The New York Times has a good feature article on the work of Alessandro Acquisti, a professor specializing in behavioral economics at Carnegie Mellon University. His work has long fascinated me, and he continually produces new studies that defeat our cherished assumptions about privacy. I'm delighted that the New York Times has chosen to feature his work, as everyone in the privacy field, especially policymakers, should be familiar with it.

Do children still have an expectation of privacy? Every day our personal privacy is slowly being eroded because of advances in technology. New inventions have enabled our society to more efficiently mass produce food; create the infrastructure to warm our homes and offices in the winter and cool them in the summer; and to invent digital devices that allow us to communicate and share information from around the world and outer space almost instantaneously.

Law enforcement agencies throughout the United States and around the world are increasingly considering cloud computing as a viable option to support information management and operations. The IACP and SafeGov recently cohosted a symposium called “Leveraging the Cloud for Law Enforcement,” held January 31 at the Newseum in Washington, D.C.

Last week saw the latest chapter unfold in Google’s privacy battle with the European Union. In October 2012, France’s Commission Nationale de l’Informatique et des Libertes, or CNIL published a set of recommendations, on behalf of 27 European data protection authorities, suggesting that Google should address the “uncontrolled combination of data across services” and other data collection issues in its new privacy policy.

Massachusetts has become the first state to introduce legislation that would ban companies that provide cloud computing services from processing student data for commercial purposes. MA Bill 331 is sponsored by Rep. Carlo Basile and it was referred to the House Committee on Education on January 22, 2013. MA Bill 331 states, "Section 1. Notwithstanding any general or special law to the contrary any person who provides a cloud computing service to an educational institution operating within the State shall process data of a student enrolled in kindergarten through twelfth grade for the sole purpose of providing the cloud computing service to the educational institution and shall not process such data for any commercial purpose, including but not limited to advertising purposes that benefit the cloud computing service provider."

In a previous post, I discussed the implications of the new HIPAA-HITECH Act regulation for cloud service providers. I noted that cloud service providers would generally be deemed to be business associates (BAs) under HIPAA because any entity that “maintains” protected health information (PHI) on behalf of a covered entity or another BA is deemed a BA. Under HIPAA, BAs are directly liable to HHS enforcement for a number of responsibilities under the HIPAA Privacy and Security Rules. Moreover, a BA must be under a business associate agreement (BAA) with the entity supplying the PHI.

We recently had the opportunity to talk with David Canellos, CEO of PerspecSys, about his company’s cloud encryption and tokenization solutions. What follows is an edited transcript of our conversation.

If you are interested enough in government access to social media data to have sought out this article, you probably already are aware that virtually all cloud service providers have “terms of service” agreements which grant the providers the right to turn over your data to law enforcement authorities. Today, Facebook also publishes guidelines the company says it uses in providing customer information to law enforcement.

The FTC recently released its "Mobile Privacy Disclosure: Building Trust Through Transparency" staff report. The theme of this staff report is that mobile platform operating system providers (Amazon, Apple, BlackBerry, Google, and Microsoft), app developers, ad networks, and analytic companies need to provide consumers with timely, easy-to-understand disclosures about the data that is collected about them and how the data is utilized.

In celebration of Data Privacy Day, SafeGov is releasing this "Cloud Computing for Education" video for educational institution leaders. This video provides guidance on selecting cloud service providers with an emphasis on data protection and security recommendations.