Thursday, October 23, 2014
Under the Health Insurance Portability and Accountability Act (HIPAA), various organizations can be randomly selected to be audited – even if no complaint has been issued against them and even if there has been no privacy incident or breach. What the audits thus far have revealed is quite alarming.
Rep. Jared Polis (D-Colo.) and Brad Smith, The Hill, Thursday, October 23, 2014
The intersection of the Family Educational Rights and Privacy Act of 1974, Children's Online Privacy and Protection Act of 1998, a growing number of state laws, district policies, vendor contracts, and privacy policies create a situation in which it is hard to tell what protections and rights exist for children or for adults. To witness this trend is to worry that legitimate privacy concerns threaten to derail the potential of education technology to improve personalized learning.
Wednesday, October 22, 2014
Apple’s default encryption announcement contained a notable distinction in the fine print. They promised not to read the content of your email messages. Not only will Apple’s default encryption protect your email from being accessed by governmental entities without permission, but Apple will not retrieve or use the content of your email for their own purposes. Android’s announcement did not offer the same protection to users. They did not make the same pledge which could be related to the fact that Google’s main source of revenue is derived from ad placements based on the content of user emails and searches.
John Leyden, The Register, Tuesday, October 21, 2014
Three in four cloud services do not conform to the current EU Data Protection Directive, according to a new study. Enterprise cloud visibility firm Skyhigh Networks found that nearly three-quarters (72 per cent) of the cloud services used by European organisations do not meet the requirements of the current privacy regulations, with data being sent to countries without adequate levels of data protection. The transfer of personally identifiable information outside Europe meant many services were operating at odds with the EU Data Protection Directive.
Monday, October 20, 2014
The Health Insurance Portability and Accountability Act (HIPAA) regulations govern health information maintained by various entities covered by HIPAA (“covered entities”) and other organizations that receive health information from covered entities when performing functions for them. HIPAA is enforced by the Office for Civil Rights (OCR) in the Department of Health and Human Services (HHS).
Adam Mazmanian, FCW, Monday, October 20, 2014
While law enforcement is up in arms about new default data encryption on Apple iOS and Google Android devices, experts say the policy could have some benefits for federal mobility as well.
Kris Alman, Student Privacy Matters, Sunday, October 19, 2014
A parallel explosion of big data since 2001 is not coincidental. Big data utopians proclaim better integration of fragmented health and education sectors and data analysis will improve outcomes and improve value. The question never seems to be asked, “For whom?”
Wednesday, October 15, 2014
When used to benefit the individual, "choice architecture" helps citizens make better choices. It means thinking hard about software defaults. Rarely is government far ahead of the technology sector in cutting-edge policies designed to produce better results. Surprisingly enough, that is exactly what is happening with techniques that empower citizens to make optimal decisions related to economics, resource allocation, and privacy.
Monday, October 13, 2014
In the United States, a variety of different regulators are responsible for overseeing and enforcing different laws that impact different types of information. Some laws are exclusively enforced by agencies. Some are also enforced by state attorneys general. Others are enforced exclusively with a private right of action – the ability of individuals to bring lawsuits. Several laws have criminal penalties, which are typically enforced by the Department of Justice (DOJ). And then there are laws that are enforced by a combination of means, such as the Fair Credit Reporting Act (FCRA) which is enforced by two agencies plus private rights of action.
David Linthicum, InfoWorld, Friday, October 10, 2014
Twitter filed a lawsuit against the FBI and the Department of Justice on Tuesday to publish a full "transparency report," which documents government requests for user information. Its objective is to gain more information about government surveillance of its users. The published report does not include national security requests -- Twitter has been prohibited from disclosing that information. But Twitter believes it's entitled under the First Amendment to "respond to our users' concerns and to the statements of U.S. government officials by providing information about the scope of U.S. government surveillance."