Privacy

Adopting cloud computing can mean entrusting data to a third-party vendor. For agencies responsible for personally identifiable information or mission-critical applications, this raises a host of privacy concerns, chief among them the issue of data sovereignty and the question of determining appropriate government and commercial uses of private citizens’ data. This section of the SafeGov.org site analyzes the risks to privacy associated with cloud adoption and explores ongoing means to mitigate them.

The Brave New World of HIPAA Enforcement (Part 4)

Daniel J. Solove by Daniel Solove, TeachPrivacy
Monday, October 20, 2014

The Health Insurance Portability and Accountability Act (HIPAA) regulations govern health information maintained by various entities covered by HIPAA (“covered entities”) and other organizations that receive health information from covered entities when performing functions for them. HIPAA is enforced by the Office for Civil Rights (OCR) in the Department of Health and Human Services (HHS).

Restoring Privacy in the Era of Big Data

Kris Alman, Student Privacy Matters,  Sunday, October 19, 2014

A parallel explosion of big data since 2001 is not coincidental. Big data utopians proclaim better integration of fragmented health and education sectors and data analysis will improve outcomes and improve value. The question never seems to be asked, “For whom?”

Where Government Leads: Designing For User Choice

Julie Anderson by Julie Anderson, Civitas Group
Wednesday, October 15, 2014

When used to benefit the individual, "choice architecture" helps citizens make better choices. It means thinking hard about software defaults. Rarely is government far ahead of the technology sector in cutting-edge policies designed to produce better results. Surprisingly enough, that is exactly what is happening with techniques that empower citizens to make optimal decisions related to economics, resource allocation, and privacy.

Who Are the Privacy and Security Cops on the Beat? (Part 3)

Daniel J. Solove by Daniel Solove, TeachPrivacy
Monday, October 13, 2014

In the United States, a variety of different regulators are responsible for overseeing and enforcing different laws that impact different types of information. Some laws are exclusively enforced by agencies. Some are also enforced by state attorneys general. Others are enforced exclusively with a private right of action – the ability of individuals to bring lawsuits. Several laws have criminal penalties, which are typically enforced by the Department of Justice (DOJ). And then there are laws that are enforced by a combination of means, such as the Fair Credit Reporting Act (FCRA) which is enforced by two agencies plus private rights of action.

Twitter, the FBI, and cloud computing: The disclosure dilemma

David Linthicum, InfoWorld,  Friday, October 10, 2014

Twitter filed a lawsuit against the FBI and the Department of Justice on Tuesday to publish a full "transparency report," which documents government requests for user information. Its objective is to gain more information about government surveillance of its users. The published report does not include national security requests -- Twitter has been prohibited from disclosing that information. But Twitter believes it's entitled under the First Amendment to "respond to our users' concerns and to the statements of U.S. government officials by providing information about the scope of U.S. government surveillance."

Microsoft says NSA spying hit trust in the cloud

Doug Drinkwater, SC Magazine UK,  Friday, October 10, 2014

A senior Microsoft spokesman says that government surveillance has damaged trust in the cloud and in the company itself, pushing the latter to focus more on data privacy and security. The firm's principal cyber-security strategist Jeff Jones was presenting at the IP Expo Europe exhibition in London on Thursday, where he suggested that the leaks from NSA whistleblower Edward Snowden had impacted the Redmond technology giant and the cloud computing market as a whole. He then suggested that that the leaks had ‘affected' cloud in the enterprise, as well as the company's own ambitions in this area, before adding that the growing distrust in the cloud had come at a time where ‘perceptual concerns' around cloud security were dissipating on deployment.

The Privacy Pillory and the Security Rack: The Enforcement Toolkit (Part 2)

Daniel J. Solove by Daniel Solove, TeachPrivacy
Thursday, October 09, 2014

Are privacy and security laws being enforced effectively? What kind of sanctions do privacy and security laws use for enforcement? In this post, I will discuss the various tools that are frequently used in the enforcement of privacy/security laws.

Interview: Brendon Lynch

Eleanor Dallaway, Infosecurity,  Thursday, October 09, 2014

I ask Lynch how attitudes to privacy have evolved during the decade he has spent in the privacy team at Microsoft. “At a fundamental level, people cared about their privacy then, as they do now,” he argues. “But the nature of technology and the data collection and use that’s occurring now is much greater, and therefore perhaps concerns and fears are now manifesting themselves in the realities of what’s happening today.” That reality, according to Lynch, is the “potential for a digital record of all human activity.” As technology intersects with people’s lives and activities, and devices become ever-more mobile, “sensors all around us” will create those digital records, he warns. Perhaps as a result of this so-called “trendline,” people are now starting to question how their information is being used, who they should trust, what control they have, and in some cases, what actions they can take to better protect their privacy. All of this whilst still taking advantage of an explosion in new productivity and connectivity capabilities.

Why Enforce Privacy and Security Laws? (Part 1 of a new series)

Daniel J. Solove by Daniel Solove, TeachPrivacy
Tuesday, October 07, 2014

How are privacy and security laws enforced? How should they be enforced? What enforcement works well? What doesn’t? What are the various agencies that are enforcing privacy laws doing? How do the agencies compare in their enforcement efforts? I plan to explore these questions in a series of posts. Collectively, I’ll call this series “Enforcing Privacy and Security Laws.”

Software group launches student privacy pledge

Julian Hattem, The Hill,  Tuesday, October 07, 2014

The software industry is making moves to beef up privacy protections for students. The Software and Information Industry Association (SIIA) joined with the Future of Privacy Forum, a think tank, to announce a new pledge for companies that make products for students in kindergarten through 12th grade. Under the pledge, a handful of companies have promised not to sell student information or target their ads based on students’ behavior. Companies will also only use data for specific educational purposes and will impose limits on how long that information is held.