to a Student Privacy Pledge. The 12 commitments of this pledge make for a remarkably strong document that places important limits on how children’s data can be used by commercial firms. It comes at a time when interest and investment in education technology is booming as never before. Among the pledge’s key commitments...

The Twelve Clouds of Christmas

Scott Andersen by Scott Andersen, CGI
Friday, December 19, 2014

On the first cloud of Christmas my CSP gave to me a direct network connection. On the second cloud of Christmas my CSP gave to me two databases and a direct network connection. On the third cloud of Christmas my CSP gave to me three directory connections, two databases and a direct network connection. On the fourth cloud of Christmas my CSP gave to me four shiny new SaaS offerings, three directory connections, two databases and a direct network connection.

The Broker Road Less Traveled

Scott Andersen by Scott Andersen, CGI
Tuesday, November 18, 2014

I’ve been thinking and writing about the cloud market now for more than five years. In that time I have seen a number of solutions come and go. What I haven’t seen yet is the small agile solution that in the end forces the larger players to change not only their approach but in the end also what and how they deliver services. So I am stuck with that question what might that change be? Recently I started realizing that in the end the change that would modify the CSP’s quickly and in the end change the market forever is the solution known as a cloud broker.

Lawsuits for HIPAA Violations and Beyond: A Journey Down the Rabbit Hole

Daniel J. Solove by Daniel Solove, TeachPrivacy
Monday, November 17, 2014

At first blush, it seems impossible for a person to sue for a HIPAA violation. HIPAA lacks a private cause of action. So do many other privacy and data security laws, such as FERPA, the FTC Act, the Gramm-Leach-Bliley Act, among others. That means that these laws don’t provide people with a way to sue when their rights under these laws are violated. Instead, these laws are enforced by agencies. But wait! Stop the presses! A recent decision by the Connecticut Supreme Court has concluded that people really can sue for HIPAA violations. As I will explain later, this is not a radical conclusion ... though the implications of this conclusion could be quite radical and extend far beyond HIPAA.

The Most Alarming Fact About HIPAA Audits (Part 5)

Daniel J. Solove by Daniel Solove, TeachPrivacy
Thursday, October 23, 2014

Under the Health Insurance Portability and Accountability Act (HIPAA), various organizations can be randomly selected to be audited – even if no complaint has been issued against them and even if there has been no privacy incident or breach. What the audits thus far have revealed is quite alarming.

Why don't we have a Cloud Transition Framework?

Scott Andersen by Scott Andersen, CGI
Wednesday, October 22, 2014

There is a wonderful cloud process called “design for failure.” Once upon a time in IT we called that “prepare a risk analysis.” Include in that analysis both mitigation and contingency planning. Make sure you socialize that list so that people know what the project risks are. Design for failure works the same way. So let’s design our transition for failure.