The Privacy Foundation at the University of Denver Sturm College of Law

in conjunction with the International Association of Privacy Professionals (IAPP)


Privacy Law and Data Brokers, Friday, April 3, 2015

10:00 am – 1:00 pm

Followed by lunch in Room 412

Financial Privacy

Hackers Steal Credit Card Data From Up to 40 Million Target Customers, 12/19/2013,
Cybercriminals have hit retail store Target with a massive data breach that may have affected 40 million of customers’ credit and debit cards accounts. The breach started around Black Friday, the busiest shopping day of the year in America, and has reportedly affected roughly 40,000 card devices at registers in Target locations around the country. … In its press release acknowledging the breach, Target said “40 million credit and debit card accounts may have been impacted between Nov. 27 and Dec. 15, 2013.”

Identity Theft

The PII Problem: Privacy and a New Concept of Personally Identifiable Information, 12/06/2011_www.pogowasright.org_
Personally identifiable information (PII) is one of the most central concepts in information privacy regulation. The scope of privacy laws typically turns on whether PII is involved.

Reporters’ Roundtable: Who owns your online identity?, 02/11/2011,
Today, we’re talking about identity. You own your identity, right? That’s why we talk about identity theft. Identity is clearly personal, and it can be stolen from us

12 reasons why we’re losing the identity theft battle, 09/14/2010,
1. Zero Liability has made consumers feel they have nothing to lose….

Heartland breach expenses pegged at $140M — so far, 5/10/2010,
The costs to Heartland Payment Systems Inc. from the massive data breach that it disclosed in January 2009 appear to be steadily adding up.

International Privacy

FTC Settles with Twelve Companies Falsely Claiming to Comply with International Safe Harbor Privacy Framework, 01/21/2014,
Twelve U.S. businesses have agreed to settle Federal Trade Commission charges that they falsely claimed they were abiding by an international privacy framework known as the U.S.-EU Safe Harbor that enables U.S. companies to transfer consumer data from the European Union to the United States in compliance with EU law.

Ie: High Court orders Quinns to reveal passwords to receiver, 11/10/2012,
In an interesting decision the High Court (Kelly J.) yesterday ordered that members of the Quinn family must provide passwords to personal email accounts and other information to the receiver appointed over their assets by the Irish Bank Resolution Corporation.

Government of Malta proposes inclusion of digital rights in Constitution, 10/11/2012,
The government has presented a White Paper proposing the inclusion of digital rights in the Constitution as a means of introducing new rights to internet access, accessing information online, online freedom of expression, and the right to informational self-determination.

EU court: Social networks can’t be forced to monitor users, 02/16/2012,
The European Union’s highest court says social networks cannot be forced to monitor users just to stop piracy.

FTC Welcomes a New Privacy System for the Movement of Consumer Data Between the United States and Other Economies in the Asia-Pacific Region, 11/16/2011,
The Federal Trade Commission welcomed the approval by the forum on Asia-Pacific Economic Cooperation (APEC) of a new initiative to harmonize cross-border data privacy protection among members of APEC.

Where in the world are there data protection laws?,, 10/30/2011
I stand in awe of how much some folks accomplish. Dave Banisar alerts me that he has updated the global map showing which countries have comprehensive data protection laws. The number is now up to 70.

Privacy commissioner of British Columbia issues guidelines on using social media for background checks, 10/14/2011,
The Information and Privacy Commissioner of British Columbia has issued guidelines to assist organizations and public bodies using social media sites to conduct background checks of prospective employees, volunteers and candidates.

Medical Patient Security

The Latest Privacy Risk? Looking Up Medical And Drug Information Online, 02/24/2015,
Neil Ungerleider reports: If you have cancer, HIV, diabetes, lupus, depression, heart disease—or you simply look up health-related information online—advertisers are watching you. A new paper on what happens when users search for health information online shows that some of our most sensitive internet searches aren’t as anonymous as we might think.

A new sheriff in town: Federal Trade Commission enforcement of medical information security=, 09/17/2014,
A recent court decision found that the Federal Trade Commission (FTC) has authority to enforce the requirements for security of Protected Health Information, or PHI, as defined under the Health Information Portability and Accountability Act (HIPAA), against a defense asserted that the FTC has no authority under that statute.

Fourth Annual Benchmark Study on Patient Privacy and Data Security, 3/22/2014,
Ponemon Institute: “…we are releasing our Fourth Annual Benchmark Study on Patient Privacy and Data Security. We hope you will read the report sponsored by ID Experts that reveals some fascinating trends. Specifically, criminal attacks on healthcare systems have risen a startling 100 percent since we first conducted the study in 2010. This year, we found the number and size of data breaches has declined somewhat. Employee negligence is a major risk and is being fueled by BYOD.”

Data Broker Removes Rape-Victims List After Journal Inquiry, 12/19/2013,
If you missed Senator Rockefeller’s hearing on data brokers yesterday, Pam Dixon of the World Privacy Forum made a powerful point in her opening statement about how data brokers have no shame. She cited the fact that brokers were selling lists of rape victims’ names for 7.9 cents per name.

Other Privacy Concerns"

Samsung warns people about discussing ‘sensitive information’ in front of their SmartTV, 02/09/2015,
Samsung’s new SmartTV has a cool new voice-command feature, through which the internet-connected device could record everything you say and transmit it to a third party, The Daily Beast writes.

Article: ‘The Fourth Amendment and the Global Internet’ — the final version, 02/07/2015,
I’m pleased to note the publication of my article, The Fourth Amendment and the Global Internet, 67 Stan. L. Rev. 285 (2015).

CDT Letter on Body Cameras to the Task Force on 21st Century Policing, 02/04/2015,
“The Center for Democracy & Technology (CDT) provided recommendations related to body-worn cameras in response to the Task Force on 21st Century Policing consideration of the issue and request for public comment.

Internet of Things report released by the FTC= , 01/28/2015,
The Federal Trade Commission (FTC) yesterday released its staff report on the Internet of Things (IoT).

It’s Data Privacy Day 2015!, 01/28/2015,
It’s Data Privacy Day 2015, and Dave Piscitello (@SecuritySkeptic) compiled his reading list, which he has kindly shared with this site…

Intel CEO shows off wrist-worn drone, pledges to employ more women, 01/07/2015,
Chief Executive Brian Krzanich demonstrated a tiny computer built into the button of his jacket and a wristband that was capable of transforming into a flying camera at the 2015 Consumer Electronics Show in Las Vegas on Tuesday.

Why Microsoft, Apple, Fox News and NPR Are Suddenly Working Together, 12/16/2014,
It’s not every day you see Microsoft and Apple or Fox News and NPR going to bat for the same team — but that’s exactly what’s happening now, in a case that could have big consequences for American tech and media companies.

Cell phones exempt from the automobile search exception, Ninth Circuit rules, 12/12/2014,,
With law school exam season finishing up, here’s a new Fourth Amendment decision with facts that seem straight from a law school exam: United States v. Camou, authored by Judge Pregerson. In the new decision, the Ninth Circuit suppressed evidence from a 2009 search of a cell phone taken from a car incident to arrest at the border.

Firefox 10-Year Anniversary Release Focuses on Privacy, 11/11/2014,
The Mozilla Foundation announced the worldwide availability of Firefox 1.0 on November 9, 2004. The application has come a long way since then, becoming one of the top three most popular Web browsers.

A Brief History of the Internet of Things, 09/24/2014,
Over the last few years, the Internet of things has evolved from an intriguing concept into an increasingly sophisticated network of devices and machines.

The Internet of Things for Cars: What Will it Mean for Insurance?, 08/12/2014,
Imagine, for a moment, a world in which vending machines restock themselves. A world in which your wallet, via a Bluetooth signal, beeps at your phone if you leave it behind at a restaurant.

Privacy Homeland Security

New directives on border searches of electronic media, 09/27/09,
Department of Homeland Security (DHS) Secretary Janet Napolitano today announced new directives to enhance and clarify oversight for searches of computers and other electronic media at U.S. ports of entry.

In Warrantless Wiretapping Case, Obama DOJ’s New Arguments Are Worse Than Bush’s, 4/09/09,
Friday evening, in a motion to dismiss Jewel v. NSA, EFF’s litigation against the National Security Agency for the warrantless wiretapping of countless Americans, the Obama Administration’s made two deeply troubling arguments.

A First Principles Approach to Communications’ Privacy, 5/17/08,
Under current doctrine, parties to a communication enjoy robust constitutional protection against government surveillance…

Student Privacy

Why Schools Are Flunking Privacy and How They Can Improve, 12/16/2012,
Fordham School of Law’s Center on Law and Information Policy (CLIP), headed by Joel Reidenberg, has released an eye-opening and sobering study of how public schools are handling privacy issues with regard to cloud computing. The study is called Privacy and Cloud Computing in Public Schools, and it is well worth a read.

California passes legislation to protect college students’ social media privacy, 08/21/2012,
California’s Senate on Tuesday unanimously approved legislation to bar colleges and universities from requiring students to provide administrators with access to theirsocial media usernames and passwords. Governor Jerry Brown now must sign or veto the bill by Sept. 30.

FTC Advises Parents How to Protect Kids’ Personal Information at School, 08/15/2012,
A new school year usually means filling out paperwork like registration forms, health forms, and emergency contact forms, to name a few. The Federal Trade Commission wants parents to know that many school forms require personal and sensitive information that, in the wrong hands, could be used to commit fraud in their child’s name.

Stepping Into the Breach, 10/25/2011,
If you think your institution is immune to a security breach, perhaps you should have a chat with Brian Rust at the University of Wisconsin-Madison.

Student loan company: Data on 3.3M people stolen, 3/27/10,
A company that guarantees federal student loans said Friday that personal data on about 3.3 million people nationwide has been stolen from its headquarters in Minnesota.

Workplace Privacy

If you have information that would be of interest to the Privacy Foundation, please contact us at .(JavaScript must be enabled to view this email address)

Privacy Law and Data Brokers