Upcoming Lunch Seminar – Big Data Privacy: Business & Government Friday, October 25, 2013
UH breach affects 53,000, 07/07/2010, www.staradvertiser.com
University of Hawaii officials said yesterday that a hacker breached the security of a parking office computer server that contained personal information of 53,000 people.
Dave & Buster’s Settles FTC Charges it Failed to Protect Consumers’ Information, 3/23/10, www.databreaches.com
Entertainment operation Dave & Buster’s, Inc. has agreed to settle Federal Trade Commission charges that the company left consumers’ credit and debit card information vulnerable to hackers, resulting in several hundred thousand dollars in fraudulent charges.
The PII Problem: Privacy and a New Concept of Personally Identifiable Information, 12/06/2011_www.pogowasright.org_
Personally identifiable information (PII) is one of the most central concepts in information privacy regulation. The scope of privacy laws typically turns on whether PII is involved.
Reporters’ Roundtable: Who owns your online identity?, www.cnet.com
Today, we’re talking about identity. You own your identity, right? That’s why we talk about identity theft. Identity is clearly personal, and it can be stolen from us
12 reasons why we’re losing the identity theft battle, 09/14/2010, www.echanneline.com
1. Zero Liability has made consumers feel they have nothing to lose….
Heartland breach expenses pegged at $140M — so far, 5/10/2010, www.databreaches.net
The costs to Heartland Payment Systems Inc. from the massive data breach that it disclosed in January 2009 appear to be steadily adding up.
Ie: High Court orders Quinns to reveal passwords to receiver, 11/10/2012, www.pogowasright.org
In an interesting decision the High Court (Kelly J.) yesterday ordered that members of the Quinn family must provide passwords to personal email accounts and other information to the receiver appointed over their assets by the Irish Bank Resolution Corporation.
Government of Malta proposes inclusion of digital rights in Constitution, 10/11/2012, www.pogowasright.org
The government has presented a White Paper proposing the inclusion of digital rights in the Constitution as a means of introducing new rights to internet access, accessing information online, online freedom of expression, and the right to informational self-determination.
EU court: Social networks can’t be forced to monitor users, 02/16/2012, news.cnet.com
The European Union’s highest court says social networks cannot be forced to monitor users just to stop piracy.
FTC Welcomes a New Privacy System for the Movement of Consumer Data Between the United States and Other Economies in the Asia-Pacific Region, 11/16/2011, www.pogowasright.org
The Federal Trade Commission welcomed the approval by the forum on Asia-Pacific Economic Cooperation (APEC) of a new initiative to harmonize cross-border data privacy protection among members of APEC.
Where in the world are there data protection laws?, www.pogowasright.org, 10/30/2011
I stand in awe of how much some folks accomplish. Dave Banisar alerts me that he has updated the global map showing which countries have comprehensive data protection laws. The number is now up to 70.
Privacy commissioner of British Columbia issues guidelines on using social media for background checks, 10/14/2011, www.pogowasright.org
The Information and Privacy Commissioner of British Columbia has issued guidelines to assist organizations and public bodies using social media sites to conduct background checks of prospective employees, volunteers and candidates.
NZ privacy commissioner finds that physician properly mitigated harm following a breach, 09/18/2013, www.phprivacy.net
A doctor working in a suburban medical practice had his car broken into and bag stolen. The bag contained a USB stick holding the personal information of a number of patients, including the complainant.
PPR Releases Trust Framework© for Data Privacy, 04/03/2013, www.phiprivacy,net
Patient Privacy Rights (PPR) is pleased to announce the publication of its Privacy Trust Framework©, a set of 75+ auditable criteria based on 15 key privacy principles.
At long last, HHS unveils Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules, 01/17/2013, www.phiprivacy.net
The U.S. Department of Health and Human Services (HHS) moved forward today to strengthen the privacy and security protections for health information established under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
De-identifying protected health information: OCR issues long-awaited guidance=, 01/04/2013, www.lexocology.com
The HIPAA Privacy Rule is intended to protect individually identifiable health information by limiting its use and disclosure. But the Privacy Rule expressly permits the de-identification of that information, and in doing so recognizes the usefulness of that information for “secondary purposes” such as comparative effectiveness studies, policy assessment and life sciences research.
Data Breach Investigation | Due Process of Law, 11/30/2010, www.databreaches.net
The following is cross-posted from PHIprivacy.net:
In September, I posted an excerpt from a thought-provoking commentary by attorney Benjamin Wright. In discussing a fine levied against Lucile Salter Packard Hospital for late notification under California’s breach notification law, he had written, in part…
New Ponemon study: patient data inadequately protected, many hospitals do not notify patients of breaches, 11/09/2010, www.phiprivacy.net
The Ponemon Institute has released a new study sponsored by ID Experts, “Benchmark Study on Patient Privacy and Data Security.” The study examined hospitals’ patient privacy practices, breaches involving patient information, and compliance policies and activities.
Plaintiffs Bar Hit Hard by Recent CMIA Decision, 10/24/2013, www.phiprivacy.net
Insurers providing privacy liability coverage were collectively breathing a sigh of relief last week given a decision from the California Court of Appeals.
Google Wins Lawsuit Dismissal, 10/09/2013, www.bloomberg.com
Google Inc. (GOOG) won dismissal of a lawsuit alleging it violated computer users’ rights by slipping electronic “cookies” into their Web browsers to facilitate placement of advertising.
Governor Brown signs AB-370 into law; site operators must disclose how they handle “do-not-track” requests, 09/27/2013, www.pogowasright.org
It’s been a good day for consumers in California. Governor Brown signed SB-46 into law, expanding business’s data breach notification obligations to consumers whose online account data has been breached.
FBI Drones Flew Since 2006, Audit Says, 09/27/2013, www.pogowasright.org
The FBI has been deploying unmanned aircraft for domestic surveillance for seven years, though the agency first acknowledged their use in July, the Justice Department’s inspector general reported Thursday.
EPIC – Foreign Intelligence Court Releases Controversial Opinion on Domestic Telephone Records Program, 09/21/2013, www.bespacific.com
“The Foreign Intelligence Surveillance Court (FISC) has released an Opinion, justifying the NSA’s telephone record collection program. In the Opinion, Judge Claire Eagan states that “there is no Fourth Amendment impediment to the collection” of all domestic call detail records.
EFF – Data Broker Acxiom Launches Transparency Tool, But Consumers Still Lack Control, 09/12/2013, www.bespacific.com
EFF: “Acxiom, a data broker that collects 1,500 data points per person on over 700 million consumers total and sells analysis of such information, is trying to ward off federal privacy regulations by flaunting transparency—a diluted term, in this case—around user data.
Threat to Privacy Found in Auto Insurance ‘Pay as You Drive’ Programs, 09/11/2013, www.pogowasright.org
Yes, those “pay as you drive” programs used by insurance companies to record your driving habits sometimes can be used to accurately infer your destination — a long-time concern of privacy advocates
The OECD Heralds the Arrival of the Privacy Profession, 09/09/2013, www.privacyassociation.org
Fifth Circuit Court of Appeals reverses dismissal of negligence claims against Heartland Payment Systems, 09/04/2013, www.databreaches
It seems it isn’t all over for a lawsuit by nine financial institutions against Heartland Payment Systems following a mammoth breach disclosed in January 2009. The Fifth Circuit Court of Appeals reversed the district court’s dismissal of negligence claims and remanded.
Second Circuit Suggests That the Plain View Exception Should Be Applied More Narrowly to Digital Searches, 06/25/2013, www.volokh.com
As regular readers know, I am very interested in the scope of the plain view exception for computer searches. In physical searches, if the government comes across evidence unrelated to the search it is lawfully conducting, the government can seize that evidence as long as its incriminating nature is immediately apparent.
Verizon providing all call records to U.S. under court order, 06/24/2013, www.washingtonpost.com
The National Security Agency appears to be collecting the telephone records of tens of millions of American customers of Verizon, one of the nation’s largest phone companies, under a top-secret court order issued in April.
Commentary – Why Privacy Matters Even if You Have ‘Nothing to Hide’, 06/07/2013, www.bespacific.com
Most attempts to understand privacy do so by attempting to locate its essence—its core characteristics or the common denominator that links together the various things we classify under the rubric of “privacy.”
New directives on border searches of electronic media, 09/27/09, www.pogowasright.org
Department of Homeland Security (DHS) Secretary Janet Napolitano today announced new directives to enhance and clarify oversight for searches of computers and other electronic media at U.S. ports of entry.
In Warrantless Wiretapping Case, Obama DOJ’s New Arguments Are Worse Than Bush’s, 4/09/09, www.pogowasright.org
Friday evening, in a motion to dismiss Jewel v. NSA, EFF’s litigation against the National Security Agency for the warrantless wiretapping of countless Americans, the Obama Administration’s made two deeply troubling arguments.
A First Principles Approach to Communications’ Privacy, 5/17/08, www.pogowasright.org
Under current doctrine, parties to a communication enjoy robust constitutional protection against government surveillance…
California passes legislation to protect college students’ social media privacy, 08/21/2012, www.pogowasright.org
California’s Senate on Tuesday unanimously approved legislation to bar colleges and universities from requiring students to provide administrators with access to theirsocial media usernames and passwords. Governor Jerry Brown now must sign or veto the bill by Sept. 30.
FTC Advises Parents How to Protect Kids’ Personal Information at School, 08/15/2012, www.bespacific.com
A new school year usually means filling out paperwork like registration forms, health forms, and emergency contact forms, to name a few. The Federal Trade Commission wants parents to know that many school forms require personal and sensitive information that, in the wrong hands, could be used to commit fraud in their child’s name.
Stepping Into the Breach, 10/25/2011, www.campustechnology.com
If you think your institution is immune to a security breach, perhaps you should have a chat with Brian Rust at the University of Wisconsin-Madison.
Student loan company: Data on 3.3M people stolen, 3/27/10, www.databreaches.net
A company that guarantees federal student loans said Friday that personal data on about 3.3 million people nationwide has been stolen from its headquarters in Minnesota.