Posted in May 2013


A Brave New World Demands Brave New Thinking

By Phil Lee, CIPP/E, CIPM

Much has been said in the past few weeks and months about Google Glass, Google’s latest innovation that will see it shortly launch Internet-connected glasses with a small computer display in the corner of one lens that is visible to, and voice-controlled by, the wearer. The proposed launch capabilities of the device itself are—in pure computing terms—actually relatively modest: the ability to search the web, bring up maps, take photographs and video and share to social media.

So far, so iPhone.

But, because users wear and interact with Google Glass wherever they go, they will have a depth of relationship with their device that far exceeds any previous relationship between man and computer.

More from Phil Lee


What I’m Hearing Out on the Rue

A variety of client and professional meetings in France and Belgium have me here for an extended stay. I have heard many interesting things about privacy/data protection issues. So here is what I am hearing “out on the Rue.”

More from Christopher Wolf

From the Toolbelt

What Should You Do If You Receive an Investigatory Letter From the OCR?


Opening mail still carries the potential of discovering a treasure. Unfortunately for many organizations, the envelope may contain unpleasant information, namely an investigatory letter from the Office for Civil Rights (OCR), the entity that enforces the Health Insurance Portability and Accountability Act (HIPAA).

More from K Royal



In early January, 2013, over half a million young Canada professionals awoke to discover—via online newspaper or blog most likely—that the personal information they handed over to the government as part of their university student loan application had been compromised.  Human Resources and Skills Development Canada (HRSDC) admitted that anyone who was a client of the Canada Student Loans programs from 2000 to 2006 was at risk. More recently, in April 2013, the Investment Industry Regulatory Organization (IIROC) admitted that the personal information of 52,000 clients from dozens of investment firms had equally been compromised. In both cases massive reputational damage and high-profile lawsuits has ensued.

How did this happen, you might wonder? 

More from Daniel Horovitz


The Transatlantic Divide Over Data Privacy Rights

The following exchange occurred during a conversation between a representative of a U.S. technology company and a European data protection authority (DPA):

Company representative: Your data protection law is making it impossible for us to offer our technology in Europe!

DPA: It is your technology that has to adapt to our legal system, not the other way around!

The question of whether legal requirements should determine how technology and business models are structured, or whether the law should bend to technological and business imperatives, is at the root of the many of the differences between the EU and U.S. approaches to data privacy. And the differing status of privacy as a constitutional or human right underlies how this question is dealt with in the two systems.

More from Christopher Kuner


The Art of Turning Discarded Chewing Gum Into Your Portrait

By Jedidiah Bracy, CIPP/US, CIPP/E

Think of how much of ourselves we leave behind in public: A piece of chewing gum here. A strand of hair there. For smokers, perhaps a littered cigarette butt.

No big deal, right? Well, maybe the littering…

But what if someone could take your mundane, discarded items—filled with tiny strands of DNA—and turn them into a portrait of you?

More from Jedidiah Bracy


“Going Dark” vs. “Going Secure” New CDT Experts’ Report on CALEA II

By Peter Swire, CIPP/US

According to press reports, the FBI is close to persuading the rest of the Obama administration to support major changes to the Communications Assistance to Law Enforcement Act of 1994 (CALEA).  A major new report of technical experts released this week concludes: “Requiring software vendors to build intercept functionality into their products is unwise and will be ineffective, with the result being serious consequences for the economic well-being and national security of the U.S.”

Until now, CALEA has applied to telephone services and software and has required that they be “wiretap ready,” so that a wiretap court order can be carried out successfully. Under the new proposal, this “wiretap ready” requirement would apply far more broadly, to peer-to-peer VoIP (voice over Internet protocol) systems—the many types of software and services that allow direct, peer-to-peer communication.  Examples range from instant messaging and chat to Skype to Google Hangouts to Xbox Live.

More from Peter Swire