As NSA reform dies, questions about Safe Harbour reform loom

Jonathan Brandon, Business Cloud News,  Thursday, November 20, 2014

The USA Freedom Act, which was proposed in a bid to end mass surveillance and give more transparency and oversight to how digital communications are monitored by the US intelligence community, died on the floor of the US Senate this week, falling just two votes shy of the 60 votes it needed to pass. Some analysts believe the result will stoke further debate around Safe Harbour and other data sharing agreements with the US.

Lawsuits for HIPAA Violations and Beyond: A Journey Down the Rabbit Hole

Daniel J. Solove by Daniel Solove, TeachPrivacy
Monday, November 17, 2014

At first blush, it seems impossible for a person to sue for a HIPAA violation. HIPAA lacks a private cause of action. So do many other privacy and data security laws, such as FERPA, the FTC Act, the Gramm-Leach-Bliley Act, among others. That means that these laws don’t provide people with a way to sue when their rights under these laws are violated. Instead, these laws are enforced by agencies. But wait! Stop the presses! A recent decision by the Connecticut Supreme Court has concluded that people really can sue for HIPAA violations. As I will explain later, this is not a radical conclusion ... though the implications of this conclusion could be quite radical and extend far beyond HIPAA.

What Every Business Owner Needs to Know About Data Sovereignty

Ajay Patel, SmartData Collective,  Monday, November 17, 2014

Sovereignty isn’t usually the first word that comes to mind when thinking about data. With all the recent data fiascos, privacy is what’s at the forefront of most consumers’ minds. But data sovereignty relates to data privacy, and businesses need to understand this concept when choosing where they store their digital information. Unfortunately, the laws and regulations protecting digital information can be extremely complex. They are dependent on different governments and jurisdictions, and data stored in certain countries may or may not be subject to subpoena by another country’s government (or even the host country’s government).

Privacy Protections Unite Carmakers

Joan Lowy, Associated Press ,  Friday, November 14, 2014

Nineteen automakers accounting for most of the passenger cars and trucks sold in the U.S. have signed onto a set of principles they say will protect motorists' privacy in an era when computerized cars pass along more information about their drivers than many motorists realize. The principles were delivered in a letter Wednesday to the Federal Trade Commission, which has the authority to force corporations to live up to their promises to consumers. Industry officials say they want to assure their customers that the information that their cars stream back to automakers or that is downloaded from the vehicle's computers won't be handed over to authorities without a court order, sold to insurance companies or used to bombard them with ads for pizza parlors, gas stations or other businesses they drive past, without their permission.

EU mulls conferring binding powers on body of data privacy regulators

Julia Fioretti, Reuters,  Friday, November 14, 2014

A new body of European data protection authorities could have the power to adopt legally binding decisions in cross-border disputes over a company's misuse of personal data, according to a draft document seen by Reuters. Under a mechanism originally proposed in reforms of Europe's data protection laws, businesses operating across the 28-nation European Union would have to deal only with the data protection authority in the country where they are headquartered - even if alleged mishandling of data affects citizens in another country. A new proposal by Italy, which holds the rotating European presidency, gives all concerned authorities the chance to intervene in all stages of the decision-making process.

Public Perceptions of Privacy and Security in the Post-Snowden Era

Mary Madden, Pew Research,  Wednesday, November 12, 2014

Privacy evokes a constellation of concepts for Americans—some of them tied to traditional notions of civil liberties and some of them driven by concerns about the surveillance of digital communications and the coming era of “big data.” While Americans’ associations with the topic of privacy are varied, the majority of adults in a new survey by the Pew Research Center feel that their privacy is being challenged along such core dimensions as the security of their personal information and their ability to retain confidentiality.

Google Mines Gmail for Big Data Gold

Jeff Gould by Jeff Gould, SafeGov.org
Wednesday, November 12, 2014

Email is in the midst of a radical transformation. What used to be simple unstructured communication is evolving into something very different – highly structured data that can be mined and exploited on a vast scale by advanced machine learning algorithms. The driving force behind this transformation is the ad-supported free email business model first launched by Hotmail in the 1990s and since perfected by Gmail. Google is now launching an entirely new email client, Inbox, which makes the transformation of email into big data visible to the naked eye.

GSA IT gets privacy impact assessment policy

Mark Rockwell, FCW,  Monday, November 03, 2014

General Services Administration CIO Sonny Hashmi issued policy guidelines for assessing the impact of his agency's IT systems on its employees' privacy. Hashmi, who is also the senior agency official for privacy in the GSA IT Office, said in a policy and procedure statement that IT program managers and system owners were responsible for ensuring that the systems under their jurisdiction undergo a privacy impact assessment.

The Blind Men, the Elephant and the FTC’s Data Security Standards

Omer Tene, IAPP,  Thursday, October 30, 2014

Like a group of blind men encountering an elephant—one touching the trunk and thinking “snake,” another feeling a tusk and thinking “sword,” a third caressing an ear and thinking “sail”—so do commentators, lawyers and industry players struggle to identify what “reasonable data security” practices mean in the eyes of the Federal Trade Commission (FTC). In the absence of federal legislation or regulatory guidance, the reasonableness standard is assessed on a case-by-case basis through a string of FTC enforcement actions, 47 so far, by which the agency provides the public with glimpses into its regulatory interpretation.

Taking back privacy in the post-Snowden cloud

Sean Gallagher, Ars Technica,  Tuesday, October 28, 2014

Governments aren’t going to fix cloud’s privacy problem. It’s up to the industry—and us. “In the 2000s we had this wild cloud party,” said Peter Eckersley, technology projects director at the Electronic Frontier Foundation. “That party ended—Edward Snowden crashed that party. And we’ve woken up with a massive privacy and security hangover that companies are now trying to shake.” How did we get in this mess? And is there any way to have both the convenience of mobile access to nearly everything while still keeping out the prying eyes of government spies and criminal crackers?