Adopting cloud computing can mean entrusting data to a third-party vendor. For agencies responsible for personally identifiable information or mission-critical applications, this raises a host of privacy concerns, chief among them the issue of data sovereignty and the question of determining appropriate government and commercial uses of private citizens’ data. This section of the site analyzes the risks to privacy associated with cloud adoption and explores ongoing means to mitigate them.

Landmark ECJ data protection ruling could impact Facebook and Google

Samuel Gibbs, The Guardian,  Friday, October 02, 2015

The European Court of Justice ruled Thursday that if a company operates a service in the native language of a country, and has representatives in that country, then it can be held accountable by the country’s national data protection agency despite not being headquartered in the country.

To Body Cam or Not, That is the Question

Tracy Mitrano, Inside Higher Ed,  Monday, September 28, 2015

Body cameras on institutional law enforcement have become all the rage nationally... Higher education is not an exception in this landscape. Sometimes cities within cities, universities and colleges require law enforcement just as they require physical power plants, facility, food and service management.

European Court Adviser Calls Trans-Atlantic Data-Sharing Pact Insufficient

Mark Scott, New York Times,  Wednesday, September 23, 2015

The laws governing companies that share online customer data between Europe and the United States may soon become a lot tougher. A legal position published in Luxembourg on Wednesday by a senior adviser to Europe’s highest court said that a trans-Atlantic “safe harbor” agreement allowing companies to ship people’s data between both regions did not provide sufficient checks on how that information may be used.

The Time for Reform is Now

Richard Salgado, Google Public Policy Blog,  Friday, September 18, 2015

As the debate over electronic communications privacy escalates in Congress and around the country, I testified this week before the Senate Judiciary Committee to discuss this very issue. The hearing provided an important opportunity to address users’ very reasonable expectations of privacy when it comes to the content in their email and other online accounts. Google strongly supports legislation to update the Electronic Communications Privacy Act (ECPA), which was signed into law almost thirty years ago -- long before email accounts and the Web were part of our daily lives. As it is currently written, ECPA allows government agencies to compel a provider to disclose the content of communications, like email and photos, without a warrant in some circumstances. This pre-digital era law no longer makes sense: users expect, as they should, that the documents they store online have the same Fourth Amendment protections as they do when the government wants to enter the home to seize documents stored in a desk drawer.

Passing ECPA reform – It has never been more important

Brad Smith, Microsoft on the Issues,  Wednesday, September 16, 2015

This is an important week for privacy in the nation’s capital. With a hearing today before the Senate Judiciary Committee, another focus on privacy begins in earnest. In truth, this could not come at a better or more important time. With each passing month it is becoming even clearer that our nation’s antiquated privacy laws need to be reformed. This is the time for Congress to act.

Is your data privacy and security bulletproof?

Saimon Michelson, CloudTech,  Friday, September 11, 2015

To ensure a completely bulletproof data service, there are certain components you must own and control. At all times, you need to ensure that you’re in the driver’s seat, and that you didn’t hand over your car keys, along with your corporate data security and privacy, to someone else. As your company's security expert, you are the one chosen to protect your organisation's data so you should invest in a system that allows you to apply your corporate policies, integrate your corporate security countermeasure systems while gaining continuous insight to your corporate user usage patterns.

Data sovereignty and the cloud: How do we fully control data amidst the cloud sprawl?

David Auslander, CloudTech,  Wednesday, September 09, 2015

One of the basic tenets of cloud computing is the ability to provide access to resources across a geographically dispersed cloud environment. This makes the cloud ideal for global distribution of applications and data. But what about those geographies that have highly restrictive data sovereignty laws or practices, such as Germany, Austria and South Korea? What about governmental bodies attempting to protect information while utilising the cloud?

Statement by EU Commissioner Věra Jourová on the finalisation of the EU-US negotiations on the data protection "Umbrella Agreement"

European Commission Press Release,  Tuesday, September 08, 2015

"I am very pleased that today we have finalised negotiations with the US on high data protection standards for transatlantic law enforcement cooperation. Robust cooperation between the EU and the US to fight crime and terrorism is crucial to keep Europeans safe. But all exchanges of personal data, such as criminal records, names or addresses, need to be governed by strong data protection rules. This is what the Umbrella Agreement will ensure.

Can California Lead on Privacy in Cloud Computing?

Anupam Chander, Davis Vanguard,  Sunday, September 06, 2015

I will focus my contribution on what we in California can do at home. The California legislature is currently considering a bill called the “California’s Electronic Communications Privacy Act (CalECPA).” In the words of the Electronic Frontier Foundation, CalECPA would require state law enforcement “to get a warrant before they can access electronic information about who we are, where we go, who we know, and what we do.” The California bill would apply only to California state officials. Thus, even if CalECPA passes, we will still need reform at the national level. Some will worry that a warrant requirement will stop police from accessing a cellphone or an email in an emergency. But the bill provides exceptions for emergencies, allowing police to access information without a warrant if they believe that “an emergency involving danger of death or serious physical injury to any person requires access.” Others will argue that we should trust the police to gather whatever information they need from whatever source they want.

Why HIPAA Matters: Medical ID Theft and the Human Cost of Health Privacy+Security Incidents

By Daniel Solove, LinkedIn,  Wednesday, September 02, 2015

For so many healthcare providers, HIPAA is a source of great aggravation. It's difficult. It's boring. It seems to consist of a lot of inconvenient and costly requirements. I believe that these attitudes about HIPAA are due to a failure to educate healthcare professionals about the reasons why HIPAA matters. HIPAA is not about doing all sorts of needless things for their own sake. It is about protecting patients.