The Most Alarming Fact About HIPAA Audits (Part 5)

Daniel J. Solove by Daniel Solove, TeachPrivacy
Thursday, October 23, 2014

Under the Health Insurance Portability and Accountability Act (HIPAA), various organizations can be randomly selected to be audited – even if no complaint has been issued against them and even if there has been no privacy incident or breach. What the audits thus far have revealed is quite alarming.

Why don't we have a Cloud Transition Framework?

Scott Andersen by Scott Andersen, CGI
Wednesday, October 22, 2014

There is a wonderful cloud process called “design for failure.” Once upon a time in IT we called that “prepare a risk analysis.” Include in that analysis both mitigation and contingency planning. Make sure you socialize that list so that people know what the project risks are. Design for failure works the same way. So let’s design our transition for failure.

Local police learn to bear body cameras

Michael Chertoff by Michael Chertoff, Chertoff Group
Wednesday, October 22, 2014

On Wednesday, an autopsy on Michael Brown, who was shot by a police officer in Ferguson, Mo., in August, raised new questions about what exactly happened. As details emerge from interviews and forensic evidence, it is clear that video would have helped sort the allegations. In future cases, the public and police will have more access to just such video evidence. The Washington, D.C., police have begun a pilot program, with 165 officers using body-worn cameras to record interactions with the public. They join many other departments.

The Brave New World of HIPAA Enforcement (Part 4)

Daniel J. Solove by Daniel Solove, TeachPrivacy
Monday, October 20, 2014

The Health Insurance Portability and Accountability Act (HIPAA) regulations govern health information maintained by various entities covered by HIPAA (“covered entities”) and other organizations that receive health information from covered entities when performing functions for them. HIPAA is enforced by the Office for Civil Rights (OCR) in the Department of Health and Human Services (HHS).

Who Are the Privacy and Security Cops on the Beat? (Part 3)

Daniel J. Solove by Daniel Solove, TeachPrivacy
Monday, October 13, 2014

In the United States, a variety of different regulators are responsible for overseeing and enforcing different laws that impact different types of information. Some laws are exclusively enforced by agencies. Some are also enforced by state attorneys general. Others are enforced exclusively with a private right of action – the ability of individuals to bring lawsuits. Several laws have criminal penalties, which are typically enforced by the Department of Justice (DOJ). And then there are laws that are enforced by a combination of means, such as the Fair Credit Reporting Act (FCRA) which is enforced by two agencies plus private rights of action.

The Privacy Pillory and the Security Rack: The Enforcement Toolkit (Part 2)

Daniel J. Solove by Daniel Solove, TeachPrivacy
Thursday, October 09, 2014

Are privacy and security laws being enforced effectively? What kind of sanctions do privacy and security laws use for enforcement? In this post, I will discuss the various tools that are frequently used in the enforcement of privacy/security laws.

Why Enforce Privacy and Security Laws? (Part 1 of a new series)

Daniel J. Solove by Daniel Solove, TeachPrivacy
Tuesday, October 07, 2014

How are privacy and security laws enforced? How should they be enforced? What enforcement works well? What doesn’t? What are the various agencies that are enforcing privacy laws doing? How do the agencies compare in their enforcement efforts? I plan to explore these questions in a series of posts. Collectively, I’ll call this series “Enforcing Privacy and Security Laws.”

Home Improvement or Guide to Cloud Migrations?

Scott Andersen by Scott Andersen, CGI
Monday, October 06, 2014

Recently I was watching a home improvement show and it struck me that home improvement design questions and questions we should ask our cloud provider are often quite similar.

SafeGov Releases Results of Global Parents Surveys Relating to Student Online Privacy

Jeff Gould by Jeff Gould, SafeGov.org
Wednesday, September 17, 2014

Surveys of nearly 5,500 parents in 11 countries around the world, including Europe, Asia and North America, show that parents have high hopes for the contribution that Internet applications can make to their children’s education, especially when it comes to acquiring skills relevant to the modern global economy. At the same time, the vast majority of parents worry that internet companies are tracking and profiling their children’s online activities at school for advertising purposes, and they want such practices banned. Specifically, parents want stronger government regulations against online data mining in schools that isn’t directly related to improving academic performance, and they want schools to forbid such practices. The findings are based on a series of surveys conducted between 2012 and 2014 for SafeGov aimed at capturing global parents’ views on the benefits and risks of proliferating in-school access to internet applications such as email, document creation and group collaboration.

The Value of the Broker Model

Scott Andersen by Scott Andersen, CGI
Tuesday, September 16, 2014

I find it interesting and have the argument frequently about the value of cloud brokers. I tend to be arguing with cloud service providers and argue that there is significant customer value in the cloud broker model. Cloud service providers don’t always see that value and they should.. From their perspective its business as usual and the broker of course changes that. Lately however I am seeing more and more people moving to my side and tipping the argument further. So I have come up with my top ten reasons brokers will be of value in the next two years.