Privacy

Adopting cloud computing can mean entrusting data to a third-party vendor. For agencies responsible for personally identifiable information or mission-critical applications, this raises a host of privacy concerns, chief among them the issue of data sovereignty and the question of determining appropriate government and commercial uses of private citizens’ data. This section of the SafeGov.org site analyzes the risks to privacy associated with cloud adoption and explores ongoing means to mitigate them.

How Should the Law Handle Privacy and Data Security Harms? (Part Four)

Daniel J. Solove by Daniel Solove, TeachPrivacy
Tuesday, July 22, 2014

In this post, I will discuss how the law should handle privacy and security harms. One potential solution is for the law to have statutory damages – a set minimum amount of damages for privacy/security violations. A few privacy statutes have them, such as the Electronic Communications Privacy Act (ECPA). The nice thing about statutory damage provisions is that they obviate the need to prove harm. Victims can often prove additional harm above the fixed amount, but if they can’t, they can still get the fixed amount.

Data Brokers, Cloud Providers, and Responsible Use

Paul Rosenzweig by Paul Rosenzweig, The Chertoff Group
Wednesday, July 16, 2014

Data brokers may soon become the pariahs of cyberspace if they don’t adopt principles of “responsible use.” And, if cloud service providers don’t watch out, they risk becoming tarred with the same brush.

Do Privacy Violations and Data Breaches Cause Harm? (Part Three)

Daniel J. Solove by Daniel Solove, TeachPrivacy
Tuesday, July 08, 2014

In this post, I want to explore two issues that frequently emerge in privacy and data security cases: (a) the future risk of harm; and (b) individual vs. social harm.

Why the Law Often Doesn’t Recognize Privacy and Data Security Harms (Part Two)

Daniel J. Solove by Daniel Solove, TeachPrivacy
Tuesday, July 01, 2014

In my previous post, I explained how the law is struggling to deal with privacy and data security harms. In this post, I will explore why. One of the challenges with data harms is that they are often created by the aggregation of many dispersed actors over a long period of time.

Privacy and Data Security Violations: What’s the Harm? (Part One)

Daniel J. Solove by Daniel Solove, TeachPrivacy
Tuesday, June 24, 2014

Courts have struggled greatly with the issue of harms for data violations, and not much progress has been made. We desperately need a better understanding and approach to these harms. I am going to explore the issue and explain why it is so difficult. Both theoretical and practical considerations are intertwined here, and there is tremendous incoherence in the law as well as fogginess in thinking about the issue of data harms. I have a lot to say here and will tackle the issue in a series of posts. In this post, I will focus on how courts currently approach privacy/security harm.

Google’s Admission to Data Mining of Student and Government Emails Demands Further Scrutiny

Jeff Gould by Jeff Gould, SafeGov.org
Thursday, May 15, 2014

In a surprise announcement on April 30, 2014, Google announced on its company blog that it would no longer “collect or use student data in Apps for Education services for advertising purposes.” Google also noted that it would make similar changes to its Google Apps for Government products. This announcement suggests that Google has been scanning, storing and monetizing student, business and government emails for years, which raises concerns about Google’s past privacy practices and their future policies. This is a significant violation of the trust placed in the company by the schools and government agencies who signed contracts with the assurance that there would be “no ad-related scanning or processing” in Google Apps – language that Google once noted on their website.

Trust But Verify Big Datamining Claims

H. Bryan Cunningham by Bryan Cunningham, Cunningham Levy LLP
Thursday, May 08, 2014

Much has been written in recent years about the benefits and risks of “free” cloud services monetized by providers mining the private data of users. These risks are particularly acute in some government cases, e.g., education applications mining the data of students, and applications used by law enforcement and national security agencies. I, along with others, have recommended that government entities include clauses in contracts with cloud providers prohibiting data mining. Some governmental contracting authorities have embraced this remedy.

Big Data and Our Children’s Future: On Reforming FERPA

Daniel J. Solove by Daniel Solove, TeachPrivacy
Tuesday, May 06, 2014

Last week, the White House released its report, Big Data: Seizing Opportunities, Preserving Values. My reaction to it is mixed. The report mentions some concerns about privacy with Big Data and suggests some reforms, but everything is stated so mildly, in a way designed to please everyone. The report is painted in pastels; it finesses the hard issues and leaves specifics for another day. So it is a step forward, which is good, but it is a very small step, like a child on a beach reluctantly dipping a toe into ocean.

Why Did inBloom Die? A Hard Lesson About Education Privacy

Daniel J. Solove by Daniel Solove, TeachPrivacy
Monday, April 28, 2014

For any organization who doesn't take privacy seriously, the demise of inBoom should be a loud wake up call. Funded by $100 million from the Gates Foundation, inBloom was a non-profit organization aiming to store student data so that school officials and teachers could use it to learn about their students and how to more effectively teach them and improve their performance in school. Who would have thought that a project with so much funding and promise would be shutting down just a few years after its creation? What went wrong?

The Dangers of Apps

Mary DeRosa by Mary DeRosa, The Chertoff Group
Monday, April 28, 2014

The explosion of smartphones and their apps has improved lives in many ways: greater convenience, more information, and far less boredom, to name a few. But the dangers of apps are beginning to get more attention. Apps access massive amounts of personal data, but they lag far behind other technologies when it comes to protection of privacy and data security.